Topic: Spam, yet again

[MSmith]

So I've migrated a few SME 7 servers to SME 8b7 with good success, and am wondering if there are any new techniques or refinements to old techniques. I've implemented GeoIP but haven't yet learned to identify when an email is blocked specifically by that technique. RHSBL and DNSBL seem to be working well, as is SpamAssassin.

Comments? Recommendations?

EDIT:  I sure would like to find a way to block all .INFO domains, despite knowing this is not a "best practice." I have yet to see any "ham" from an .INFO address.

[Michail Pappas]

Not an expert here, just trying to help

With your last question in mind, perhaps you could enable RelayCountry and ASN. Implicitly, they do modify Bayesian learning on SA, producing (hopefully) better classification...

[compdoc]

Its fairly easy to block domains, although you should be sure you want to. I block:

*.info
*.ru

As well as more specific sites:

*chemistry.com
*classmates.com

I have not yet tried SME 8.0, but this is how it was done with SME 7x:

db spamassassin show wbl.global
db spamassassin setprop wbl.global *.info.com Black
db spamassassin setprop wbl.global *newegg.com White
expand-template /etc/mail/spamassassin/local.cf
svc -t /service/spamd
db spamassassin show wbl.global

Hope that helps...

[janet]

MSmith

You could try this & see if it suits your requirements
For sme7
yum install smeserver-wbl --enablerepo=smecontribs

For SME8 until repos are populated then configure sme7contribs (see wiki) and do

yum install smeserver-wbl --enablerepo=sme7contribs

[MSmith]

@Mary: the WBL contrib cannot block by top-level domain, I believe, so that won't work for ".info"

If it can, I do not know the syntax. I have trouble getting users to train the Bayesian part of SpamAssassin so I don't use that. I'm using GeoIP with success, though I know that SMTP purists don't like it. (And I do understand why, I just find that it's effective in cutting down unwanted email and so far I've not had any complaints.)

It strikes me that with the explosion of TLDs we are going to see, that it would be extremely useful to be able to block by TLD.

[cactus]

I have trouble getting users to train the Bayesian part of SpamAssassin so I don't use that.

Even with LearnAs[Sp/H]am boxes in the users e-mail to which they need to copy false positives/negatives?

I believe they can be implemented using a contrib: http://wiki.contribs.org/Learn

[MSmith]

Yes, even with. Training on the spam/ham would take *time* and *effort* and "that's what we pay you for, innit?"

[janet]

MSmith

Did you read compdoc's reply above, showing db commands ?
Does that work for you ?
http://forums.contribs.org/index.php/topic,48601.msg241994.html#msg241994

[MSmith]

Its fairly easy to block domains, although you should be sure you want to. I block:

*.info
*.ru

As well as more specific sites:

*chemistry.com
*classmates.com

I have not yet tried SME 8.0, but this is how it was done with SME 7x:

db spamassassin show wbl.global
db spamassassin setprop wbl.global *.info.com Black
db spamassassin setprop wbl.global *newegg.com White
expand-template /etc/mail/spamassassin/local.cf
svc -t /service/spamd
db spamassassin show wbl.global

Hope that helps...

Didn't work for me on SME 9, unfortunately

.link addresses/emails sailing through with spamassassin scores of ZERO.

[compdoc]

Those commands do work with version 9. Just make sure you spell 'White' and 'Black' exactly that way.

If spamassassin isn't scoring then maybe its disabled in the GUI.

I manually enabled Bayes, which helps scores quite a bit.