Date: Thu, 13 May 2004 13:04:07 -0400 From: Michael Hamburg <hamburg@fas.harvard.edu> To: freebsd-security@freebsd.org Subject: Re: How do fix a good solution against spam.. Message-ID: <8BE22C8E-A4FF-11D8-8FC3-0003939A19AA@fas.harvard.edu> In-Reply-To: <1886.213.112.193.11.1084410012.squirrel@mail.hackunite.net> References: <1886.213.112.193.11.1084410012.squirrel@mail.hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
OpenBSD has a great tool called spamd. When used in conjunction with pf, you can redirect spammers to a spam proxy which uses very little of your memory and cpu time, but tries to use as much of theirs as possible. That way, spam from computers on RBLs is blocked directly instead of wasting your time and possibly bandwidth. Of course, if you have qualms about using RBLs (as I do, for instance), you'll have to let the mail deliver. I use a spam blocker called CRM114. It requires only 100K or so of training to achieve impressive filtering rates. It's been quite successful so far: I haven't seen real false positive in months, and the only spam to get through in that time was one new one I'd never seen before, and some of those one-line virus things (I can't afford to block .zip attachments wholesale). I'm considering taking Harvard off my whitelist and using it to filter out spam-like list submissions. My main reservation about recommending CRM114 is that its datafiles are rather large. Mine are 25 megabytes just for my account, although 2M/account is easily doable if you need space. Still, this would be infeasible for a large site. You can also share the datafiles, but this would be rather tricky to do well, especially as mail mixes tend to be unique to the user. The default is just to tag mail as spam, but as with SpamAssassin, you can setup .procmailrc or the like block it outright. It still uses your processor time and bandwidth, though. Mike Hamburg P.S. I use qmail, and I like it but I'm not a mailserver zealot. So long as it's not Sendmail :-) On May 12, 2004, at 9:00 PM, Jesper Wallin wrote: > Heya folks > > First of all, sorry if this isn't the correct list, but yet, I think > spam is a kind of > network attack and should be treated as a security issue.. I run a > working mail server > using Postfix, MySQL, Courier-IMAP, SpamAssassin and ClamAV > (amavisd-new) .. > > I've checked the configuration file for SpamAssassin, but yet I havn't > find any good > solution for spam.. Sure, spam will always be a problem and I guess > it's impossible to > filter 100% of all spam.. > > Currently, I've made a filter in my mail client which move all mails > with a header > containing "Spam-Level: ***" to a "spam" directory.. The last 2 > months, spam and spam > only has been triggered/filtered.. so I think it's quite useful.. yet, > it does send the > mail.. if it's triggered spam, why does it even send it to the mailbox > instead of just > blocking it? I assume that's because of a bad configuration made by > myself.. > > Also, a lot of mail which is spam is not triggered as spam, is it > possible to improve > spamassassin to filter more mails? Like, the way a antivirus program > works, (have ids > for each virus), does spamassassin has any "spam ids" or something > similar to make it > filter new mails? > > Once again, sorry if this mail has been sent to the wrong list, and > sorry for asking > alot of questions which might already been documented. > > > Regards, > Jesper Wallin > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8BE22C8E-A4FF-11D8-8FC3-0003939A19AA>