ianw1974 and I started a brief on dealing with spam, thought others my like to listen in our discussion . .or perhaps contribute

with greylisting (sqlgrey, although I'm not sure about postgrey) you should see an extra header
X-Greylist: delayed 00:17:41.4068 by SQLgrey-1.7.4

I've got dspam running on loudas.com 2.8g intel with 3gb ram .. seems to be alright .. hosting a bunch of domains loudas.com terminaladdict mandrivauser*.* etc

pretty easy to get running, althought permission was my biggest head ache
chmod 77 this directory, and that directory etc etc

the dspam.conf is pretty straight forward reading

I created an extra mail box (spam@loudas.com) and have changed amavis to quarantine method spam\@loudas.com (or what ever the syntax is)
this is so I can catch false positives, and store them in a ham folder for later learning.

install dspam, get the thing started, working through log files etc for errors.
then once your happy with it, just add it into amavisd
I assume you have postfix listening on a different port for amavis in master.conf?

ignore all the stuff about dspam creating ports and crap.
Just get it so it runs from the command line without errors.
then you add it to amavisd.conf like this
$dspam = 'dspam'

then in /etc/spamassassin/local.conf I've added this:
### Place more weight on DSPAM's opinion
header DSPAM_SPAM X-DSPAM-Result =~ /^Spam$/
score DSPAM_SPAM 6.0

header DSPAM_HAM X-DSPAM-Result =~ /^Innocent$/
score DSPAM_HAM -0.5

that's it .. sit back and watch it kill spam eventually
if you start with an empty db then it will take a while to learn.

my current db is around about 1.6gb :shock:

My additional extra is sender verification. Checks the sender exists, and if not, bounce that email

This is what I'm gonna add next in the next couple of days, before I attempt dspam

Ah, just realised why my spamming wasn't working, was because I didn't enable razor2 and dcc in the /etc/mail/spamassassin/local.cf file. Done this now, and also emerged pyzor as well and enabled this in aforesaid file.

Still not done sender verification or dspam yet, will see how this all works out now before I do the rest.

initial results from greylisting is good.

although mails are now delayed
some mail servers have taken 30 minutes to retry :|

Yeah I found this. I set them to retry in like five mins, but I was sitting and waiting and waiting, some maybe even an hour later. Ah well, if it works eventually it's all good. It's only the first time they email that it's a problem.

And I also thought that once the system recognised me, it would be fine for all addresses. Nope, it greylists for each and every email address you send to the very first time. Was surprised!

I've got my "boy" (up and coming sys admin) adding stuff into the whitelist

to kill spam, delete any e-mail accounts you have.

Not sure mine is working, still getting a load through. Looks like I need dspam and sender verification.

I'm having an issue or 2 trying to get dspam trained from a cyrus mailbox .. which is a bummer .. courier-imap presents no problems at all.

I've just set up some RBL lists in postfix, which seem to be working for 40% reduction. I mean that usually by the morning I've received 10 spam emails, and this morning I had 6. So not bad going

here's mine

I only used three rbl's, the ordb, dsbl and spamhaus. I might add more, maybe is a good idea in case some are missing from the three I'm using.

My amavisd is now working in detecting spam using razor, which is good. Did some changes last night that did the trick, just can't remember right now what they were

Got them from here: http://gentoo-wiki.com/HOWTO_Email:_A_Comp...nd_SpamAssassin

Hello,

I use Mandrake/driva for a couple of years since 8.0. For SPAM filtering I use following:
POSTFIX + AMAVISD-NEW + CLAMAV + SpamAssassin + RAZOR + DCC

Postfix does the dirty work at first:
- HELO & VRFY restrictions
- smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
# reject_rhsbl_sender dsn.rfc-ignorant.org,
# reject_rhsbl_sender bogusmx.rfc-ignorant.org,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dul.dnsbl.sorbs.net,
permit_auth_destination,
reject

- RBL checks in Postfix (sorbs, spamhaus, spamcop,blitzed,dsbl,abuseat)
This filters out about 70% of all SPAM. rfc-ignorant.org got me too many false-positives so I had to disable it. I don't allow users to relay e-mails through this box, I have another box for it. (I always recommend to separate SMTP gateway from POP3/IMAP servers. SASL AUTH is good but ... u know)

- Then AMAVISD-NEW takes place with CLAMAV antivirus scan, RAZOR, and DCC checks, followed by SpamAssassin (whitelist enabled, auto-learn enabled, I trained bayes classifier with about 8000 SPAMs and 5000 HAMs at start then I turned on auto-learn).

I'm satisfied with te efficiency of this setup, however more SPAMs happened to pass thru recently. I guess we have to wait for Spamassassin team to upgrade SA to 3.1.9 :-)

This is a sample of recent SPAM that passes thru. Bayes gives it too low score. It's a plain text, without any GIFs.

YOU'VE SEEN IT BEFORE YOU SAY?!!

Campaign for: CDYV - Price: $0.089, 5 Day Target price: $0.425!!!

500%+ profit (short term)!!

CDYV have released very hot news. Check this out, nic and call to your brocker right now.


Just a few numbers valid for sunday, double them for weekdays:
6033 e-mail reached the server

4723 rejected (542 by spamcop, 3 by abuseat, 677 by sorbs, 321 by dsbl, 1359 by spamhaus, 1148 by HELP_NEED_FQDN, 183 by UNKNOWN_SENDER_DOMAIN, 454 by UNKNOWN_RECIPIENT, rest are timeouts)

1310 e-mails delivered to AMAVIS

403 classified as SPAM by SpamAssassin
c.a. 200 SPAMs containing GIF were filtered out by CLAMAV

The rest were delivered to user mailboxes. I guess 50% of it was spam anyway, but I can live with that, considering the user base counts 950 now.
Fighting SPAM is neverending war. Good luck.

I've got 94% of spam blocked so far from my server