[SAGE] SPAM Filtering policy?
barb at netrack.net
Wed Jul 31 20:23:05 GMT 2002
I'm setting up spamassassin in an ISP environment, which tends to be
similar to edu (faculty/staff) in that users expect minimal central
interference and control. I'm of the school that postmaster should always
deliver mail once you receive it (reasonable bl blocking is ok and a
necessary first step). So we are:
- tagging the subject line of messages graded at 5 or higher with a 4
character tag "UCE:" (useful for dump client filtering)
- adding X-Spam-Level stars (useful for procmail filtering)
- using terse header reports
- using automatic whitelists to reduce false positives
This configuration provides minimal modification to the message as it is
normally visible to the user with reasonable effectiveness and
usability. We found that the subject tag is necessary because many mail
reader clients will filter on only subject, from, reply-to, to, and cc
headers, e.g., Eudora (free one) where "any header" means any of those
headers and not others.
The users can use local spamassassin rules, procmail, and mail client
filters to do what they please with the tool (including whitelist). When
we add new local rules, we test them first to make sure they do not
increase false positives.
I'm really quite pleased with spamassassin. I used my own mailbox for
testing, which receives (used to) an average of over 1000
spam/week. Effectiveness is just about 99% with less than 1% false
positives. The latter tend to be mail from folks who use html or formatted
content (hotmail and "stationary" features) and mailing lists that insist
on including remove info at the bottom of every message. Combine the two
and the false positives go way up. Site-wide whitelists may be necessary
in these cases. It has been so effective I now direct to /dev/null
anything ranked 6 or higher. So I'm down to 1-2 a day. Such a relief on
the road via modem.
The spam it misses tends to be either those that contain only an html img
tag (content is in the image, so not available for parsing) or overly
cordial ones with legit headers and reply.
If you need it, I have install/config notes on the spamassassin/spamd,
spamass-milter, sendmail reconfig combo. You should be advised that
spamass-milter currently has problems where it either hangs (large files)
or dies (too many requests at once) and requires a restart. On our test
server with 5 users, we have to restart about once/week.
More information about the unisog