[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: speedy spam

On Tue, Oct 14, 2003 at 06:22:41AM -0400, Jeff Elkins wrote:
| Well, hell.
| I set up a new address (for family) on my server and inadvertently used it 
| Sunday in a reply to debian-user. It's now being flooded with email viruses 
| and spam.

What?  Spam?  What's that?

Only around 100 spam per-day is actually delivered to me, and all but
a handful lands in my "spam" folder.  The remaining handful lands in
my "unsure" folder.

How do I do it?  First off I have complete control over my mail
server.  I enforce several sanity checks which blocks a lot of junk
that doesn't actually conform to various portions of the email
specifications and also blocks all forged hotmail, yahoo, aol, and
compuserve mail.  Secondly I have some basic tests that reject or
discard Microsoft malware (and non-malware, all MSVC executables are

My final and most important layer of defense is spambayes[1].
spambayes is a derivative of Paul Graham's Bayesian classification
research.  All messages are tagged by spambayes before final delivery.
spambayes reports the messages as either "ham", "spam" or "unsure".
I've yet to see a ham marked as spam.  When you see messages marked as
"unsure" then feed them to spambayes' training component so it will
learn what you consider spam and not.

For a sense of how effective these defenses are, here's some recent
statistics from pflogsumm.  I'm not showing the past couple days
because the numbers will be skewed due to downtime of the primary mx
of a domain I relay for.  (IOW my server suddenly had to handle mail
for more users than usual, hence the numbers are a slightly atypical.)

Grand Totals

    908   received
    444   delivered
      0   forwarded
      0   deferred
      0   bounced
    186   rejected (20%)
      0   reject warnings
      0   held
    283   discarded (30%)


[1] Any similarly implemented bayesian classification derivative will
    work, such as spamassassin or bogofilter.

Microsoft: "Windows NT 4.0 now has the same user-interface as Windows 95"
    Windows 95: "Press CTRL-ALT-DEL to reboot"
Windows NT 4.0: "Press CTRL-ALT-DEL to login"

Attachment: pgpq_8s0Tgzbi.pgp
Description: PGP signature

Reply to: