[lug] Spam solutions

Steve Webb steve at badcheese.com
Mon Jan 22 10:34:30 MST 2007 

My company's rejected email actually has fallen off since around mid-Dec:

http://mail.pronto.com/mrtg/mail.rejected-year.png
(chart is based on RTBL rejection only).

I use: sendmail -> RTBL -> bogofilter -> spamassassin -> inbox

I put bogofilter before spamassassin because it's less resource-intensive 
and it's actually one of the better filters that I've found.  I've got 
about 50 users on my server and it seems to catch almost everything pretty 
well.

* RTBL catches most of the old-timer "known" spammers by IP (these are 
going away quickly though)
* bogofilter is good at catching the Stock-pumping stuff (if trained to do 
so), nigerian email and the random words to try to confuse your baysean 
filter that email from this account is good.
* spamassassin is only good if kept patched - it seems to be the popular 
one to use, so most of the spammers write stuff to get around spamassassin 
first.

I set up two email addresses on my server so that users can bounce false 
positives or false negatives through the system and it'll train bogofilter 
at a system-wide level so one user can train the whole system (like 
gmail).

Using these three together, I get about 1-2 spam emails every couple of 
weeks, and a couple of false positives every couple of week, but it's nice 
and quiet now and that's what email's supposed to be like.  :)

- Steve

On Sun, 21 Jan 2007, Collins Richey wrote:

> Date: Sun, 21 Jan 2007 10:56:15 -0700
> From: Collins Richey <crichey at gmail.com>
> Reply-To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
>     <lug at lug.boulder.co.us>
> To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
>     <lug at lug.boulder.co.us>
> Subject: Re: [lug] Spam solutions
> 
> On 1/21/07, Daniel Webb <lists at danielwebb.us> wrote:
>> On Sat, Jan 20, 2007 at 09:59:18PM -0700, Collins Richey wrote:
>> 
>> > In a word, yes. End of November spammers took a break - only 10-15 per
>> > day, then the gates of hell opened. Fortunately, I use gmail, and it
>> > only takes 2 clicks to whack them all. I've only ever seen 1-2 false
>> > hits every three months, and all of those are for this list!!!
>> > Something about Boulder and lug in conjunction with the usual spamming
>> > words triggers a hit <grin>.
>> >
>> > I wouldn't run my own mailer for all the tea in China.
>> 
>> There's certainly nothing irrational about that sentiment from what I've 
>> seen.
>> It takes a certain kind of nerdy masochism to run any kind of server 
>> yourself
>> I think, but especially mail servers.
>> 
>> One thing I have found odd, though, is that even though I signed up for a
>> gmail account early on and have used it for almost nothing, there is a 
>> massive
>> amount of spam directed to it.
>
> Spam has increased tremendously since three years ago, but I got
> proportionately just as much spam on my previous Comcast isp account.
> I had a brief respite on gmail before I was discovered there.
>
> Where's the UN when you need them? What we need is international
> troops to go in and wipe out the spammers wherever they're found
> <grin>.
>
>
>

-- 
EMAIL: (h) steve at badcheese.com  WEB: http://badcheese.com/~steve

More information about the LUG mailing list