|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Quarantine SPAM
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Tue Aug 29 2006 - 10:20:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tuesday 29 August 2006 08:16, Coffey, Neal wrote:
> o2 - Marcin Wasilewski wrote:
> > something like this:
> > 1) pass message through SA
> > 2) if SPAMSCORE is < 6 then it is OK
> > 3) if SPAMSCORE is > 6 then it place it in the Quarantine folder
> > and REJECT at SMTP level
>
> I think amavisd-new does this?
Not exactly, although it could if run from a pre-queue proxy.
After-queue content filtering is probably safer in Postfix. Details are
in SMTPD_PROXY_README and FILTER_README.
> But I'd recommend setting the bar a
> little bit higher, closer to 10. I actually graphed the frequency of
> SA scores once (admittedly only for a couple of days), it looks like
> most spam is 10+. To me, this means the greatest danger of false
> positives is between 5-9.
This advice depends on your install, and thus varies widely. I reject
most of the 10+ spew in SMTP before DATA, so I don't see very many in
that range. I'm having to lower the bar to around 3, and I'm seeing
very few FP's in that range.
What I do is similar to what the OP described, but I do it after-queue
and don't reject these in SMTP. Amavisd-new documentation describes
exactly how to do this with plus-addressing.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]