Spam Issues

[mejam]

I am having problem on qmail....i have spamassassin and clamAV for anti-spam and anti-virus respectively....somehow i am not satisfied with spamassassin...for example..if there is an e-mail about VIAGRA then spamassasin will tag it as spam deliver to the mailbox...but if it is some information like from panda security or planet software and sources like that...spamassassin does not TAG them....and also plz guide me how can i declate a domain or an email adress as SPAM and all those emails from SPAM sources should not reach my mail box....spamassassin will just take them and burn them in HELL....!!

[lambda]

read spamassassin's documentation. it can whitelist/blacklist anything by domain or regex.

[LinuxFreaK]

Dear mejam,
Salam,

FYI, http://www.magma.com.ni/~jorge/spamassassin.html

Best Regards.

[x2oxen]

you should read about greylisting. it solved my spam problem to extreme level

[lambda]

i no longer use greylisting because there were uncooperative mail servers out there and i likely lost email. instead, i use something similar to greet pause (a sendmail feature), an rbl, and a bogofilter-based spam checker. blocked email for the past week: 757 for greet pause, 2,103 for bl.spamcop.net's rbl, and 996 for bogofilter. i run the bogofilter check using qmail-qfilter, and the pause check using some code i wrote for rblsmtpd.

[x2oxen]

Well thats interesting. I am using Spam Assassin (Qmail Filter), Reverse DNS Lookup, Greylisting & rblsmtpd for fighting with spams. It solved my 99.9% problem of spams & i see rarely 1 or 2 spam messages in months.

[lambda]

yes, but how much spam is blocked by each check (reverse dns, greylisting, etc)? a lot of places in pakistan don't have reverse dns; are you sure you're not dropping legit mail?

[mejam]

Well thats interesting. I am using Spam Assassin (Qmail Filter), Reverse DNS Lookup, Greylisting & rblsmtpd for fighting with spams. It solved my 99.9% problem of spams & i see rarely 1 or 2 spam messages in months.

I am also using the same but do not have RBL and Greylisting....can you guide me how can i implement greylisting and RBL to my qmail...?

[lambda]

use rblsmtpd (part of ucspi-tcp).

like i said, i'd lose mail with greylisting. i don't do that any more.

[x2oxen]

Well alot of spam as i told you about 99%. And those who don't have reverse lookup or get greylisted receive a bounce back message and if source is authentic then they always email to postermaster about this issue. and i ask them to fix their side problems or else i add exception for them. Yahoo, AOL and many big email providers using these policies and have very strict rules about spams.

[lambda]

Well alot of spam as i told you about 99%.

that's not what i asked. again: how much spam is blocked by each check (reverse dns, greylisting, etc)? if, for example, the reverse dns check takes 0.6 seconds per email, but only catches 4 spam emails a day out of 250, it's not very helpful.

And those who don't have reverse lookup or get greylisted receive a bounce back message and if source is authentic then they always email to postermaster about this issue.

in other words, you do lose actual non-spam mail every day, but you don't know how much because some of the users don't send mail to postmaster.

a procedure that results in false negatives is much worse than a procedure that lets a few spam messages through.

[mejam]

I have implemented rblsmtpd and it heals the pain of spam...i was having a look at my queue...the spam messages are sent to those email address that no longer exist...i mean those employees have left the organization and spam to those email address stays in the queue..any solution for that...?

[lambda]

if you have the badrcptto patch installed, use that. if you use qmail-qfilter (doesn't need patching), put all the old/unused email addresses in a file, and write a simple filter that checks the incoming mail against the file.

[mejam]

i dont think i have any of these....how can i path my existing qmail for badrcptto or qmail-qfilter...?

[lambda]

how can i path my existing qmail for badrcptto or qmail-qfilter...?

maybe you should use postfix.