On Wed, 2009-06-17 at 15:02 +0200, Matus UHLAR - fantomas wrote: > On 17.06.09 13:48, rich...@buzzhost.co.uk wrote: > > But there are certain words you would never expect to see in the > > subjects of legitimate mail none the less unless you often get mail with > > words like 'Orgasms' in it :-) If you do, please *share* your friends > > with us all! > > The often cited point on spam filtering is, that words you usually don't see > in mail may the others see often. For example, while you may not need > viagra, a m.d. can use if very often. The same applies to words "orgasms" > and many others - people may exchange anything in their private > communication and you may not to know about it. Indeed, but any reputable and legitimate venor or contact would act with dis discretion and not plaster 'Viagra' and 'Sex' or 'Orgasm' in the subject lines. If they did, they would rightfully be blocked. I would not go into my doctors surgery or pharmacy and expect anyone to shout out, in the clear, RICHARD BUZZHOST - YOUR VIAGRA IS HERE. It's about appropriate behaviour and knowing how professionals would behave
> > That is why solutions like spamassassin exist and that is also why SA people > don't like poison pill rules. It's true to say that Forensic Science exists too, but I would rather keep the crook out of the house in the first place, rather than have it dusted for prints and examined afterwards. > > > Seriously, the RBL's would have killed this, the missing hostname, the > > hint that it is a 'user' ip connecting (not a legit mail server), the > > key words - all could have been used by the MTA to drop this message on > > the floor without troubling SA to scan it. Looking at the content of the > > mail is the last resort - if it's got that far in to your system, the > > spammer wins > > While connecting IP and its DNS name is known before the mail is received, > the subject is only seen after the data phase. Yes, but responsibility for the message is not handed over until the end of the data phase. Specifically when the recipient server issues; 250 2.0.0 Ok: queued as ...... Up until that point it is free to drop with an SMTP error. It's just SpamAssassin does not seem able to keep up with the speed of SMTP. That's just an observation. If you set that against Postfix with some simple and obvious header and body filters you can drop lots of rubbish quickly without wasting the time to look at it. This lets Spamassassin concentrate on those truly annoying messages that fall into the twilight zone.
