Re: Any way to block really bad SPAMs?
Kelson wrote: Keith Whyte wrote: i send viruses to /dev/null but i bounce spam, partly in the vain hope that some spammers might actually back off after multiple failures, and mainly in case of false positives, so that the sender knows the message wasn't delivered. And just to stave off the potential "don't bounce spam!" arguments, in MIMEDefang-speak, "bounce" means "reject during the SMTP transaction," not "accept, then generate a bounce notice and send it to the supposed sender." thanks Kelson, for the clarification. I should have said: i reject spam..
Re: Any way to block really bad SPAMs?
Steven Stern wrote: > If you can get away with the delay, greylisting does an amazing job. I get > almost no spams with it enabled. Unfortunately, even though it's sent to > request a retry after 30 seconds from the sender, some senders can take up to > three hours before retrying. At SMTP time there is no request to retry after 30 seconds. It is either an accept, a soft failure or a hard failure. Those are the options. The SMTP sender has no knowledge of your greylisting and so won't know if it would succeed after 30 seconds, an hour or five days. Sending SMTP daemons retry on their own schedule. Usually that is every 30 minutes. But some very busy sites will put the mail in a deferred queue where it might sit for much longer. And of course there are the just plain misconfigured sites and plain broken software. But generally greylisting works well. Bob
Re: Any way to block really bad SPAMs?
On 01/03/05 03:16 PM, Kelson sat at the `puter and typed: > Keith Whyte wrote: > > i send viruses to /dev/null but i bounce spam, partly in the vain hope > > that some spammers might actually back off after multiple failures, and > > mainly in case of false positives, so that the sender knows the message > > wasn't delivered. > > > > you have total control via configuration of the mimedefang filter. > > And just to stave off the potential "don't bounce spam!" arguments, in > MIMEDefang-speak, "bounce" means "reject during the SMTP transaction," > not "accept, then generate a bounce notice and send it to the supposed > sender." Yeah, Thanks a lot Barracuda! :| -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Ralph's Observation: It is a mistake to let any mechanical object realise that you are in a hurry.
Re: Any way to block really bad SPAMs?
Keith Whyte wrote: i send viruses to /dev/null but i bounce spam, partly in the vain hope that some spammers might actually back off after multiple failures, and mainly in case of false positives, so that the sender knows the message wasn't delivered. > > you have total control via configuration of the mimedefang filter. And just to stave off the potential "don't bounce spam!" arguments, in MIMEDefang-speak, "bounce" means "reject during the SMTP transaction," not "accept, then generate a bounce notice and send it to the supposed sender." -- Kelson Vibber SpeedGate Communications
RE: Any way to block really bad SPAMs?
On Mon, 3 Jan 2005, Gustafson, Tim wrote:
> David,
>
> I found that option and tried it, but here's what I get now when I run
> spamass-milter:
>
> Jan 3 22:16:09 maze spamass-milter[56478]: Could not extract score from
> J_CHICKENPOX_41,SARE_URI_PILLS autolearn=no version=2.64>
>
> Any ideas?
Yes, update your spamass-milter to the newest version. (You may have
to get the CVS version to get the fix).
When you enable the '-r' reject option spamass-milter "looks" at the
message returned from spamd to try to find the score. It gives that
error message when it cannot understand the spamd output.
Some versions of spamd give "score=m.n" others "hits=m.n" and
the newest version of spamass-milter looks for both. Evidently
the version that you have doesn't understand "hits=m.n"
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
RE: Any way to block really bad SPAMs?
David,
I found that option and tried it, but here's what I get now when I run
spamass-milter:
Jan 3 22:16:09 maze spamass-milter[56478]: Could not extract score from
Any ideas?
Tim Gustafson
MEI Technology Consulting, Inc
[EMAIL PROTECTED]
(516) 379-0001 Office
(516) 480-1870 Mobile/Emergencies
(516) 908-4185 Fax
http://www.meitech.com/
-Original Message-
From: David B Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, January 03, 2005 5:20 PM
To: Gustafson, Tim
Cc: users@spamassassin.apache.org
Subject: RE: Any way to block really bad SPAMs?
