Re: Delete spam or move to a folder?
Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. I'm using store and deliver - is that the general concept out there with everyone? At work we reject any mail tagged as spam (5 points +) during the SMTP session. This has the benefit of sending notification to the true sender rather than having my server try to delivery a NDR after the fact. I haven't had a report of a false positive from any of my users in the last year. Still get some false negatives (mostly 419'er stuff), but overall my users are happy. This set up obviously won't work for all organizations, but as a school we find our user base and email content to be rather homogenous. At home, since I'm using fetchmail, I sort all mail tagged as spam into a subfolder of each users Maildir. Steven --- Steven Dickenson [EMAIL PROTECTED] http://www.mrchuckles.net
Re: Delete spam or move to a folder?
Steven Dickenson wrote: Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. I'm using store and deliver - is that the general concept out there with everyone? I have 4 different things I do with spam depending on the spam. If the spam scores from 5-15 points I add a header tag and pass it on. If the user is on my system and has a folder named spam-low I delivr it there. If the spam scores 15-30 points I generate a bounce message and blackhole the spam. If the user has a spam-high folder they get a copy in there. If the score is over 30 points I blackhold the spam, no bounce message. If the user has a spam-veryhigh folder they get a copy there. If I can ID the spam at SMTP time I just DENY it and the user never sees it.
Re: Delete spam or move to a folder?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Will Nordmeyer wrote: Craig, How do you have procmail set up to deliver to the spam vs. likely spam folders? Use the X-Spam-Level marker. Anything with 10 stars and a X-Spam-Status of Yes gets put in a 'likely-spam' folder. Anything else goes to 'spam'. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEbOizMDDagS2VwJ4RAhmQAJ9jzjQCSdnH+HgZul/5KptDsSLhBwCg9vPc 0Ga2XQi7nrNQL1lJaeQmtUw= =ails -END PGP SIGNATURE-
RE: Delete spam or move to a folder?
My strategy is to reject any messages that have a high score (+11). Mail with scores between 6 and 11 get delivered with the report_safe option (original message as attachment). The rewritten body contains a message to be careful opening the attachment and to only do so, when it is sure it has been unjustly tagged as spam. This works fine for me and my users (which are all quite educated). When you have less able users, it would probably be better to deliver spam in a special location only administrators can access. Of course scoring depends on what checks you run, so this might need finetuning. I run most checks (URIBL, RAZOR2, DCC, BAYES, DNSBL) -Sietse From: Yusuf Ahmed [mailto:[EMAIL PROTECTED] Sent: Wed 17-May-06 8:28 To: users@spamassassin.apache.org Subject: Delete spam or move to a folder? Hi Guys, Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. I'm using store and deliver - is that the general concept out there with everyone? Regards, Yusuf.
Re: Delete spam or move to a folder?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yusuf Ahmed wrote: Hi Guys, Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. I'm using store and deliver - is that the general concept out there with everyone? Regards, Yusuf. Hey Yusuf. Everything received here gets delivered, and procmail sorts the spam and likely-spam into different folders. This means we can quickly see misfires either way, and has the added benefit over milter-level bounces that bayes gets to see everything too. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEauQQMDDagS2VwJ4RAlX/AKCc+98dlkA43ReYXk3mMSVQJcdOWACdF8lD rJgm0R4Omwch2jH7UXbVs0U= =Bg73 -END PGP SIGNATURE-
Re: Delete spam or move to a folder?
Encapsulate the message. Rewrite the header to include the score (NNN.D).
Sort all spam into a spam folder in the MUA. Sort the spam by subject and
double check the low scores while chortling over the high scores.
{^_^}
- Original Message -
From: Sietse van Zanen [EMAIL PROTECTED]
My strategy is to reject any messages that have a high score (+11). Mail with scores
between 6 and 11 get delivered with the report_safe option (original message as
attachment). The rewritten body contains a message to be careful opening the attachment
and to only do so, when it is sure it has been unjustly tagged as spam.
This works fine for me and my users (which are all quite educated). When you have less
able users, it would probably be better to deliver spam in a special location only
administrators can access.
Of course scoring depends on what checks you run, so this might need finetuning. I run
most checks (URIBL, RAZOR2, DCC, BAYES, DNSBL)
-Sietse
From: Yusuf Ahmed [mailto:[EMAIL PROTECTED]
Hi Guys,
Couldn't find a thread like this hence this new one. Just wondering what strategy people
are using when it comes to dealing with email that gets enough points to be considered as
spam. Eg. being deleted and quarantined, or delivered and quarantined etc.
I'm using store and deliver - is that the general concept out there with
everyone?
Regards,
Yusuf.
Re: Delete spam or move to a folder?
