Topic: How do you cope with spam?

[gbentley]

Hi All,

Previously I had SME box set to drop suspect mail to junkmail but quite a few of the clients werent seeing any real mail in there by mistake as they where using a pop3 client or a Blackberry.

Becasue of this I have switched off 'drop into junkmail' with the inevitable result that everyone complains that they get more spam then they used to.

What is the best way to deal with the ever increasing volumes of spam?

I would love to hear from anyone with a good working strategy on this

[mercyh]

Does this look familiar?

Tag level:   5; Reject level:  10 

Reporting Period : 24.00 hrs
----------------------------

All SMTP connections accepted    :     1548         
Connections from Fetchmail       :        6         
SMTP from local workstations     :       31         

RBL rejected                             :     1157 ( 75.42%)
Pattern filter rejected                 :        0 (  0.00%)
Misc.rejected                            :       90 (  5.87%)
Infected by Virus                       :        0 (  0.00%)
Spam rejected (over reject level)  :       65 ( 89.04%)
Spam detected (over tag level)    :       73 ( 25.44%)
Ham detected (under tag level)    :      190 ( 66.20%)
Total emails accepted                :      222 ( 77.35%)
                                 --------------------
Total emails processed               :      287 (   11.96/hr)

Average spam score (accepted)  :        6.84
Average spam score (rejected)    :       18.14
Average ham score                   :       -4.57

There are 48 users on this server. There are currently only 3 users that check junkmail. I was running just the  rbls and dnsbl lists with no bayes learning set up on spamassin. About a month ago we started seeing about 3 spams per user getting through in a 24hr period. I then setup bayes and had about 10 of my users set their e-mail clients to leave the mail on the server for 1 week. after sufficient mail had collected I went in with each of them with webmail and we cleaned out all the stuff they didn't want to see. We dropped all those into the junkmail folder. We then check junkmail and pulled out anything they wanted to keep and dropped it back in the inbox. I used sonoracomm's howto and manually trained spamassin for HAM against all the cleaned inboxes (this was around 700 good mails). I then manually ran the training against the junkmail folders (This was around 300 spam mails).


I used the LearnAsSpam script and set a couple of my most proficient users up with imap to continue the training process. This has been in place for 3 weeks now.

We have had no spams reported in inboxes since this process.
We have had about 30 spams land in the junkmail boxes that we are checking since then (the others all had their scores raised above the drop threshold of 10 by the training process.)
We have had no false positives that we know of (no mail in junkmail that should be in the inbox.)

I would like to see more discussion of what works and what doesn't on this topic

[brianr]

Why not use IMAP connections instead of POP? that way your users can monitor the junkmail folder AND use the LearnAsSpam folder as well.
Outlook Express and Outlook handle IMAP reasonably, although Outlook 2000 is a bit ropey (but usuable)
 
I presume you have got the RBSBL and DNSBL rejection on, no catchall, and not using fetchmail?  Also you may well be getting spam through your MX backup email server.

A far less effective alternative is to use local email client rules to move tagged spam into another folder, but you can't train the Bayes table then.

I have clients receiving 100s of spam emails a day (often 70-90% of the total), and by using the techniques in the first and second paragraphs they are all "managing" it fine.

[janet]

You can also setup pop and imap accounts in your email client (for the same sme user account).
With the filter to junkmail folder option enabled, users can see messages in the junkmail folder, and still collect pop mail, but have the ability to move any ham from junkmail to the local pop Inbox, as well as the ability to move spam messages from the local Inbox to the LearnAsSpam imap folder.
The best of both worlds.

[gbentley]

I was using IMAP about a year ago in this particulary case. It wasnt long before the server slowed down. I then realised that people where effectively using the IMAP service as a personal file store. Some mailboxes where over
4GB of drawings and photos [architects huh!] even though the 'Acceptable Use Policy' spcifies that email is saved onto the file server, as a seperate file with agreed folder / file naming convention - it just doesnt happen.

Mary, thanks for your suggestion, I may try that.

Brian / Mercyh - would be grateful of specifics or pointers to howto's (goes hunting for 'LearnAsSpam')

Thanks for all your replies !

[mercyh]

The wiki here:

http://wiki.contribs.org/Email

Sonoracomm's work here:

http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32

There are several things in the sonoracomm howto that are not exactly current. A couple I have found

1. Brian's mailstat contrib no longer lives at the address given (at least it didn't 3 weeks ago).

2. The path to junkmail in the Manual Training section is not correct.

mary

You can also setup pop and imap accounts in your email client (for the same sme user account).

I have used this method, setting the POP account up to remove messages in a few days takes care of gbentley's problem of runaway mailbox usage. I have had some problems with the POP server timing out if the e-mail client is opened and more then 10-20 messages are on the server. It seems that if IMAP is syncing and POP is trying to download at the same time the server is not happy. Sometimes POP will download 3-4 messages and then timeout. I will then click send and receive again and the messages will all come into the POP box, sometimes when this happens the first messages that downloaded are duplicated in the POP account. This may just be something in my particular setup that is happening. It is not a big deal for a tech but it is the kind of thing that the general user will grump about.

[brianr]

1. Brian's mailstat contrib no longer lives at the address given (at least it didn't 3 weeks ago).

Now available by:

yum install --enablerepo=smecontribs smeserver-mailstats

[mercyh]

Brian,

How about the correct command to install LearnAsSpam script

(Sonora still shows the wget command.)

By the way, You have saved me many hours with these two jewels.

Thanks a million,

Royce

[brianr]

How about the correct command to install LearnAsSpam script
(Sonora still shows the wget command.)

No change as far as I am aware, it is not (yet?) in in rpm.  Am I missing something?

By the way, You have saved me many hours with these two jewels.

Thanks a million,

You are welcome.

[mercyh]

No change as far as I am aware, it is not (yet?) in rpm.

That's what I wanted to know.

[sonoracomm]

I updated our howto with the new information.  Thanks again.

G

http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49