Automatic rejection

[Moussa Fall <mo...@enda.sn>]

Question from a newbie: can anyone point me to a location where I can find out to make 
spamassassin automatically reject spam? I noticed that all tagged spam are really spams and 
I do not want users to receive mail with scores, etc.

Thank you.

Re: Automatic rejection

[Rakesh <ra...@netcore.co.in>]

On Tue, 2004-11-02 at 18:54, Moussa Fall wrote:
> Thank you, Martin and Duncan!
> Sorry I did not mention this information. I am using RH9 with Postfix.
> Maybe I can use Mailscanner.

if you use MailScanner then you can specify in MailScanner configuration
to Discard the Spam Mails or simply store (quarantine) the message
instead of delivering the message.

> 
> On 2 Nov 2004 at 12:53, Martin Hepworth wrote:
> 
> > Moussa Fall wrote:
> > > Question from a newbie: can anyone point me to a location where I can find out to make 
> > > spamassassin automatically reject spam? I noticed that all tagged spam are really spams and 
> > > I do not want users to receive mail with scores, etc.
> > > 
> > > Thank you.
> > 
> > Hi
> > 
> > if you want to 'reject' the email you'll need to use milter with 
> > sendmail or something similir for your MTA (exim, postfix..)
> > 
> > If you want to accept all email then process before delivery you can use 
> > MailScanner or amavis-new - I use MailScanner.
> > 
> > or you could use procmail if you are on a *nix ermail server to process 
> > the emails upon deliver.
> > 
> > 
> > --
> > Martin Hepworth
> > Senior Systems Administrator
> > Solid State Logic Ltd
> > tel: +44 (0)1865 842300
> > 
> > 
> > **********************************************************************
> > 
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager.
> > 
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> > 
> > **********************************************************************
> > 
> 
> 

Re: Automatic rejection

[Martin Hepworth <ma...@solid-state-logic.com>]

Duncan Hill wrote:

> On Tuesday 02 November 2004 13:24, Moussa Fall might have typed:
> 
>>Thank you, Martin and Duncan!
>>Sorry I did not mention this information. I am using RH9 with Postfix.
>>Maybe I can use Mailscanner.
> 
> 
> The folks on the postfix list will thwack you if you use mailscanner, as it 
> apparently uses unsupported methods to muck directly with the postfix queue.  
> I have a preference for amavisd-new running as a postfix content filter.  
> This applies the scanning at the SMTP stage, after postfix has validated that 
> the recipient is valid.
> 
> Alternately, you can fit spamassassin into the delivery pipeline (procmail, 
> maildrop) and have per-user bayes etc.

There is little love lost between the two main developers of Postfix and 
MailScanner, and I don't think there's little hope of any resolution on 
this in the sort term (postfix developer objects to messages being moved 
from queue to another ny a third party piece of software, and the 
MailScanner doesn't see any need to recode the whole dataflow of 
MailScanner for one MTA when 'it works anyway').

Lots of people use the two together and it works fine.

--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

Re: Automatic rejection

[Duncan Hill <sa...@nacnud.force9.co.uk>]

On Tuesday 02 November 2004 13:24, Moussa Fall might have typed:
> Thank you, Martin and Duncan!
> Sorry I did not mention this information. I am using RH9 with Postfix.
> Maybe I can use Mailscanner.

The folks on the postfix list will thwack you if you use mailscanner, as it 
apparently uses unsupported methods to muck directly with the postfix queue.  
I have a preference for amavisd-new running as a postfix content filter.  
This applies the scanning at the SMTP stage, after postfix has validated that 
the recipient is valid.

Alternately, you can fit spamassassin into the delivery pipeline (procmail, 
maildrop) and have per-user bayes etc.

RE: Automatic rejection

[marti <ma...@ntlworld.com>]

|-----Original Message-----
|From: Moussa Fall [mailto:moussaf@enda.sn] 
|Sent: 04 November 2004 13:07
|To: users@spamassassin.apache.org
|Subject: Re: Automatic rejection
|
|OK, now I have spamassassin, clamav, amavisd-new installed 
|with my RH9 and postfix. They all seem to work fine together. 
|Lots of spam are stopped now. 
|But still some are remaining. What can I do to improve its 
|performance, please?
|
I use nerds.dk in the dnsbl lookups to give points ranging from 2 to 3.5
depending what country the IP headers are from, for countries where a lot of
spam comes from, such as china, korea, brazil etc but this has to be done
bearing in mind do u get any legit emails from there.

