[SAGE] SPAM Filtering policy?

Barb Dijker barb at netrack.net
Wed Jul 31 20:23:05 GMT 2002


Hi Lois,

I'm setting up spamassassin in an ISP environment, which tends to be 
similar to edu (faculty/staff) in that users expect minimal central 
interference and control.  I'm of the school that postmaster should always 
deliver mail once you receive it (reasonable bl blocking is ok and a 
necessary first step).  So we are:

- tagging the subject line of messages graded at 5 or higher with a 4 
character tag "UCE:" (useful for dump client filtering)

- adding X-Spam-Level stars (useful for procmail filtering)

- using terse header reports

- using automatic whitelists to reduce false positives

This configuration provides minimal modification to the message as it is 
normally visible to the user with reasonable effectiveness and 
usability.  We found that the subject tag is necessary because many mail 
reader clients will filter on only subject, from, reply-to, to, and cc 
headers, e.g., Eudora (free one) where "any header" means any of those 
headers and not others.

The users can use local spamassassin rules, procmail, and mail client 
filters to do what they please with the tool (including whitelist).  When 
we add new local rules, we test them first to make sure they do not 
increase false positives.

I'm really quite pleased with spamassassin.  I used my own mailbox for 
testing, which receives (used to) an average of over 1000 
spam/week.  Effectiveness is just about 99% with less than 1% false 
positives.  The latter tend to be mail from folks who use html or formatted 
content (hotmail and "stationary" features) and mailing lists that insist 
on including remove info at the bottom of every message.  Combine the two 
and the false positives go way up.  Site-wide whitelists may be necessary 
in these cases.  It has been so effective I now direct to /dev/null 
anything ranked 6 or higher.  So I'm down to 1-2 a day.  Such a relief on 
the road via modem.

The spam it misses tends to be either those that contain only an html img 
tag (content is in the image, so not available for parsing) or overly 
cordial ones with legit headers and reply.

If you need it, I have install/config notes on the spamassassin/spamd, 
spamass-milter, sendmail reconfig combo.  You should be advised that 
spamass-milter currently has problems where it either hangs (large files) 
or dies (too many requests at once) and requires a restart.  On our test 
server with 5 users, we have to restart about once/week.

...Barb



More information about the unisog mailing list