Re[2]: yet another Sendmail filter for SpamAssassin daemon spamd
On Wednesday 13 April 2005 09:57 am, Eugene Kurmanin wrote: 5. Copy SPAM to the defined mailbox; 6. Reject SPAM at the DATA stage, if SPAM score is greater than defined value; 7. Log all activities to syslog. Well if you are going to reject, why also accept and copy to mailbox. You can set the smf-spamd EXTRA SPAM threshold (8 is default) to reject message without copying and delivering to user mailbox. If SPAM score after SA scan will be more or equal required_score from SA configuration file and less than EXTRA SPAM threshold, message will be marked in Subject and if you wish, it will be copied (BCCed) to special garbage mailbox for analize and correction SA config. Of course, you can set extra spam threshold = required_score and don't copying anything... but you are lost many legitimate mail, if you set required_score very low :) Is there more than one threshold, so that you can reject if it gets a really bad score (like 20 or 30) and reject but still copy to mailbox if the score is less? I found that legitimate mail may get score up to 7-8... If more scores, it's always spam. I used on one of my production server SA 3.0.2 with network mode + DCC, without buyes whitelist databases + some tuning for scores values. required_scores set to 4 extra spam to 8 SA works stable and quickly and don't eat many resources and memory. My 1500 users quite lucky ;) -- Kind regards, Eugene Kurmanin
Re[2]: yet another Sendmail filter for SpamAssassin daemon spamd
John Andersen wrote: On Wednesday 13 April 2005 09:57 am, Eugene Kurmanin wrote: 5. Copy SPAM to the defined mailbox; 6. Reject SPAM at the DATA stage, if SPAM score is greater than defined value; 7. Log all activities to syslog. Well if you are going to reject, why also accept and copy to mailbox. I can think of situations where you would reject (in order to not assume responsibility for the final delivery of the mail) but still want a copy of what you rejected for forensic purposes. Most of them have to do with espionage :) I think, i don't want to collect such messages, which get many scores... it's 100% spam :) we reject is about 300K such messages in month =\ spy to go crazy 8) BTW, for delivery after reject the Sendmail must to be special patched :) -- Kind regards, Eugene Kurmanin
Re: yet another Sendmail filter for SpamAssassin daemon spamd
On Wednesday 13 April 2005 09:57 am, Eugene Kurmanin wrote: 5. Copy SPAM to the defined mailbox; 6. Reject SPAM at the DATA stage, if SPAM score is greater than defined value; 7. Log all activities to syslog. Well if you are going to reject, why also accept and copy to mailbox. Is there more than one threshold, so that you can reject if it gets a really bad score (like 20 or 30) and reject but still copy to mailbox if the score is less? -- _ John Andersen pgp7jV5cb5j9D.pgp Description: signature
RE: yet another Sendmail filter for SpamAssassin daemon spamd
John Andersen wrote:
On Wednesday 13 April 2005 09:57 am, Eugene Kurmanin wrote:
5. Copy SPAM to the defined mailbox;
6. Reject SPAM at the DATA stage,
if SPAM score is greater than defined value;
7. Log all activities to syslog.
Well if you are going to reject, why also accept
and copy to mailbox.
I can think of situations where you would reject (in order to not assume
responsibility for the final delivery of the mail) but still want a copy of
what you rejected for forensic purposes. Most of them have to do with
espionage :)
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
yet another Sendmail filter for SpamAssassin daemon spamd
Hello, all. I decide to publish my own filter for Sendmail, which use the Milter API. It has only the most necessary in the real life opportunities: 1. Except from scan the messages which greater than defined size; 2. Except from scan the hosts/networks (white list); 3. Mark subject if SPAM detected; 4. Add information header with scan results; 5. Copy SPAM to the defined mailbox; 6. Reject SPAM at the DATA stage, if SPAM score is greater than defined value; 7. Log all activities to syslog. Advantages: 1. Small code (does not exceed 580 lines); 2. Fast work; 3. Stable (production quality); 4. Very low resources are required; 5. No temporary files are created. You can get it here: http://smfs.sourceforge.net/ http://sourceforge.net/projects/smfs/ Feedback are welcome :) -- Kind regards, Eugene Kurmanin
