[NBLUG/talk] Server-side spam filtering?

E Frank Ball frankb at frankb.us
Sat Jul 22 18:56:20 PDT 2006


On Sat, Jul 22, 2006 at 03:42:36PM -0700, Mark Street wrote:
} Personally I use postfix, amavisd-new along with spamassassin and clamav, 
} along with the web interface Maia Mailguard to do black and white lists, spam 
} and ham, SA rule trigger %'s, etc.
} 
} All my public mail comes through this particular server.
} Well into the 6 figures of processed mail:
} Efficiency: 97.93%   False Positive: 0.33%   False Negative: 1.74%
} With some SA configuration tweaks over the years.
} 
} You might try something like:
} fetchmail -> postfix -> amavisd-new -> maia -> local spool
} 
} you might even be able to inject right into amavisd-new from fetchmail.  
} Google it.  You could also cut out maia if you want.


Why are you running virus scanners?   Do you handle mail for windows
users, or have you found it to be an effective way of reducing spam
(since many spams contain a virus)?  In my experence they are very
ineffecient (mucho CPU power consumed) and I don't see many viruses
making it to my inbox, and with Linux I don't much care.


I use postfix, postgrey (>80% effective), several RBLs (realtime black
lists, of which sbl-xbl.spamhaus.org is by far the most effective, and I
never had a false positive with it), and require mailservers to have fully
qualified domain names and reverse DNS (the reverse DNS test nails most of
the spam from China and Korea).  Also check what name the mailservers give
and compare it to your server name.  I found a lot of spammers connect and
claim their server is named with one of my domain names!  REJECT.  After
that I sort with crm114 (instead of spamassasin, it's more efficient, maybe
more accurate after training, but prone to more false positives.  I
switched over to try it out and never switched back, but I can't say it's
really better).  In the end I get one or two spams/day in my inbox instead
of a couple hundred.  Most of the spam I get in the end comes from my Sonic
account, not my mailserver.  It used to be about even amounts of spam from
both, but using postgrey on my server changed that.


I had to google maia:

"Maia Mailguard is a complete spam and virus management system,
consisting of PHP, SQL and Perl scripts, a MySQL or PostgreSQL database
and, of course, amavisd-new, SpamAssassin and supported virus scanners.
Arrays of content filters can be managed from a single Maia interface,
all sharing the same SQL database. Designed to make content filtering,
quarantine management and spam reporting easier, Maia Mailguard is in
many ways a new kind of tool for mail users.

Maia's Web-based interface lets users authenticate against a variety of
sources, including a POP3 or IMAP server, an LDAP server, an external
SQL database or Maia's own internal database. Users can be added
manually by an administrator or automatically when mail arrives for a
local address that Maia hasn't seen before"

PHP and SQL.  Ick.  No thanks.

-- 

  Frank Ball  frankb at frankb.us



More information about the talk mailing list