On Tue, Oct 14, 2003 at 06:22:41AM -0400, Jeff Elkins wrote: | Well, hell. | | I set up a new address (for family) on my server and inadvertently used it | Sunday in a reply to debian-user. It's now being flooded with email viruses | and spam. What? Spam? What's that? Only around 100 spam per-day is actually delivered to me, and all but a handful lands in my "spam" folder. The remaining handful lands in my "unsure" folder. How do I do it? First off I have complete control over my mail server. I enforce several sanity checks which blocks a lot of junk that doesn't actually conform to various portions of the email specifications and also blocks all forged hotmail, yahoo, aol, and compuserve mail. Secondly I have some basic tests that reject or discard Microsoft malware (and non-malware, all MSVC executables are trashed). My final and most important layer of defense is spambayes[1]. spambayes is a derivative of Paul Graham's Bayesian classification research. All messages are tagged by spambayes before final delivery. spambayes reports the messages as either "ham", "spam" or "unsure". I've yet to see a ham marked as spam. When you see messages marked as "unsure" then feed them to spambayes' training component so it will learn what you consider spam and not. For a sense of how effective these defenses are, here's some recent statistics from pflogsumm. I'm not showing the past couple days because the numbers will be skewed due to downtime of the primary mx of a domain I relay for. (IOW my server suddenly had to handle mail for more users than usual, hence the numbers are a slightly atypical.) Grand Totals ------------ messages 908 received 444 delivered 0 forwarded 0 deferred 0 bounced 186 rejected (20%) 0 reject warnings 0 held 283 discarded (30%) -D [1] Any similarly implemented bayesian classification derivative will work, such as spamassassin or bogofilter. -- Microsoft: "Windows NT 4.0 now has the same user-interface as Windows 95" Windows 95: "Press CTRL-ALT-DEL to reboot" Windows NT 4.0: "Press CTRL-ALT-DEL to login" http://dman13.dyndns.org/~dman/
Attachment:
pgpq_8s0Tgzbi.pgp
Description: PGP signature