On Mon, 3 Jan 2005, Gustafson, Tim wrote:
> Thanks for all the help everyone. I guess the real question for me is
> "how do I make spamass-milter block e-mails of a certain score",
because
> that's how I integrate SpamAssassin into Sendmail.
>
> Thanks again!
>
> Tim Gustafson
Add the "-r 15" flag to your spamass-milter command line. That will
tell it to make sendmail reject (with a SMTP 550 error) any spam
that scores more than 15 points (adjust score value to your taste).
Any spam that scores more than your 'tag' threshold but less than
the 'reject' threshold will be tagged but still delivered.
See the spamass-milter man page for more details.
We tag at 6 and reject at 20 but I run a bunch of additional local
rules to push up spam scores.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
smime.p7s
Description: S/MIME cryptographic signature
RE: Any way to block really bad SPAMs?
On Mon, 3 Jan 2005, Gustafson, Tim wrote:
> Thanks for all the help everyone. I guess the real question for me is
> "how do I make spamass-milter block e-mails of a certain score", because
> that's how I integrate SpamAssassin into Sendmail.
>
> Thanks again!
>
> Tim Gustafson
Add the "-r 15" flag to your spamass-milter command line. That will
tell it to make sendmail reject (with a SMTP 550 error) any spam
that scores more than 15 points (adjust score value to your taste).
Any spam that scores more than your 'tag' threshold but less than
the 'reject' threshold will be tagged but still delivered.
See the spamass-milter man page for more details.
We tag at 6 and reject at 20 but I run a bunch of additional local
rules to push up spam scores.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
RE: Any way to block really bad SPAMs?
On Mon, 3 Jan 2005 16:45:41 -0500, "Gustafson, Tim" <[EMAIL PROTECTED]> said: > Thanks for all the help everyone. I guess the real question for me is > "how do I make spamass-milter block e-mails of a certain score", because > that's how I integrate SpamAssassin into Sendmail. I don't use spamass-milter, so I can't vouch for how well it works, but a quick Google search revealed that using the "-r" command-line option to spamass-milter in the /etc/init.d script will set the rejection level. -- snowjack(a)fastmail.fm
Re: Any way to block really bad SPAMs?
Steven Stern <[EMAIL PROTECTED]> wrote on 01/03/2005 03:50:22 PM: > On Mon, 3 Jan 2005 16:45:41 -0500, "Gustafson, Tim" <[EMAIL PROTECTED]> wrote: > > >Thanks for all the help everyone. I guess the real question for me is > >"how do I make spamass-milter block e-mails of a certain score", because > >that's how I integrate SpamAssassin into Sendmail. > > > >Thanks again! > > > > Tim: > > Look at this milter, milter-spamc: > > http://www.milter.info/milter-spamc/index.shtml > > See the -d parameter > -- > Steve > Yep, that's the one I use as well. It's small, easy to install, easy to configure, works quite well. We reject anything that is 15 points above our spam threshold. Andy
Re: Any way to block really bad SPAMs?
On Mon, 03 Jan 2005 13:47:44 -0800, [EMAIL PROTECTED] wrote: >By the way, we reject messages that score above 10 with a 550. We found >that almost 95% of spam scores over 10, and almost zero ham scores above >five. Messages scoring between 5 and 10 are accepted, tagged, and >relayed to their recipient. We definitely don't frown on rejecting >messages with high scores. I believe rejecting most spam with a 550 at >the internet gateway has been responsible for the amount of spam >addressed to our domain dropping by over 50% since we started rejecting >in March 2004. We have not had a single complaint from our users, even >about any false positives in the 5-10 range tagged by SA. > >I posted earlier today about a recent 25% drop over the past month. In >January 2004 we averaged more than 200,000 messages a week, over 90% >spam. Last week we got 80,000 messages. Some people suggested that it >was due to the holidays, but it was a fairly steady decline starting in >late November, so it may have been something else. I hope it doesn't >ramp up again, but who knows, maybe it was the holidays after all. I'll >post an update next week unless anyone objects. If you can get away with the delay, greylisting does an amazing job. I get almost no spams with it enabled. Unfortunately, even though it's sent to request a retry after 30 seconds from the sender, some senders can take up to three hours before retrying. -- Steve
Re: Any way to block really bad SPAMs?