When bayes cuts in you will catch a lot more spam too, I have changed the
bayes scoring too, the scores were just nuts in 3.0.* these r the ones I use
and seem to work very well for me:-

score BAYES_00 -4.9   
score BAYES_05 -2.5
score BAYES_20 -1.0
score BAYES_40 -0.5
score BAYES_50 0.001
score BAYES_60 0.5
score BAYES_80 1.0
score BAYES_95 2.5
score BAYES_99 4.9

It's a matter of teweaking them to suit ur own needs really.

Martin

Re: Automatic rejection

[Moussa Fall <mo...@enda.sn>]

OK, now I have spamassassin, clamav, amavisd-new installed with my RH9 and postfix. They 
all seem to work fine together. Lots of spam are stopped now. 
But still some are remaining. What can I do to improve its performance, please?

Re: Automatic rejection

[Matt Kettler <mk...@evi-inc.com>]

At 03:39 PM 11/2/2004, Matt Kettler wrote:
>Looking at the whois records for Deny.org, and some usenet postings, James 
>works for isdn.net, and ISP in TN, USA.

Self clarification, it appears James worked for isdn.net at the time. I 
have no idea if James still works there, or to what degree he represents 
the views of his employer, etc.

Also be sure to read the whole thread, it's quite interesting. There's lots 
of "solutions" proposed which more-or-less miss the entire point of the 
problem being resource exhaustion. i.e: thinking the problem is calling it 
spam, and that kinder wording would solve the problem. Thinking that adding 
headers to the message to act as filtering aids would solve the problem, etc.

Re: Automatic rejection

[Matt Kettler <mk...@evi-inc.com>]

At 03:08 PM 11/2/2004, jdow wrote:
>From: "Matt Kettler" <mk...@comcast.net>
>
> > At 01:24 PM 11/2/2004 +0000, Moussa Fall wrote:
> > >Thank you, Martin and Duncan!
> > >Sorry I did not mention this information. I am using RH9 with Postfix.
> > >Maybe I can use Mailscanner.
> >
> > Regardless of objections to using MailScanner with postfix (not supported
> > by the postfix guys, but does seem to work for a lot of people) Don't
> > *ever* use mailscanner's "bounce" feature.. It's broken beyond belief and
> > makes your server into a DDoS tool. (Expands the scope of a Joe-job from a
> > single-source DoS to a multi-source DDoS)
> >
> > Many in the community,  myself included, asked Julian to remove this
> > feature, but at least one large site admin with a "I don't care who's site
> > I DDoS, I want to bounce them because this makes mail 'reliable'..."
> > attitude insisted he leave it in. So Julian deferred to adding a few extra
> > hoops to enable the feature.
>
>It tends to get this large ISP tossed into my .procmailrc spam recipe
>that tosses sites that routinely bounce spam to me to /dev/null. A
>nice reliable bounce site is invaluable to spammers. Would you care to
>tell me which ISP this is?

The bounce feature was re-introduced (Julian had removed it) after a long 
thread started by this guy:
  James Sizemore   of Deny.org:

http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0402&L=mailscanner&P=R31065&I=-1

http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0402&L=mailscanner&P=R32998&I=-1

http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0402&L=mailscanner&P=R33252&I=-1

Looking at the whois records for Deny.org, and some usenet postings, James 
works for isdn.net, and ISP in TN, USA.


And also in support of the feature was "Admin Team" of ENHTECH.com:
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0402&L=mailscanner&P=R33398&I=-1

http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0402&L=mailscanner&D=0&I=-1&P=61971



> > I myself have a standing policy of blacklisting with a 550 nastygram any
> > server generating more than two such messages in a 24 hour period as a
> > defensive measure.
>
>It only takes one bounce that is a spam when opened for me to consign the
>entire ISP to /dev/null.

True, although I'll admit that so far I have yet to get any garbage mail 
from the servers of these networks. Who knows, maybe they thought better of 
it after getting clue-by-foured with 550's by someone.

Re: Automatic rejection

[jdow <jd...@earthlink.net>]

From: "Matt Kettler" <mk...@comcast.net>

> At 01:24 PM 11/2/2004 +0000, Moussa Fall wrote:
> >Thank you, Martin and Duncan!
> >Sorry I did not mention this information. I am using RH9 with Postfix.
> >Maybe I can use Mailscanner.
>
> Regardless of objections to using MailScanner with postfix (not supported
> by the postfix guys, but does seem to work for a lot of people) Don't
> *ever* use mailscanner's "bounce" feature.. It's broken beyond belief and
> makes your server into a DDoS tool. (Expands the scope of a Joe-job from a
> single-source DoS to a multi-source DDoS)
>
> Many in the community,  myself included, asked Julian to remove this
> feature, but at least one large site admin with a "I don't care who's site
> I DDoS, I want to bounce them because this makes mail 'reliable'..."
> attitude insisted he leave it in. So Julian deferred to adding a few extra
> hoops to enable the feature.

