Hello Jeremy,
I have the following rbl main.cfg in postfix:
reject_rbl_client b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client all.spamrats.com
RBL are very nice, helping me block lots of SPAM but a lot of spam are
making it through, with very low score. I trained SA with about 700 SPAM
emails and with about 258 HAM emails.
X-Virus-Scanned: amavisd-new at fqdn.com
X-Spam-Flag: NO
X-Spam-Score: 0.003
X-Spam-Level:
X-Spam-Status: No, score=0.003 tagged_above=-999 required=5.3
tests=[DKIM_SIGNED=0.001, HTML_IMAGE_RATIO_06=0.001,
HTML_MESSAGE=0.001, T_DKIM_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01]
autolearn=no
Email hearder is very spammy,
I need help stoping this attack,
Thanks for your support,
On Tue, Jul 1, 2014 at 12:17 PM, Jeremy McSpadden <jer...@fluxlabs.net>
wrote:
> No mention of RBLs or greylisting ...
>
>
> --
> Jeremy McSpadden
> Flux Labs | http://www.fluxlabs.net | Endless Solutions
> Office : 850-250-5590x501 <850-250-5590;501> | Cell : 850-890-2543 | Fax
> : 850-254-2955
>
> On Jul 1, 2014, at 2:06 PM, "Steve Bergman" <sbergma...@gmail.com> wrote:
>
> Hey motty cruz,
>
> I just moved our 100 users over from our ISP's mail servers to our own.
> Apparently, the ISP's mail servers were doing remarkably well. Because it
> turns out that we get some 5000 spams a day, and users were getting
> essentially no spam.
>
> Then I upgraded us to a new OS on our Debian/X2Go/MATE desktop server, and
> move us to our own mail server, and the spam was coming through like water
> through the sluice gates of a dam.
>
> It didn't help that I'd moved everyone from Evolution to Thunderbird. So
> the client bayesian spam filters were completely untrained.
>
> So I installed SA on the server. That helped. But it wasn't enough. I
> compiled up DCC and and installed Pyzor, and that helped some. (Though SA's
> Pyzor support had some teething problems, as you can see from my recent
> posts, which I think may be now resolved.)
>
> What SA really needs if for its own Bayesian filter to kick in. But to be
> used at all, you need at least 200 ham and 200 spam messages registered
> with it.
>
> i.e. if you have to have a way to train the filter. I don't really have
> much confidence in "autolearn". And I'm a little scared of it. So I turned
> it off. We use Dovecot. So I used the dovecot-antispam plugin to
> automatically train SA when mail gets moved in or out of the junk folder.
> (It handles the moving of mail from Junk into Trash or regular folders
> intelligently and appropriately.)
>
> But that only solved half the problem. You need 200 hams and 200 spams.
> Mail was not getting marked as ham when it went into the Inboxes. So I
> wrote a script that could be called from the users' .forward files to mark
> messages as ham. Then if the user, or Thunderbird's own spam filter chooses
> to move it to Junk, it gets relearned as spam.
>
> Finally, to deal with many of the false positives I was getting with SA, I
> wrote a script, executed from cron, which takes new mail in the users' Sent
> folders, and whitelists them with spamassassin in the users' own individual
> user_prefs files.
>
> This is what it took before I was really happy with the performance of SA.
> Well... that and adding a 1 second sleep after connection in the Postfix
> configuration. That made a huge difference. But our mail volume is small
> enough that the 1 second sleep doesn't cause any problems as it would on a
> really high volume server.
>
> I hope that rough outline is helpful to you in some way.
>
> However, having come through all that, I find myself wondering if we
> should simply impose capital punishment for the crime of spamming, or if
> more drastic action is indicated. ;-)
>
>
