Re: Auto Training Filtering Gateway
David Brodbeck wrote: Kelson wrote: Mail sent from to a few addresses that we never use for outgoing mail is rejected with an Invalid bounce explanation. (Don't do this with postmaster or abuse, or you'll probably end up listed on RFC-ignorant.) AFAIK you won't unless someone decides to report you. RFC-ignorant doesn't automatically probe, they just accept reports. Good point. Still worth keeping in mind, though. -- Kelson Vibber SpeedGate Communications www.speed.net
Re: Auto Training Filtering Gateway
I feel like I need to add, for the sake of others, that its a bad idea to allow outside access to these two email addresses. Internal users, or perhaps even just a few trusted individuals should be able to send to these two addresses, but not the general internet population. I'm guessing the reasons for this should be self-evident. On Thu, 23 Sep 2004 15:15:05 -0400, Matt Kettler [EMAIL PROTECTED] wrote: At 02:51 PM 9/23/2004, Gary Buckmaster wrote: To this end, I've considered setting up spam@ and notspam@ accounts on the gateway itself, and having local users send appropriate samples to these accounts, then running sa-learn against these. Does this approach make a great deal of sense? Only if you can get your local users to send them in a way that you can reconstruct the original headers and body. (ie: regular forwarding won't work here, but forward as attachment might). Check the wiki, there's a bit of information on this kind of stuff for various kinds of mailclients up there.
Auto Training Filtering Gateway
Hi All, I have set up a spam/virus filtering gateway using the very popular combination of ClamAV+Spamassassin+Amavisd-new+Postfix. As its still in development, I'd like to do a slow roll-out to the users and have them help train the database against spam. To this end, I've considered setting up spam@ and notspam@ accounts on the gateway itself, and having local users send appropriate samples to these accounts, then running sa-learn against these. Does this approach make a great deal of sense? Has anyone set up something like this? Best Regards, Gary
Re: Auto Training Filtering Gateway
At 02:51 PM 9/23/2004, Gary Buckmaster wrote: To this end, I've considered setting up spam@ and notspam@ accounts on the gateway itself, and having local users send appropriate samples to these accounts, then running sa-learn against these. Does this approach make a great deal of sense? Only if you can get your local users to send them in a way that you can reconstruct the original headers and body. (ie: regular forwarding won't work here, but forward as attachment might). Check the wiki, there's a bit of information on this kind of stuff for various kinds of mailclients up there.
Re: Auto Training Filtering Gateway
On Thu, 23 Sep 2004 13:51:36 -0500, Gary Buckmaster wrote considered setting up spam@ and notspam@ accounts on the gateway itself, and having local users send appropriate samples to these accounts, then running sa-learn against these. Does this approach make a great deal of sense? Has anyone set up something like this? I haven't done it (yet) with SpamAssassin, but this is exactly how I set up the company-wide Bogofilter where I work. It's worked very, very well. I simply created email aliases that pipe to the learning commands. Obviously this works best if the users' email clients can bounce mail with full headers, but I found even ordinary forwarding works -- as long as you forward enough messages to the notspam address to convince it that FW: in the subject line isn't a good spam token! You may want to restrict outside addresses from sending to those accounts...well, at least the notspam one. It's occurred to me, after getting a bunch of spam to web-scraped email addresses, that if I published the spam@ address in hidden text on our website the filter might become self-training. ;)
Re: Auto Training Filtering Gateway
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gary Buckmaster wrote: | I have set up a spam/virus filtering gateway using the very popular | combination of ClamAV+Spamassassin+Amavisd-new+Postfix. As its still | in development, I'd like to do a slow roll-out to the users and have | them help train the database against spam. To this end, I've | considered setting up spam@ and notspam@ accounts on the gateway | itself, and having local users send appropriate samples to these | accounts, then running sa-learn against these. Does this approach | make a great deal of sense? Has anyone set up something like this? Since you're already using amavisd-new and SpamAssassin, you might want to look at Maia Mailguard http://www.renaissoft.com/maia/, which adds web-based user and administrative GUIs, false positive and false negative reporting, Bayes auto-training, and much more. Robert LeBlanc Renaissoft, Inc. Maia Mailguard http://www.renaissoft.com/maia/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBUzVtGmqOER2NHewRAl+FAKCkPUxIbn5se+qBGJcoRA0Px2KE1wCfcAux Fx4z6Cy4FhJkxT+Qp2NWc9U= =9tHZ -END PGP SIGNATURE-
Re: Auto Training Filtering Gateway
David Brodbeck wrote: You may want to restrict outside addresses from sending to those accounts...well, at least the notspam one. It's occurred to me, after getting a bunch of spam to web-scraped email addresses, that if I published the spam@ address in hidden text on our website the filter might become self-training. ;) Be sure to filter out bounces before you train. If a spammer puts it on his recipient list, it's effectively on his senders-to-forge list as well, and if harvesters can scrape it, so can viruses. We get a *lot* of bounces sent to our spamtraps. We just use procmail to discard them as they arrive. Actually, we reject some of the more common ones using MIMEDefang's filter_recipient feature. Mail sent from to a few addresses that we never use for outgoing mail is rejected with an Invalid bounce explanation. (Don't do this with postmaster or abuse, or you'll probably end up listed on RFC-ignorant.) It's up to you to decide whether to let it train on actual viruses or not. -- Kelson Vibber SpeedGate Communications www.speed.net
Re: Auto Training Filtering Gateway
Kelson wrote: Mail sent from to a few addresses that we never use for outgoing mail is rejected with an Invalid bounce explanation. (Don't do this with postmaster or abuse, or you'll probably end up listed on RFC-ignorant.) AFAIK you won't unless someone decides to report you. RFC-ignorant doesn't automatically probe, they just accept reports.