On Monday 10 June 2002 16:58, Vivek Khera wrote: > >>>>> "KK" == Kjetil Kjernsmo <[EMAIL PROTECTED]> writes: > > KK> The scoring systems seems like a very nice feature, and I figured > it KK> would be nice to use it with several different thresholds: > > Personally, I'd never bit-bucket a message. Always return to sender, > even if that means double-bounces on my end (which end up at dev > null, but at least the sender gets the chance to see the bounce if > they want). This is important for false-positives so the sender > knows what happened.
Yeah, I agree, but I intended it to be so high it would only throw away messages allready caught by a spamtrap, trollbox, or be on the list of my pet spammers. > That said, I use 7 as the return to sender threshhold, and 4 as the > mark for manual inspection level. OK... I thought about using 50 for devnulling.... > I use postfix + amavisd-new. I believe the next release will have > the ability to mark at a certain threshhold and reject at another, > and be tunable per recipient. But I'm not sure if these new features > will make it in. Mmmm, would be neat... :-) > KK> Something that wasn't quite clear to me with spamtraps (yes, I > have a KK> few spamtraps), the message goes into Vipul's Razor, but > isn't there a KK> bit of a lag there? So my concern was that if the > spamtrap catches it, > > Yes, there is lag. But just think how long it takes to deliver > millions of messages. Well, that's true. And it seems spammers often sort their lists alphabetically. That's why my trollbox is named [EMAIL PROTECTED] :-) Still, adding it to a local database would reduce some risk of it getting through. >Chances are sometimes you'll be the first > reporter, and sometimes not. The overall effect is good, but it is > not 100%. > > Just this weekend, I got some spam through that got into razor after > I recieved it, and it would have been sufficient to block those > messages had they already been listed. That's just how it works. OK, so at least I can wait a bit before I give much attention to adding incoming spamtrap/trollbox addresses to the blacklist (I am of course aware that spammers use random addresses, but it is quite common that it is the same From address for an entire spam run, so adding a spamtrap/trollbox address to blacklists would catch those). Thanks for the advices! Best, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
