Spam Filter Efficiency

[Max Gribov]

Jo Rhett wrote:
> On Nov 21, 2007, at 9:58 PM, Mitchell Smith wrote:
>> We are also looking at other open source solutions such as amavis
This may cause a flamewar, but we found greylisting to work pretty well
to generally reduce amount of spam being processed.
We use policyd/mysql  with postfix, and there are qmail and sendmail
implementations, and others without using a db.

Id say after setting up greylisting, spam really did go down by 60% or
so. Everything else gets caught by amavis/spamassin/clamav

To complete flamewar bait : ), there is also SPF/DomainKeys which do
reduce some types of spam, sometimes, before it hits your filters
http://www.openspf.org/
http://domainkeys.sourceforge.net/

Also, within spamassassin itself, you can specify various block lists to
check, and assign them preference which will influence the ultimate spam
decision.

ex:
cat /usr/local/etc/mail/spamassassin/local.cf
# Five Ten block list
header __RCVD_IN_FIVETENSRC       eval:check_rbl('blackholes',
'blackholes.five-ten-sg.com.')
describe __RCVD_IN_FIVETENSRC     Received via a relay in Five Ten block
list
tflags __RCVD_IN_FIVETENSRC       net

header RCVD_IN_FIVETENSRC       eval:check_rbl_sub('blackholes',
'127.0.0.2')
describe RCVD_IN_FIVETENSRC     Received via a relay in Five Ten block list
tflags RCVD_IN_FIVETENSRC       net
####
score RCVD_IN_FIVETENSRC 0.5

if you google for spam block lists, you can find others which publish
their blocklist as a dns zone.

Another thing you can do is use pf tarpits with spamd on free/openbsd:
http://www.benzedrine.cx/relaydb.html
This method will also allow you to build your own blacklist over time.


>
> Amavisd can be very high performance if you run it and clamav/whatever
> virus checker using temporary storage on a ramdisk.  We're quite happy
> with it.
>
> If you need more per-user/stream options then check out CanIt.  If you
> run it on your own hardware the pricing model is pretty easy on the
> wallet.
>