[Esd-l] Spam Filtering

Bill Larson blarson at compu.net
Wed Jul 31 02:47:01 PDT 2002 

Simple spam control with few very few false positives.

FEATURE(`dnsbl', `blackhole.compu.net')dnl
FEATURE(`dnsbl', `list.dsbl.org')dnl
FEATURE(`dnsbl', `opm.blitzed.org')dnl
FEATURE(`dnsbl', `dun.dnsrbl.net',`dnsrbl refused - Dialup address use your
local mailserver')dnl
FEATURE(`dnsbl', `Dialups.relays.OsiruSoft.com',`osirusoft refused - Dialup
address use your local mailserver')dnl
FEATURE(`dnsbl', `bl.spamcop.net')dnl
FEATURE(`dnsbl', `inputs.relays.osirusoft.com')dnl
FEATURE(`dnsbl', `relays.ordb.org')dnl
FEATURE(`dnsbl', `Spamsites.relays.OsiruSoft.com')dnl
FEATURE(`dnsbl', `Spamhaus.relays.OsiruSoft.com')dnl
FEATURE(`dnsbl', `Spews.relays.OsiruSoft.com')dnl
FEATURE(`dnsbl', `flowgoaway.com')dnl
FEATURE(`dnsbl', `pm0-no-more.compu.net')dnl
FEATURE(`dnsbl', `blackholes.intersil.net')dnl

Statistics from Sat Jul 27 23:39:06 2002
 M   msgsfr  bytes_from   msgsto    bytes_to  msgsrej msgsdis  Mailer
 4    16,286     331,691K      3,474     20,5802K      259       0
esmtp
 9     5,312      212,449K    19,954     436,020K      509       0
local
=============================================================
 T    21,598     544,140K    23,428    64,1822K      768       0
 C    21,598                         23,428                     32,812

So I have rejected 33,812 spamming attempts roughly 42% of the connections
to the server using the above methods only in 4 days. Doing this I average
1-2 spams per day while without this I would average 50 plus to my personal
mail box. I get approx 1 user complaint/comment every 3 months from the
several thousand users on this box. blackhole.compu.net is where i add those
spam that slip though the other blackhole lists.

Bill Larson
Network Administrator
Compu-Net Enterprises

----- Original Message -----
From: "Peter Hanecak" <hanecak at megaloman.com>
To: "Eric Brosius" <ebrosius at sunyorange.edu>
Cc: <esd-l at spconnect.com>
Sent: Wednesday, July 31, 2002 2:35 AM
Subject: Re: [Esd-l] Spam Filtering


> Hello,
>
> On Tue, 30 Jul 2002, Eric Brosius wrote:
>
> > As are most admins, we're getting a little sick of all the spam floating
> > around the internet.  I've read though past emails and I'm going to look
> > into the links on procmail's website.  But I'm curious to hear what most
> > of you are doing to block 'unwantable' words in the subject and/or body
> > of messages.  What works best?  Does the sanitizer do it?  What is
> > everyone doing about it??  Thanks for sharing the knowledge.
>
> I'm using set simple procmail rules and sendmail's access file to help me
> with SPAM:
>
> 1) "for sure" rules: those rules (I hope) are (and have to be) 100%
> without false-positives; they do not catch every SPAM but catch most of
> it; (note: I'm not sorting any messages to /dev/null so there is no
> possibility of losing something and also to have some statistics)
>
> example:
>
> # some SPAM hase "To" filed set to addresses like
> # Undisclosed.Recipients at our.gateway.com so I know for
> # sure that this is some "To" faking in progress and
> # message is SPAM, scum or something along that line
> :0:
> * ^To.*(Undisclosed.Recipients|Money.in.Motion)@our.gateway.com
> mail/spam`date +%y`
>
>
> 2) "almost 100% accuracy" rules: those rules are trying to catch SPAM and
> mostly SPAM but I'm aware that some legitimate messages can be catched by
> those rules (even if possibility is 1:1000); those rules filter messages
> to something I can call SPAM quarantine and I'm looking at this quarantine
> once a day
>
> example:
>
> # set of rules which catches messages not directed to me - I'm
> # ommiting them while there are quite a lot of them like:
> # :0:
> # * ^TO_.*hanecak at megaloman.com
> # mail/spam-quarantine
> # false-positives are messages, which are BCCied to me
>
> # rule to catch those quite "polite" senders of
> # unwanted advertisment
> :0:
> * ^Subject.*ADV\:
> mail/_spam
>
>
> 3) rest is sorted as "every mailing list has its folder" and rest goes to
> INBOX
>
> 4) notorious junk senders are placed in sendmail's access file with
> "ERROR:550 Spammers are banned from our site" and (if that control is
> effective) messages from then are not delivered to me (and
> colegues) anymore
>
>
> In that way it goes like this (applies to this year):
>
> 1) I received 3340 unwanted junk messages this year (compare to
> 1944 junk messages last year!)
>
> 2) about 6-7 (but sometimes even 20) daily of that is filtered to
> spam-quarantine which I quickly scan for false-positives and rest
> move to spam`date +%y`
>
> 3) about 2-4 per week of that make it to my INBOX
>
> 4) about 20 messages per week are catched by sendmail's access
> file so they are not received
>
>
> Such system is not that complicated (no AI, no score based filtering, ...,
> ...), has some weak points but make it possible for me to work with
e-mail.
>
>
> So now I will enjoy hearing about this from others! :)
>
>
> Sincerely
>
> Peter
>
> --
> ===================================================================
>   Peter Hanecak <hanecak at megaloman.com>
>   GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt
> ===================================================================
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l

More information about the esd-l mailing list