Gustafson, Tim wrote: Hello I know that it's generally frowned upon to actually "block" SPAMs (as opposed to marking them as SPAM and letting the user decide) but my company has some instances where we get things that are blatantly, absolutely, unequivocally SPAM (think scores in excess of 100 points without BAYES or any white/blacklisting) and I wonder if there is a way I can configure SpamAssassin to actually block (as in, return a 550 SMTP error code) SPAMs that exceed some ludicrous SPAM score? Does such an option exist? If not, might it be useful for the community at large? Tim, I've been doing this for 2 years with Mimedefang and sendmail. sendmail passes the message to mimedefang, which scans it with clamd and then passes it to spamassassin. spamassassin returns the score and based on this mimedefang can accept, reject or quietly send the message to /dev/null. (or many other things) i send viruses to /dev/null but i bounce spam, partly in the vain hope that some spammers might actually back off after multiple failures, and mainly in case of false positives, so that the sender knows the message wasn't delivered. you have total control via configuration of the mimedefang filter. i have to say it's a bit of a pain to setup and test, especially on a production server, best would be if you can set it up on a test box first and play with it. there are a lot of steps and various perl modules and programs you need to compile and install, but there are plenty of faqs out there. qmail-scanner might be easier, i dunno i haven't installed it yet. if you are going to go for it with MD, start here: http://www.mickeyhill.com/mimedefang-howto/ also http://www.mimedefang.org cheers, Keith.
Re: Any way to block really bad SPAMs?
On Mon, 3 Jan 2005 16:45:41 -0500, "Gustafson, Tim" <[EMAIL PROTECTED]> wrote: >Thanks for all the help everyone. I guess the real question for me is >"how do I make spamass-milter block e-mails of a certain score", because >that's how I integrate SpamAssassin into Sendmail. > >Thanks again! > Tim: Look at this milter, milter-spamc: http://www.milter.info/milter-spamc/index.shtml See the -d parameter -- Steve
Re: Any way to block really bad SPAMs?
Gustafson, Tim wrote: Hello I know that it's generally frowned upon to actually "block" SPAMs (as opposed to marking them as SPAM and letting the user decide) but my company has some instances where we get things that are blatantly, absolutely, unequivocally SPAM (think scores in excess of 100 points without BAYES or any white/blacklisting) and I wonder if there is a way I can configure SpamAssassin to actually block (as in, return a 550 SMTP error code) SPAMs that exceed some ludicrous SPAM score? Does such an option exist? If not, might it be useful for the community at large? You might consider looking at MailScanner (http://www.mailscanner.info) HTH Michele -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: Any way to block really bad SPAMs?
On Mon, 03 Jan 2005 13:09:02 -0800, [EMAIL PROTECTED] said: > On Mon, 3 Jan 2005 15:49:33 -0500, "Gustafson, Tim" <[EMAIL PROTECTED]> > said: > > Hello > > > > I know that it's generally frowned upon to actually "block" SPAMs (as > > opposed to marking them as SPAM and letting the user decide) but my > > company has some instances where we get things that are blatantly, > > absolutely, unequivocally SPAM (think scores in excess of 100 points > > without BAYES or any white/blacklisting) and I wonder if there is a way > > I can configure SpamAssassin to actually block (as in, return a 550 SMTP > > error code) SPAMs that exceed some ludicrous SPAM score? By the way, we reject messages that score above 10 with a 550. We found that almost 95% of spam scores over 10, and almost zero ham scores above five. Messages scoring between 5 and 10 are accepted, tagged, and relayed to their recipient. We definitely don't frown on rejecting messages with high scores. I believe rejecting most spam with a 550 at the internet gateway has been responsible for the amount of spam addressed to our domain dropping by over 50% since we started rejecting in March 2004. We have not had a single complaint from our users, even about any false positives in the 5-10 range tagged by SA. I posted earlier today about a recent 25% drop over the past month. In January 2004 we averaged more than 200,000 messages a week, over 90% spam. Last week we got 80,000 messages. Some people suggested that it was due to the holidays, but it was a fairly steady decline starting in late November, so it may have been something else. I hope it doesn't ramp up again, but who knows, maybe it was the holidays after all. I'll post an update next week unless anyone objects. -- snowjack(a)fastmail.fm
RE: Any way to block really bad SPAMs?
