Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Noel Jones (njonesmegan.vbhcs.org)
Date: Mon Dec 01 2008 - 14:10:21 CST
Roman Medina-Heigl Hernandez wrote:
> Noel Jones escribió:
> You are (again) right, perhaps spamassasin is better for performing this
> kind of check... with the added bonus that filtered mail is not dropped,
> but quarantined (so you could always rescue a false negative). Do you know
> "how well" does it (SA) perform at blocking this spam case (src dom=dst
> dom) while recognizing "legit" (but nasty) notices?
> For the very same reason, isn't it better to let Spamassassin make
> "intelligent" SPF-checks instead of using some other policy server with
The whole idea of SpamAssassin scoring is that the spamminess
of of messages comes from lots of little things - some
positive scores, some negative scores - that usually adds up
to something that accurately represents whether a message is
spam or not. No one rule (unless it's a rare 100% guaranteed
spam indicator) ever decides on its own that a message is spam.
While a message might exhibit the From=To and SPF errors
described above, most legit mail still wouldn't trigger enough
points to get into the "likely spam" range.
SpamAssassin itself isn't 100% accurate, but it does fairly
well with a very wide range of junk. It's a good tool to use,
but you need more than one tool.
Selective RBLs (zen.spamhaus.org is highly recommended),
ClamAV with the Sanesecurity add-on signatures, and careful
postfix checks can reject a lot of spam before SpamAssassin
ever sees it.
It's also important to note that the settings you use depend
on your user base and your goals - there is no
one-size-fits-all solution, which is why you'll never see such
a thing posted here. Your best bet is to lurk on the list for
a while or browse the archives to learn what might work well
in your situation.