You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by The Doctor <do...@doctor.nl2k.ab.ca> on 2007/04/22 14:59:34 UTC
USing Botnet.cf to delete all spam incoming
Is there any way to using a ruleset to delete incoming mail
found on that ruleset?
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: USing Botnet.cf to delete all spam incoming
Posted by The Doctor <do...@doctor.nl2k.ab.ca>.
On Sun, Apr 22, 2007 at 12:59:52PM -0400, Matt Kettler wrote:
> The Doctor wrote:
> > Is there any way to using a ruleset to delete incoming mail
> > found on that ruleset?
> >
> >
> Depends, what are you using to delete your mail?
>
> Fundamentally, spamassassin itself does not, and in fact cannot, delete
> mail. It's role as a mail filter only grants it the ability to change
> the contents of the message. It has no control over the envelope, thus
> cannot directly alter delivery.
>
> However, you can use other tools in your mail chain, such as procmail,
> to react to different things SA has put in the message headers, and
> delete the mail based on that.
>
> But all of that depends on what mail tools you're using. Let us know and
> some folks here that use those tools can probably make some suggestions.
>
System-wide procmail.
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: USing Botnet.cf to delete all spam incoming
Posted by Matt Kettler <mk...@verizon.net>.
The Doctor wrote:
> Is there any way to using a ruleset to delete incoming mail
> found on that ruleset?
>
>
Depends, what are you using to delete your mail?
Fundamentally, spamassassin itself does not, and in fact cannot, delete
mail. It's role as a mail filter only grants it the ability to change
the contents of the message. It has no control over the envelope, thus
cannot directly alter delivery.
However, you can use other tools in your mail chain, such as procmail,
to react to different things SA has put in the message headers, and
delete the mail based on that.
But all of that depends on what mail tools you're using. Let us know and
some folks here that use those tools can probably make some suggestions.
Re: USing Botnet.cf to delete all spam incoming
Posted by "John D. Hardin" <jh...@impsec.org>.
On Sun, 22 Apr 2007, The Doctor wrote:
> > You could also set the rule scores absurdly high and then use a more
> > standard policy of discarding when the score is high enough.
> >
> > The definition of "high enough" will vary from person to person, of
> > course, based on personal philosophy and tolerance for FP lossage.
>
> Say high enough is score > 50, then what one can do?
There are some sitewide procmail SA rulesets here that you may be able
to use as a starting point - they are what I use on my mail server:
http://www.impsec.org/~jhardin/antispam/
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #12: Have a plan.
USMC Rules of Gunfighting #13: Have a back-up plan, because the
first one won't work.
-----------------------------------------------------------------------
562 days until the Presidential Election
Re: USing Botnet.cf to delete all spam incoming
Posted by The Doctor <do...@doctor.nl2k.ab.ca>.
On Sun, Apr 22, 2007 at 03:04:44PM -0700, John D. Hardin wrote:
> On Sun, 22 Apr 2007, The Doctor wrote:
>
> > Any recipe recommendations?
>
> :0
> * ^X-Spam-Status: Yes.*\<DNS_FROM_RFC_ABUSE\>
> /dev/null
>
> Vary the rulename-of-death to suit.
>
> You could also set the rule scores absurdly high and then use a more
> standard policy of discarding when the score is high enough.
>
> The definition of "high enough" will vary from person to person, of
> course, based on personal philosophy and tolerance for FP lossage.
Say high enough is score > 50, then what one can do?
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> Phobias should not be the basis for laws.
> -----------------------------------------------------------------------
> 562 days until the Presidential Election
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
RE: USing Botnet.cf to delete all spam incoming
Posted by R Lists06 <li...@abbacomm.net>.
You use sendmail.
http://www.google.com/search?hl=en&q=reject+spam+during+sendmail+smtp+sessio
n+for+spamassassin+scoring
http://wiki.apache.org/spamassassin/DeletingAllMailsMarkedSpam
http://wiki.apache.org/spamassassin/IntegratedInMta
We use qmail, specific qmail patches, ClamAV, Spamassassin, and things like
qmail-scanner-queue.pl among other things
http://qmail.jms1.net
http://qmail-scanner.sourceforge.net/
we use 1.25 ST even though 2.01 ST is out.
It allows you to pass the email to SA for scoring and eval before full
acceptance to the queue
http://www.qmailrocks.org
and many other sites.
