Re: speedy spam

To: debian-user@lists.debian.org
Subject: Re: speedy spam
From: Derrick 'dman' Hudson <dman@dman13.dyndns.org>
Date: Tue, 14 Oct 2003 13:20:53 -0400
Message-id: <[🔎] 20031014172053.GB5371@dman13.dyndns.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200310140622.41211.jeffelkins@earthlink.net>
References: <[🔎] 200310140622.41211.jeffelkins@earthlink.net>

On Tue, Oct 14, 2003 at 06:22:41AM -0400, Jeff Elkins wrote:
| Well, hell.
| 
| I set up a new address (for family) on my server and inadvertently used it 
| Sunday in a reply to debian-user. It's now being flooded with email viruses 
| and spam.

What?  Spam?  What's that?

Only around 100 spam per-day is actually delivered to me, and all but
a handful lands in my "spam" folder.  The remaining handful lands in
my "unsure" folder.

How do I do it?  First off I have complete control over my mail
server.  I enforce several sanity checks which blocks a lot of junk
that doesn't actually conform to various portions of the email
specifications and also blocks all forged hotmail, yahoo, aol, and
compuserve mail.  Secondly I have some basic tests that reject or
discard Microsoft malware (and non-malware, all MSVC executables are
trashed).

My final and most important layer of defense is spambayes[1].
spambayes is a derivative of Paul Graham's Bayesian classification
research.  All messages are tagged by spambayes before final delivery.
spambayes reports the messages as either "ham", "spam" or "unsure".
I've yet to see a ham marked as spam.  When you see messages marked as
"unsure" then feed them to spambayes' training component so it will
learn what you consider spam and not.

For a sense of how effective these defenses are, here's some recent
statistics from pflogsumm.  I'm not showing the past couple days
because the numbers will be skewed due to downtime of the primary mx
of a domain I relay for.  (IOW my server suddenly had to handle mail
for more users than usual, hence the numbers are a slightly atypical.)


Grand Totals
------------
messages

    908   received
    444   delivered
      0   forwarded
      0   deferred
      0   bounced
    186   rejected (20%)
      0   reject warnings
      0   held
    283   discarded (30%)

-D

[1] Any similarly implemented bayesian classification derivative will
    work, such as spamassassin or bogofilter.

-- 
Microsoft: "Windows NT 4.0 now has the same user-interface as Windows 95"
    Windows 95: "Press CTRL-ALT-DEL to reboot"
Windows NT 4.0: "Press CTRL-ALT-DEL to login"
 
http://dman13.dyndns.org/~dman/

Attachment: pgpq_8s0Tgzbi.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: speedy spam
  - From: Jeff Elkins <jeffelkins@earthlink.net>
- Re: speedy spam
  - From: Wayne Topa <brittman@capital.net>

References:
- speedy spam
  - From: Jeff Elkins <jeffelkins@earthlink.net>

Prev by Date: Re: speedy spam
Next by Date: Re: Debian Font Guide for Newbies and the Confused
Previous by thread: Re: speedy spam
Next by thread: Re: speedy spam
Index(es):
- Date
- Thread