How to deal with mailing list spam?

[Chris Purves <ch...@northfolk.ca>]

I was wondering what is the best way to deal with spam that comes 
through on mailing lists?  For mailing lists like spamassassin I 
whitelist all mail because I expect to see examples of spam, but for 
other lists, is it a good idea to run 'sa-learn --spam'?  What about 
reporting those spam to razor/pyzor or spamcop?

-- 
Chris

Re: How to deal with mailing list spam?

[Kelson <ke...@speed.net>]

Chris Purves wrote:
> I was wondering what is the best way to deal with spam that comes 
> through on mailing lists?  For mailing lists like spamassassin I 
> whitelist all mail because I expect to see examples of spam, but for 
> other lists, is it a good idea to run 'sa-learn --spam'?

As long as you also run 'sa-learn --ham' on the legit list traffic, it 
should be fine, since Bayes will conclude that the list headers & 
administrivia are neutral.

> What about 
> reporting those spam to razor/pyzor or spamcop?

That might warrant some caution.  Headers won't be an issue with Razor 
or Pyzor, but any standard blocks of text could end up in their hash 
databases.  Razor also keeps track of URLs that appear in the message 
body, so it could theoretically pick up list management URLs or inserted 
advertising links (a la Yahoo Groups) as spam signs until enough people 
issue a razor-revoke.

You might want to ask on the Razor mailing list to see what they 
recommend doing in this case.  I just checked my local archives and 
while the issue has come up before -- in fact, at one point the CentOS 
list management URL ended up listed in Razor -- there was no consensus 
on what to do with this sort of spam.  It's probably worth bringing it 
up again.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>

Re: How to deal with mailing list spam?

["Eric A. Hall" <eh...@ehsco.com>]

On 1/24/2007 3:29 PM, Chris Purves wrote:
> I was wondering what is the best way to deal with spam that comes 
> through on mailing lists?  For mailing lists like spamassassin I 
> whitelist all mail because I expect to see examples of spam, but for 
> other lists, is it a good idea to run 'sa-learn --spam'?  What about 
> reporting those spam to razor/pyzor or spamcop?

1) subscribe to lists that are well run

2) whitelist the envelope-sender address, or the originating network, or
in some cases you may also want to whitelist the list address itself so
that directed replies that are TO you but CC the list also get boosted


-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

Re: How to deal with mailing list spam?

[Magnus Holmgren <ho...@lysator.liu.se>]

On Wednesday 24 January 2007 21:29, Chris Purves wrote:
> I was wondering what is the best way to deal with spam that comes
> through on mailing lists?  For mailing lists like spamassassin I
> whitelist all mail because I expect to see examples of spam, but for
> other lists, is it a good idea to run 'sa-learn --spam'?  What about
> reporting those spam to razor/pyzor or spamcop?

Check what header fields the mailing list software adds, and exclude them from 
bayes with bayes_ignore_header if they aren't already on the built-in ignore 
list. Most are covered, but I've found some that are not (at least 
Resent-Sender and Resent-Message-ID from Debian's list server). If the list 
server filters out spam well, the prevalence of ham means that everything 
added by the list software will be seen as a ham sign.

Add the mailing list server to trusted_networks and even internal_networks, 
provided that you believe it not to be accessible to spammers. In practise it 
acts like an MX that receives mail addressed (indirectly) to you and forwards 
it to you. Putting it in internal_networks means that some DNSBL rules will 
work better.

-- 
Magnus Holmgren        holmgren@lysator.liu.se
                       (No Cc of list mail needed, thanks)

  "Exim is better at being younger, whereas sendmail is better for 
   Scrabble (50 point bonus for clearing your rack)" -- Dave Evans