- rh
--
Abba Communications Internet
Spokane, WA
www.abbacomm.net
Re: USing Botnet.cf to delete all spam incoming
Posted by The Doctor <do...@doctor.nl2k.ab.ca>.
On Sun, Apr 22, 2007 at 01:12:19PM -0700, R Lists06 wrote:
> >
> > Any recipe recommendations?
> > --
>
> Doc,
>
> Score the rule high and reject the email before accepted.
It is scored high (>99) and not it is a matter of rejecting using sendmail.
>
> We do it in some of our installations using a patched older version of
> qmail-scanner-queue.pl
>
> If you need more website references, hit me off list...
Web references on list.
That way they are archived.
>
> - rh
>
> --
> Abba Communications Internet
> Spokane, WA
> www.abbacomm.net
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
RE: USing Botnet.cf to delete all spam incoming
Posted by R Lists06 <li...@abbacomm.net>.
>
> Any recipe recommendations?
> --
Doc,
Score the rule high and reject the email before accepted.
We do it in some of our installations using a patched older version of
qmail-scanner-queue.pl
If you need more website references, hit me off list...
- rh
--
Abba Communications Internet
Spokane, WA
www.abbacomm.net
Re: USing Botnet.cf to delete all spam incoming
Posted by "John D. Hardin" <jh...@impsec.org>.
On Sun, 22 Apr 2007, The Doctor wrote:
> Any recipe recommendations?
:0
* ^X-Spam-Status: Yes.*\<DNS_FROM_RFC_ABUSE\>
/dev/null
Vary the rulename-of-death to suit.
You could also set the rule scores absurdly high and then use a more
standard policy of discarding when the score is high enough.
The definition of "high enough" will vary from person to person, of
course, based on personal philosophy and tolerance for FP lossage.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Phobias should not be the basis for laws.
-----------------------------------------------------------------------
562 days until the Presidential Election
Re: USing Botnet.cf to delete all spam incoming
Posted by "J." <sw...@yahoo.com>.
--- The Doctor <do...@doctor.nl2k.ab.ca> wrote:
> On Sun, Apr 22, 2007 at 08:35:41AM -0700, J. wrote:
> >
> > --- The Doctor <do...@doctor.nl2k.ab.ca> wrote:
> >
> > > Is there any way to using a ruleset to delete incoming mail
> > > found on that ruleset?
> >
> > This seems to get asked an answered pretty regularly on this list.
> > Spamassassin doesn't delete anything. You can have another
> component of
> > your mail system do that for you. Some people use procmail to do
> it, my
> > system uses maildrop to do it, but there must be a lot of other
> > options. You just set things up so that if a certain rule shows up
> in
> > the header, send the message to /dev/null instead of a mail folder.
> You
> > could also do this for mail that scores above a certain number.
> >
>
> Any recipe recommendations?
When you ask for help please at least give some information so people
CAN help.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Re: USing Botnet.cf to delete all spam incoming
Posted by The Doctor <do...@doctor.nl2k.ab.ca>.
On Sun, Apr 22, 2007 at 08:35:41AM -0700, J. wrote:
>
> --- The Doctor <do...@doctor.nl2k.ab.ca> wrote:
>
> > Is there any way to using a ruleset to delete incoming mail
> > found on that ruleset?
>
> This seems to get asked an answered pretty regularly on this list.
> Spamassassin doesn't delete anything. You can have another component of
> your mail system do that for you. Some people use procmail to do it, my
> system uses maildrop to do it, but there must be a lot of other
> options. You just set things up so that if a certain rule shows up in
> the header, send the message to /dev/null instead of a mail folder. You
> could also do this for mail that scores above a certain number.
>
Any recipe recommendations?
--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: USing Botnet.cf to delete all spam incoming
Posted by "J." <sw...@yahoo.com>.
--- The Doctor <do...@doctor.nl2k.ab.ca> wrote:
> Is there any way to using a ruleset to delete incoming mail
> found on that ruleset?
This seems to get asked an answered pretty regularly on this list.
Spamassassin doesn't delete anything. You can have another component of
your mail system do that for you. Some people use procmail to do it, my
system uses maildrop to do it, but there must be a lot of other
options. You just set things up so that if a certain rule shows up in
the header, send the message to /dev/null instead of a mail folder. You
could also do this for mail that scores above a certain number.
-Jason
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com