[nycbug-talk] OT: Spam Filters
Max Gribov
max at neuropunks.org
Thu Oct 23 20:43:59 EDT 2008
Matt Juszczak wrote:
> Hi all,
>
> I was just wondering what Spam Filters people use. I was using dspam with
>
Hi Matt,
I find spamassassin to be really good (recent versions being way better
than say 3 years ago), and i also use custom tweaked scores from several
block lists, for example (local.cf):
header __RCVD_IN_FIVETENSRC eval:check_rbl('blackholes',
'blackholes.five-ten-sg.com.')
describe __RCVD_IN_FIVETENSRC Received via a relay in Five Ten block
list
tflags __RCVD_IN_FIVETENSRC net
score RCVD_IN_FIVETENSRC 0.5
and so on. You can find plenty of dns based block lists out there - of
course there is some crap factor, hence the score adjustment.
(ping me offlist if you want me to send my configs - they're kinda long)
i used to train spamassassin but it didnt seem to make any difference..
pf/spamd is a pretty cool way, Marco has a good implementation up
I also use greylisting, SPF and DK with postfix - dk and spf mostly to
identify my domains as ham.
Greylisting comes from /usr/ports/mail/postfix-policyd-sf
SPF comes bundled with postfix
(/usr/local/libexec/postfix/postfix-policyd-spf.pl) although you can use
policyd-spf from ports as well
DK is /usr/ports/mail/dk-milter
DKIM is supposed to be cooler - but im too hazy on the differences, and
for some reason i decided to stick with DK
Postfix itself has plenty of restrictions, which cut down on invalid
helo/hostnames/etc, like so:
policy-grey_time_limit = 600
disable_vrfy_command = yes
smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes
smtpd_helo_required = yes
smtpd_client_restrictions = hash:/usr/local/etc/postfix/access,
permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname,
reject_non_fqdn_sender, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unlisted_sender,
reject_invalid_hostname, reject_non_fqdn_sender,
reject_unauth_destination, check_policy_service unix:private/policy-spf
smtpd_recipient_restrictions = hash:/usr/local/etc/postfix/access,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, reject_non_fqdn_sender,
reject_unlisted_recipient, reject_unverified_recipient,
check_policy_service inet:69.31.43.10:10031
I also think thunderbird's junkmail controls are pretty good, so really,
combining all of it, i get may be 1 spam a week in my inbox, and may be
1 every 2/3 weeks false positive
hope this helps
> training, but that was getting quite annoying to train, so I switched to
> out of box SpamAssassin, which marks way too many hams as spam and
> doesn't catch enough of the spams.
>
> Can anyone recommend a solution that works for them?
>
> -Matt
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
More information about the talk
mailing list