How do fix a good solution against spam..

Michael Hamburg hamburg at fas.harvard.edu
Thu May 13 10:04:15 PDT 2004 

OpenBSD has a great tool called spamd.  When used in conjunction with 
pf, you can redirect spammers to a spam proxy which uses very little of 
your memory and cpu time, but tries to use as much of theirs as 
possible.  That way, spam from computers on RBLs is blocked directly 
instead of wasting your time and possibly bandwidth.

Of course, if you have qualms about using RBLs (as I do, for instance), 
you'll have to let the mail deliver.  I use a spam blocker called 
CRM114.  It requires only 100K or so of training to achieve impressive 
filtering rates.  It's been quite successful so far: I haven't seen 
real false positive in months, and the only spam to get through in that 
time was one new one I'd never seen before, and some of those one-line 
virus things (I can't afford to block .zip attachments wholesale).  I'm 
considering taking Harvard off my whitelist and using it to filter out 
spam-like list submissions.

My main reservation about recommending CRM114 is that its datafiles are 
rather large.  Mine are 25 megabytes just for my account, although 
2M/account is easily doable if you need space.  Still, this would be 
infeasible for a large site.  You can also share the datafiles, but 
this would be rather tricky to do well, especially as mail mixes tend 
to be unique to the user.

The default is just to tag mail as spam, but as with SpamAssassin, you 
can setup .procmailrc or the like block it outright.  It still uses 
your processor time and bandwidth, though.

Mike Hamburg
P.S. I use qmail, and I like it but I'm not a mailserver zealot.  So 
long as it's not Sendmail :-)

On May 12, 2004, at 9:00 PM, Jesper Wallin wrote:

> Heya folks
>
> First of all, sorry if this isn't the correct list, but yet, I think 
> spam is a kind of
> network attack and should be treated as a security issue.. I run a 
> working mail server
> using Postfix, MySQL, Courier-IMAP, SpamAssassin and ClamAV 
> (amavisd-new) ..
>
> I've checked the configuration file for SpamAssassin, but yet I havn't 
> find any good
> solution for spam.. Sure, spam will always be a problem and I guess 
> it's impossible to
> filter 100% of all spam..
>
> Currently, I've made a filter in my mail client which move all mails 
> with a header
> containing "Spam-Level: ***" to a "spam" directory.. The last 2 
> months, spam and spam
> only has been triggered/filtered.. so I think it's quite useful.. yet, 
> it does send the
> mail.. if it's triggered spam, why does it even send it to the mailbox 
> instead of just
> blocking it? I assume that's because of a bad configuration made by 
> myself..
>
> Also, a lot of mail which is spam is not triggered as spam, is it 
> possible to improve
> spamassassin to filter more mails? Like, the way a antivirus program 
> works, (have ids
> for each virus), does spamassassin has any "spam ids" or something 
> similar to make it
> filter new mails?
>
> Once again, sorry if this mail has been sent to the wrong list, and 
> sorry for asking
> alot of questions which might already been documented.
>
>
> Regards,
> Jesper Wallin
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to 
> "freebsd-security-unsubscribe at freebsd.org"
>

More information about the freebsd-security mailing list