It tends to get this large ISP tossed into my .procmailrc spam recipe
that tosses sites that routinely bounce spam to me to /dev/null. A
nice reliable bounce site is invaluable to spammers. Would you care to
tell me which ISP this is?

> I myself have a standing policy of blacklisting with a 550 nastygram any
> server generating more than two such messages in a 24 hour period as a
> defensive measure.

It only takes one bounce that is a spam when opened for me to consign the
entire ISP to /dev/null.

{o.o}

Re: Automatic rejection

[Matt Kettler <mk...@comcast.net>]

At 01:24 PM 11/2/2004 +0000, Moussa Fall wrote:
>Thank you, Martin and Duncan!
>Sorry I did not mention this information. I am using RH9 with Postfix.
>Maybe I can use Mailscanner.

Regardless of objections to using MailScanner with postfix (not supported 
by the postfix guys, but does seem to work for a lot of people) Don't 
*ever* use mailscanner's "bounce" feature.. It's broken beyond belief and 
makes your server into a DDoS tool. (Expands the scope of a Joe-job from a 
single-source DoS to a multi-source DDoS)

Many in the community,  myself included, asked Julian to remove this 
feature, but at least one large site admin with a "I don't care who's site 
I DDoS, I want to bounce them because this makes mail 'reliable'..." 
attitude insisted he leave it in. So Julian deferred to adding a few extra 
hoops to enable the feature.

I myself have a standing policy of blacklisting with a 550 nastygram any 
server generating more than two such messages in a 24 hour period as a 
defensive measure.

If you want to reject mail in a less-damaging way, you need a MTA layer 
integration that gets called directly from the MTA's pipeline before the 
mail is accepted.

Since you're using postfix, your simplest way, as Duncan suggested, is amavis.

You can also make SA a content filter directly in postfix's master.cf. I'm 
not sure how this works, but I suspect this will allow direct rejection.

http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix

Re: Automatic rejection

[Moussa Fall <mo...@enda.sn>]

Thank you, Martin and Duncan!
Sorry I did not mention this information. I am using RH9 with Postfix.
Maybe I can use Mailscanner.

On 2 Nov 2004 at 12:53, Martin Hepworth wrote:

> Moussa Fall wrote:
> > Question from a newbie: can anyone point me to a location where I can find out to make 
> > spamassassin automatically reject spam? I noticed that all tagged spam are really spams and 
> > I do not want users to receive mail with scores, etc.
> > 
> > Thank you.
> 
> Hi
> 
> if you want to 'reject' the email you'll need to use milter with 
> sendmail or something similir for your MTA (exim, postfix..)
> 
> If you want to accept all email then process before delivery you can use 
> MailScanner or amavis-new - I use MailScanner.
> 
> or you could use procmail if you are on a *nix ermail server to process 
> the emails upon deliver.
> 
> 
> --
> Martin Hepworth
> Senior Systems Administrator
> Solid State Logic Ltd
> tel: +44 (0)1865 842300
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 

Re: Automatic rejection

[Duncan Hill <sa...@nacnud.force9.co.uk>]

On Tuesday 02 November 2004 12:33, Moussa Fall might have typed:
> Question from a newbie: can anyone point me to a location where I can find
> out to make spamassassin automatically reject spam? I noticed that all
> tagged spam are really spams and I do not want users to receive mail with
> scores, etc.

SpamAssassin does not do any kind of rejections, it is a 'mere' classifier.

You will need another tool in the pipeline that can work out what the score 
was, and act on the score.

Re: Automatic rejection

[Gavin Cato <ga...@corp.nexon.com.au>]

Hi,

I noticed the other day that the latest version of spamass-milter (I don't
know how long the feature has been there) has a cmd line option to block
mail that exceeds a certain score so this might help you if you are running
sendmail.

What I'd really like to do is to be able to define a separate score for each
domain name my SA server filters, i.e. ;

Abc.com - drop any mail that exceeds a SA score of 20.0
Xyz.com - drop any mail that exceeds a score of 10.0
*       - all other domains, do not drop any

Anyone have any ideas how to implement this?

Cheers

Gav



On 2/11/04 11:33 PM, "Moussa Fall" <mo...@enda.sn> wrote:

> Question from a newbie: can anyone point me to a location where I can find out
> to make 
> spamassassin automatically reject spam? I noticed that all tagged spam are
> really spams and 
> I do not want users to receive mail with scores, etc.
> 
> Thank you.