Thanks for all the help everyone. I guess the real question for me is "how do I make spamass-milter block e-mails of a certain score", because that's how I integrate SpamAssassin into Sendmail. Thanks again! Tim Gustafson MEI Technology Consulting, Inc [EMAIL PROTECTED] (516) 379-0001 Office (516) 480-1870 Mobile/Emergencies (516) 908-4185 Fax http://www.meitech.com/ smime.p7s Description: S/MIME cryptographic signature
Re: Any way to block really bad SPAMs?
On Mon, 03 Jan 2005 12:53:21 -0800, Evan Platt <[EMAIL PROTECTED]> wrote: >At 12:49 PM 1/3/2005, you wrote: >>I know that it's generally frowned upon to actually "block" SPAMs (as >>opposed to marking them as SPAM and letting the user decide) but my >>company has some instances where we get things that are blatantly, >>absolutely, unequivocally SPAM (think scores in excess of 100 points >>without BAYES or any white/blacklisting) and I wonder if there is a way >>I can configure SpamAssassin to actually block (as in, return a 550 SMTP >>error code) SPAMs that exceed some ludicrous SPAM score? Does such an >>option exist? If not, might it be useful for the community at large? > > >No. Spamassassin cannot do any blocking or rejecting. > >Spamassassin is only a filter. > >You can probably configure your MUA via procmail or another method to >'reject' spam (bad idea), but SA cannot. > We use qmail and qmail-scanner with Spamassassin. The spam flag is set to Y at 5. If the score is greater than 10, qmail-scanner summarily deletes the message. -- Steve
Re: Any way to block really bad SPAMs?
On Mon, 3 Jan 2005 15:49:33 -0500, "Gustafson, Tim" <[EMAIL PROTECTED]> said: > Hello > > I know that it's generally frowned upon to actually "block" SPAMs (as > opposed to marking them as SPAM and letting the user decide) but my > company has some instances where we get things that are blatantly, > absolutely, unequivocally SPAM (think scores in excess of 100 points > without BAYES or any white/blacklisting) and I wonder if there is a way > I can configure SpamAssassin to actually block (as in, return a 550 SMTP > error code) SPAMs that exceed some ludicrous SPAM score? Does such an > option exist? If not, might it be useful for the community at large? Tim, No such option exists in SpamAssassin, because SpamAssassin isn't an SMTP engine; it doesn't participate in the SMTP dialog. But I think most MTA server software can be configured to return a 5XX based on the SA score. Some plugins that allow your MTA to talk to SpamAssassin can do this, some can't. You'll need to do some research based on which MTA software you're using. Here's a start: http://wiki.apache.org/spamassassin/IntegratedInMta -- snowjack(a)fastmail.fm
Re: Any way to block really bad SPAMs?
At 12:49 PM 1/3/2005, you wrote: I know that it's generally frowned upon to actually "block" SPAMs (as opposed to marking them as SPAM and letting the user decide) but my company has some instances where we get things that are blatantly, absolutely, unequivocally SPAM (think scores in excess of 100 points without BAYES or any white/blacklisting) and I wonder if there is a way I can configure SpamAssassin to actually block (as in, return a 550 SMTP error code) SPAMs that exceed some ludicrous SPAM score? Does such an option exist? If not, might it be useful for the community at large? No. Spamassassin cannot do any blocking or rejecting. Spamassassin is only a filter. You can probably configure your MUA via procmail or another method to 'reject' spam (bad idea), but SA cannot. Evan
Any way to block really bad SPAMs?
Hello I know that it's generally frowned upon to actually "block" SPAMs (as opposed to marking them as SPAM and letting the user decide) but my company has some instances where we get things that are blatantly, absolutely, unequivocally SPAM (think scores in excess of 100 points without BAYES or any white/blacklisting) and I wonder if there is a way I can configure SpamAssassin to actually block (as in, return a 550 SMTP error code) SPAMs that exceed some ludicrous SPAM score? Does such an option exist? If not, might it be useful for the community at large? Tim Gustafson MEI Technology Consulting, Inc [EMAIL PROTECTED] (516) 379-0001 Office (516) 480-1870 Mobile/Emergencies (516) 908-4185 Fax http://www.meitech.com/ smime.p7s Description: S/MIME cryptographic signature
