Domain: rulesemporium.com
Stories and comments across the archive that link to rulesemporium.com.
Comments · 10
-
Re:FTFA
For some people, they are "messages from their friends" and they will go nuts if they figure out that actual junk was filtered as spam. Of course, lets not go too harsh, there could be people trading family photos like that and that 12 kb jpeg becomes really precious.
Yeah, but like I said
... a well-trained copy of SpamAssassin seems to have no trouble discerning the difference. It seems most image spam has some kind of text or even HTML configuration that gives it away ... especially when Bayesian filters are coupled with RBL tests and some custom rules from e.g. SpamAssassin Rules Emporium. This diabolical new method of spam really isn't making it past my filters, for the most part ... and never has. No OCR required. -
Re:SpamAssassin still works
HI
you'll need to tune SA to get the best out of it...you have to keep upto date.
first make sure you're running 3.1.7 and have "sa-update"-ed to get the latest rulesets.
Now add in the SARE rules, fred and Jenifer rules from RulesEmporium. You can keep thiese update by using RulesDuJour to download and installed updates.
Then add in some things like DCC, razor2 and pyzor.
Keep monitoring the SA-users email list for new updates etc...
You can't hit a moving target with a fixed gun! You need to keep moving.
Once you've you sa-update and rulesdujour going, you'll just to update SA when new releases come in, so it's not a big job after the initial hit. -
Re:One viable alternative
I agree - greylisting does work. I've used it on my own box, and spam went to virtually nothing overnight. However, when you depend on the timely delivery of email, it quickly becomes a pain to start whitelisting everyone who might need to get through in a hurry to two dozen users. I know, I know, email shouldn't be relied upon for instant communications, but it's a heck of a lot easier to send a "heads up" to a mailing list. Typically, it works just fine.
I've finally just settled on Spamhaus blacklisting at the MTA level, followed by a healthy heapin' of SpamAssassin lovin' on the backend, including things like FuzzyOCR, a bunch of the rulesets from SARE, pretty much every blacklist turned on and adding points, and one special rule that adds two points if mail goes through my backup MX (which I disable if the primary is down for some reason). I still get 500-600 pieces of spam daily, but usually only 1-2 get through with very, very few false positives (less than 1/month average).
-
Re:"Almost" three out of four?
Are you just using the stock SA rules? Check out http://www.rulesemporium.com/ or if you run FreeBSD, install the spamass-rules port. I have not found a trained spamassassin to be terribly effective. It only adds a point or two to the total score. (although you can increase the importance of the Bayes score, of course) Using a wide variety of rules is more effective overall than bothering with training in my experience. But I do employ some amount of training. I have a shared IMAP box where users can dump spam that gets through. I have a script that periodically downloads the contents of that folder and trains SA... It does a point here and there. Also, SA will automatically train itself with spam that scores over a certain threshold.
I don't have statistics for everyone here at our org, but I don't receive more than one spam every couple days. Sometimes I'll go a week without seeing one. Combine that will Adblock Plus in Firefox and the Internet is a pleasant place again. ;-)
-matthew -
Out of Date and Worthless
This paper's a complete waste of time.
He tested spamassassin 2.3 - that's ancient! I'd imagine the other tools are similarly obsolete.
We currently use SA 3.1.4 with a well-trained Bayes database and Razor, Pyzor, and DCC.
Throw in a few custom rules and a selection of rules from http://www.rulesemporium.com/ and the results are outstanding.
With the new sa-update feature the core rules are updated between point releases, which came in useful this week dealing with the new image spams which seemed to be designed to avoid detection by spamassassin. Thanks Theo.
And the folk on the spamassassin-users mailing list really rock. -
Re:you'ved been spammed!
It's just an arms race. SpamAssassin gets better, then the spammers adjust.
Part of the problem with open source spam filters, the Bad Guys can reverse engineer what's currently being tested.
I kinda wish that the SpamAssassin group would separate their tests from their product development, so we could get more frequent update of the "offical" spam assassin filters. However, I remember reading somewhere that testing and evalutating any new rules against their current corpus takes quite a long time.
Also, make sure you check out http://www.rulesemporium.com/ for more frequently updated rules. -
Re:second post?
Bayes in Spamassassin doesn't seem to recognize 419 emails very well. What does work are the fraud rules from the Spamassassin Rules Emporium.
-
Re:Test new Spamassasin 3.0.0 against this!I checked it this morning, and surbl.org lists that URL as blocked.
Go check it here
-
Re:No Change?
Yeah, that'll happen sometimes. Tweak your rules. The SpamAssassin Rule Emporium might help.
-
Re:3.0?