[nycbug-talk] OT: Spam Filters

Max Gribov max at neuropunks.org
Thu Oct 23 20:43:59 EDT 2008 

Matt Juszczak wrote:
> Hi all,
>
> I was just wondering what Spam Filters people use.  I was using dspam with 
>   
Hi Matt,
I find spamassassin to be really good (recent versions being way better 
than say 3 years ago), and i also use custom tweaked scores from several 
block lists, for example (local.cf):
header __RCVD_IN_FIVETENSRC       eval:check_rbl('blackholes', 
'blackholes.five-ten-sg.com.')
describe __RCVD_IN_FIVETENSRC     Received via a relay in Five Ten block 
list
tflags __RCVD_IN_FIVETENSRC       net
score RCVD_IN_FIVETENSRC         0.5

and so on. You can find plenty of dns based block lists out there - of 
course there is some crap factor, hence the score adjustment.
(ping me offlist if you want me to send my configs - they're kinda long)

i used to train spamassassin but it didnt seem to make any difference..

pf/spamd is a pretty cool way, Marco has a good implementation up

I also use greylisting, SPF and DK with postfix - dk and spf mostly to 
identify my domains as ham.
Greylisting comes from /usr/ports/mail/postfix-policyd-sf
SPF comes bundled with postfix 
(/usr/local/libexec/postfix/postfix-policyd-spf.pl) although you can use 
policyd-spf from ports as well
DK is /usr/ports/mail/dk-milter
DKIM is supposed to be cooler - but im too hazy on the differences, and 
for some reason i decided to stick with DK

Postfix itself has plenty of restrictions, which cut down on invalid 
helo/hostnames/etc, like so:

policy-grey_time_limit = 600
disable_vrfy_command = yes
smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes
smtpd_helo_required = yes
smtpd_client_restrictions = hash:/usr/local/etc/postfix/access, 
permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, 
reject_non_fqdn_sender, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, 
permit_sasl_authenticated, reject_unlisted_sender, 
reject_invalid_hostname, reject_non_fqdn_sender, 
reject_unauth_destination, check_policy_service unix:private/policy-spf
smtpd_recipient_restrictions = hash:/usr/local/etc/postfix/access, 
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, 
reject_invalid_hostname, reject_non_fqdn_sender, 
reject_unlisted_recipient, reject_unverified_recipient, 
check_policy_service inet:69.31.43.10:10031


I also think thunderbird's junkmail controls are pretty good, so really, 
combining all of it, i get may be 1 spam a week in my inbox, and may be 
1 every 2/3 weeks false positive

hope this helps

> training, but that was getting quite annoying to train, so I switched to 
> out of box SpamAssassin, which marks way too many hams as spam and 
> doesn't catch enough of the spams.
>
> Can anyone recommend a solution that works for them?
>
> -Matt
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

More information about the talk mailing list