"I could get away with adding points for it (does that already happen?), but outright blocking is not a good idea unless the criteria is very close to 100%. "
Is there a way? I haven't seen one other than using postfix to block servers that connect that don't have reverse pointers. My problem with that is that some companies don't have them even though they are legitimate. They usually don't have them because of the lack of good or full time IT staff. Thoughts? -Brent -----Original Message----- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 03, 2006 3:15 PM To: users@spamassassin.apache.org Subject: RE: Silly Question Greg Allen wrote: > I know some people use the public folder drag-drop for learning spam, > but I personally don't like the whole idea. And I did consider it. > > I would rather work smarter on the server end to kill or mark the spam > before it gets to the user. > > I don't think users should have to worry about all the technical > details, that's my job. Depends on the user. Some of them like the ability to contribute to solving the spam problem. I don't use this method simply because there is no simple way to do it. Most of my users use pop3 with Outlook or OE. > Yea, a few will slip through now and then. But they will slip through > either way, and annoying users with the details isn't going to change > that. > > Spamassassin is pretty smart. If you enable all of the features and > keep the version up-to-date, tweak a little and configure your server > (Postfix for instance) to do better at rejecting UCE up-front, most > spams will eventually classify themselves correctly automatically. > > The way they classify themselves is because the spammer will use > various email servers and will start getting on various IP blacklists > and URBL lists, various headers are seen, etc. Within a few days the > new spam will start to have more and more points. All it takes is to > trip the spam points one time and that's is the end of that. True, but a well-trained Bayes database is good at catching some of the 0-day spam runs that get past the blacklists. > If you use Razor, DCC, URBL, etc... system admins (and users in some > systems like DCC, etc) are constantly feeding spams into those > systems. That is a better way to go IMO. use a system that is already > setup for that. Yes, definitely use Razor, DCC, Pyzor, URIBL, etc. They are a major contributor to most of my caught spam. But don't forget about Bayes. BAYES_99 is one of my top spam rules. It hit on 67% of my spam in the last two weeks. And BAYES_00 hit on 55% of my ham. > For the marginal (hard to define) spam emails that go on and on for > weeks, they can forward those emails to the admin to find a way to > block. > > You will always have a certain amount of white-list black-list admin > needing to be done. > > Also, now that AOL is blocking all email with no PTR record, you can > probably kill a lot of spam with that right on the front end now. If > anyone complains, ask them how they email to AOL. :-) That depends on your user-base. I deal with businesses and if I tried something like that, I would get the response, "Yes, but my customers aren't trying to email AOL, they are emailing ME and I expect the emails to get through." I could get away with adding points for it (does that already happen?), but outright blocking is not a good idea unless the criteria is very close to 100%. I currently only do MTA-level blocking for viruses. -- Bowie
