Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: charlien on May 14, 2015, 04:41:07 PM

Title: Limiting SPAM
Post by: charlien on May 14, 2015, 04:41:07 PM

I'm sure this has been discussed over and over but I couldn't find anything current and did not want to follow old advice. I'm looking to limit spam that is hitting our server without losing real messages. Here are my settings:

Spam Filter = Enabled
Spam sensitivity = Custom
Custom spam tagging = 5
Custom spam rejection = 9

config show qpsmtpd
qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=enabled
    LogLevel=6
    MaxScannerSize=25000000
    RBLList=zen.spamhaus.org:b.barracudacentral.org:bl.spamcop.net
    RHSBL=enabled
    RelayRequiresAuth=enabled
    SBLList=badconf.rhsbl.sorbs.net:nomail.rhsbl.sorbs.net
    TlsBeforeAuth=1
    access=public
    qplogsumm=disabled
    status=enabled

Does anyone have any recommendations what I can change to make this a little better at rejecting SPAM.

Thanks in advance.

Title: Re: Limiting SPAM
Post by: mmccarn on May 16, 2015, 02:02:12 PM

This section of the email FAQ may help:
http://wiki.contribs.org/Email#Spam

I strongly recommend implementing bayesian autolearning, along with the 'learnasspam' and 'learnasham' scripts.

I love the barracudacentral blocklist but it uses a different reply methodology that is a bit tricky to configure on a SME server by default.  Here are some notes on what I got it to work:
http://forums.contribs.org/index.php?topic=50941.0
http://bugs.contribs.org/show_bug.cgi?id=8484

For various reasons I switched from using a SME server to using a Sophos UTM appliance for spam filtering about 9 months ago.  Towards the end of my use of the SME server I had:
* created custom spamassassin rules to match some common offending email patterns
* created a custom DNSBL service on my Active Directory DNS servers, so I could list mail servers quickly while I waited for the more responsible DNSBL services to pick up the new IPs

Since switching, I'm finding that most of the spam that I could never successfully block with my SME is being blocked by a sophos rule I'd never heard of called BATV (Bounce Address Tag Validation) (http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation).

Title: Re: Limiting SPAM
Post by: Knuddi on May 21, 2015, 02:03:21 PM

BATV is merely meant to handle fake bounces and is not likely to handle a real spam problem. One of the most efficient ways to get rid of bulk spam i greylisting where I use http://sqlgrey.sourceforge.net/.
Bayes is also efficient, but not SpamAssassin stand-alone - you actually need to build a custom qpsmtpd plugin to feed it with both 100% spam and 100% ham.