I already use a combination of popsneaker and spamassassin to deal with
spam, but lately more and more spam is getting through. Does anyone know
a good source of blacklisted DNS servers that I can build into my
mailfilter. I note that some windows programs (e.g. mailwasher can use the
blacklisted DNS server list by Spamcop). This may not be the best way of
dealing with spam if the list is not genuine. Suggestions please, thanks in
advance.

On Thu, 02 Oct 2003 18:43:41 +0100, anc wrote:

> I already use a combination of popsneaker and spamassassin to deal with
> spam, but lately more and more spam is getting through. Does anyone know
> a good source of blacklisted DNS servers that I can build into my
> mailfilter. I note that some windows programs (e.g. mailwasher can use the
> blacklisted DNS server list by Spamcop). This may not be the best way of
> dealing with spam if the list is not genuine. Suggestions please, thanks in
> advance.

Are you using Bayesian filtering?  I hear that it gets progressively
smarter about identifying the spam that *you* get.  (I don't get enough
to bother figuring out the setup.)

I have the following rules set up:

1) Messages with my ISP's "I disinfected a virus" text is trashed
2) Messages >= 256,000 bytes go to a "large mail" folder
3) Messages with a SA score >= 5 go to a "probably spam" folder
4) Messages to my reasonably-high-volume mailing lists go to
     appropriate folders
5) Messages without my name in To: or Cc: go to a "maybe spam" folder,
     unless they also contain "Cumulative Patch" or
     "Undeliver(ed|able) (to|mail to|message to)" in which case
     they're trashed

The Swen flood is silently trashed by either step 1 (if my ISP
disinfected it) or step 5 (if the sender's ISP disinfected it);
I haven't bothered to monitor its severity.  I have broadband
and fetchmail running every 15 minutes round the clock, so I'm
not too worried.  If need be, I figure I could set up a smarter
delete-on-the-server solution involving 'mailfilter' or the like.

Stats over the past several days:

 0 large
78 probably spam
48 maybe spam
38 spams that didn't get filtered (I hand-transferred them to a folder)

I'll probably spend a little time this weekend looking over that last
group, and decide on some additional heuristics that I'm happy with.

anc wrote:

> I already use a combination of popsneaker and spamassassin to deal with
> spam, but lately more and more spam is getting through. Does anyone know
> a good source of blacklisted DNS servers that I can build into my
> mailfilter. I note that some windows programs (e.g. mailwasher can use the
> blacklisted DNS server list by Spamcop). This may not be the best way of
> dealing with spam if the list is not genuine. Suggestions please, thanks
> in advance.

Might be worth checking carefully the policy of the people running the
blacklist. I was looking at the real-time blackhole list produced by:
http://mail-abuse.org/rbl/, and they have a policy of occasionally
blacklisting large providers like AOL or hotmail, just to show they're not
afraid to do it when these providers are being used by spammers. For
someone running a large network, this might be a good policy to follow, but
if you're an individual user, it's worth thinking about whether you want
this to happen now and again.
Personally, I don't get enough spam that I want to risk blacklisting friends
who use hotmail without even knowing I've done it.

andy.

-- 
remove 'n-u-l-l' to email me. html mail or attachments will go in the spam
bin unless notified with [html] or [attachment] in the subject line.

In article <3f7c639b$0$10969$fa0fcedb@lovejoy.zen.co.uk>, anc wrote:
> I already use a combination of popsneaker and spamassassin to deal with
> spam, but lately more and more spam is getting through. Does anyone know

Get a Bayesian filter or something similar.  I've had good results with
Spamprobe, although if I were starting from scratch I'd probably take a
look at CRM114.

-- 
Evidence Eliminator is worthless.  See evidence-eliminator-sucks.com
--Tim Smith

On Thu, 02 Oct 2003 18:43:41 +0100, anc wrote:

> I already use a combination of popsneaker and spamassassin to deal with
> spam, but lately more and more spam is getting through. Does anyone know
> a good source of blacklisted DNS servers that I can build into my
> mailfilter. I note that some windows programs (e.g. mailwasher can use
> the blacklisted DNS server list by Spamcop). This may not be the best
> way of dealing with spam if the list is not genuine. Suggestions please,
> thanks in advance.

I have found bogofilter to be a good bayesian filter.  The mailing list if
very active and helpful.

http://bogofilter.sourceforge.net/

Geoff

anc wrote:

> I already use a combination of popsneaker and spamassassin to deal with
> spam, but lately more and more spam is getting through.

Upgrade your SpamAssassin to the latest version (2.60).

-- 
        Markku Kolkka
        markku.kolkka@iki.fi

anc <zen22142@nospam.zen.co.uk> wrote in message news:<3f7c639b$0$10969$fa0fcedb@lovejoy.zen.co.uk>...
> I already use a combination of popsneaker and spamassassin to deal with
> spam, but lately more and more spam is getting through. Does anyone know
> a good source of blacklisted DNS servers that I can build into my
> mailfilter. I note that some windows programs (e.g. mailwasher can use the
> blacklisted DNS server list by Spamcop). This may not be the best way of
> dealing with spam if the list is not genuine. Suggestions please, thanks in
> advance.

Hi,

I use SpamBayes (spambayes.sourceforge.net).
It provides a pop3- and smtp-proxy. If you just use one
pop3 servers, its easy to set up. It learns really fast.
I have trained ~30 spam and ~20 not spam mails,
and now it detects up to 95% of the spam with near
zero false possitive.

Regards,
 Tom