At 11:28 PM Tuesday, 5/16/2006, Yusuf Ahmed wrote -= Hi Guys, Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. I'm using store and deliver - is that the general concept out there with everyone? After reading quite a few opinions on this list I have come to the conclusion that if I delete an email sight unseen, how do I know that I am deleting a legitimate email? Ed . . . . . . . . . . . . . . . . . . Randomly Generated Quote (752 of 1050): Nothing contributes more to peace of soul than having no opinion at all. - George Christopher Lichtenberg
Re: Delete spam or move to a folder?
Craig, How do you have procmail set up to deliver to the spam vs. likely spam folders? I have mine configured to folder anything with SPAM-STATUS: Yes (or whatever that flag is)... but have been wondering about setting it up to automatically delete anything scored in the 20+ range (for example) and then save others so that they can be reviewed. --Will -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yusuf Ahmed wrote: Hi Guys, Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. I'm using store and deliver - is that the general concept out there with everyone? Regards, Yusuf. Hey Yusuf. Everything received here gets delivered, and procmail sorts the spam and likely-spam into different folders. This means we can quickly see misfires either way, and has the added benefit over milter-level bounces that bayes gets to see everything too. C. - -- Craig McLean http://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEauQQMDDagS2VwJ4RAlX/AKCc+98dlkA43ReYXk3mMSVQJcdOWACdF8lD rJgm0R4Omwch2jH7UXbVs0U= =Bg73 -END PGP SIGNATURE-
RE: Delete spam or move to a folder?
Ed Kasky wrote: After reading quite a few opinions on this list I have come to the conclusion that if I delete an email sight unseen, how do I know that I am deleting a legitimate email? You don't. That is why quite a few people (myself included) prefer to deliver everything and let the user be responsible for checking their spam folder for false positives. In the case of users who receive tons of spam, I will drop spam messages with very high scores (15-20), but I am sure to stress to the user that there is still a possibility of losing real email. I prefer to be conservative on this, but in reality, I have yet to see a valid email score higher than 10. -- Bowie
Re: Delete spam or move to a folder?
Sur 2006-05-17, Yusuf Ahmed skribis: Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. I put everything with a score of 2 (yes 2) or more in a MaybeSpam mailbox. I then greenlist (aka whitelist) any non-spam message that is delivered to the MaybeSpam mailbox. I do not use Bayes. Details about my system are in these 2 messages: Using a MaybeSpam Mailbox http://deflexion.com/2006/01/using-maybespam-mailbox Server-Side Address Books and Server-Side Greenlists http://deflexion.com/2006/05/server-side-address-books-and-server Hope this helps, Feedback is welcome! Nancy (sent via gmane.mail.spam.spamassassin.general) -- Nancy McGough Infinite Ink: http://www.ii.com/ Bookmarks Blog: http://deflexion.com/
Re: Delete spam or move to a folder?
Yusuf Ahmed [EMAIL PROTECTED] wrote on 17/05/2006 04:28:36 PM: Hi Guys, Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. I'm using store and deliver - is that the general concept out there with everyone? Regards, Yusuf. As a business we take copies of all emails received by the mail gateway. Messages determined to be Spam are not delivered to the end user. Using MimeDefang, the message is pulled apart and all of the bits that we find important are logged to a database so that we can use our web applications for inquiry and recovery of false positives etc. Other web applications have been written for administration purposes and to track down emails when there is a complaint or query. So by default we keep everything and provide mechanisms for our staff to recover an email if required. The ability to customise SpamAssassin and Mimedefang has been invaluable for us. Cheers, Aaron
Re: Delete spam or move to a folder?
Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. In trying to find the a good combination between convenience and also not missing any FPs, we came up with this: - Messages with scores over 20 are thrown away before even reaching the user. - Messages above the threshold but below 20 are filtered into a spam folder. - On a daily basis (or weekly, the user can choose), a script goes through the spam folder and summarizes all messages there that arrived since the last summary. It puts them all into one message, it lists the FROM and SUBJECTs and sends it to the user. That way the user can see everything that was filtered out in one single compact list. They are sorted by score, lowest first, thus any FP would be right near the top. - The same script also automatically deletes messages that have been there for over X (user determined) days. This keeps it from growing out of control if a user never does anything, but it also gives the user a chance to retrieve an FP if necessary. - Included in the summary, with each message listing, are also two magic links: whitelist [EMAIL PROTECTED] and redeliver. The whitelist link does the obvious. The redeliver link fetches that message out of the spam box and puts it into the inbox. (the links have special MD5 tokens built out of the relevant message parts, which only the target cgi can decipher, thus preventing any possible abuse.) Combining the auto-summary, auto-purge, and redeliver links means that users never have to deal with their spam folder directly if they don't want to.
