Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 23 Nov 2007 16:48:11 -0500
From:      Max Gribov <max@neuropunks.org>
To:        freebsd-isp@freebsd.org
Subject:   Re: Spam Filter Efficiency
Message-ID:  <47474A9B.7050902@neuropunks.org>
In-Reply-To: <877FBC7C-FFA0-4089-B6A9-385E10477AB9@svcolo.com>
References:  <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> <877FBC7C-FFA0-4089-B6A9-385E10477AB9@svcolo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Jo Rhett wrote:
> On Nov 21, 2007, at 9:58 PM, Mitchell Smith wrote:
>> We are also looking at other open source solutions such as amavis
This may cause a flamewar, but we found greylisting to work pretty well
to generally reduce amount of spam being processed.
We use policyd/mysql  with postfix, and there are qmail and sendmail
implementations, and others without using a db.

Id say after setting up greylisting, spam really did go down by 60% or
so. Everything else gets caught by amavis/spamassin/clamav

To complete flamewar bait : ), there is also SPF/DomainKeys which do
reduce some types of spam, sometimes, before it hits your filters
http://www.openspf.org/
http://domainkeys.sourceforge.net/

Also, within spamassassin itself, you can specify various block lists to
check, and assign them preference which will influence the ultimate spam
decision.

ex:
cat /usr/local/etc/mail/spamassassin/local.cf
# Five Ten block list
header __RCVD_IN_FIVETENSRC       eval:check_rbl('blackholes',
'blackholes.five-ten-sg.com.')
describe __RCVD_IN_FIVETENSRC     Received via a relay in Five Ten block
list
tflags __RCVD_IN_FIVETENSRC       net

header RCVD_IN_FIVETENSRC       eval:check_rbl_sub('blackholes',
'127.0.0.2')
describe RCVD_IN_FIVETENSRC     Received via a relay in Five Ten block list
tflags RCVD_IN_FIVETENSRC       net
####
score RCVD_IN_FIVETENSRC 0.5

if you google for spam block lists, you can find others which publish
their blocklist as a dns zone.

Another thing you can do is use pf tarpits with spamd on free/openbsd:
http://www.benzedrine.cx/relaydb.html
This method will also allow you to build your own blacklist over time.


>
> Amavisd can be very high performance if you run it and clamav/whatever
> virus checker using temporary storage on a ramdisk.  We're quite happy
> with it.
>
> If you need more per-user/stream options then check out CanIt.  If you
> run it on your own hardware the pricing model is pretty easy on the
> wallet.
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47474A9B.7050902>