Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. Spamassassin: deal with rapid sending (Nick Rickard)
2. Re: Spamassassin: deal with rapid sending (Nigel Sollars)
----------------------------------------------------------------------
Message: 1
Date: Sun, 22 Jun 2014 10:49:12 +0100
From: Nick Rickard <nick@nickrickard.co.uk>
To: bristol@mailman.lug.org.uk
Subject: [bristol] Spamassassin: deal with rapid sending
Message-ID: <53A6A698.70305@nickrickard.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi all,
I'm currently using exim with spamassassin for my mail. For various
reasons I accept all mail for @domain.com . Recently I seem to get
periodic floods of emails that spamassassin identifies as possible spam
but not to ditch (the threshold is right as occasional ham goes in
here). The flood emails all have the same sender and subject but come to
different recipients @domain.com .
So I'd like either a spamassassin rule that says:
If (same sender more than 4 times in last 10mins) then (add 5 to spam score)
Or a local .forward rule of:
If (same sender more than 4 times in last 10mins) then (move to spam
folder).
Is it possible to create such a rule, please, or any other ideas to address?
Thanks,
Nick.
------------------------------
Message: 2
Date: Sun, 22 Jun 2014 07:49:23 -0400
From: Nigel Sollars <nsollars@gmail.com>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] Spamassassin: deal with rapid sending
Message-ID:
<CAG6aBkXJHqVmHH9vuC_OeqyAC7VDUAJ-U2A2mYDb2CnyZu9NKA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
You might want to do the basic stuff since its obvious that the sender is
forged,
1 - no reverse DNS drop it.
2 - use an aggressive SPF policy
3 - so you use SPAMHAUS or SORBS etc etc etc to pre filter?.
When I had the duty to deal with mail ( along time ago ), I used to pre
filter through clamav then spamhaus and friends before using spamassassin
which got fed the dregs.
worked pretty good actually.
Nige
On Sun, Jun 22, 2014 at 5:49 AM, Nick Rickard <nick@nickrickard.co.uk>
wrote:
> Hi all,
>
> I'm currently using exim with spamassassin for my mail. For various
> reasons I accept all mail for @domain.com . Recently I seem to get
> periodic floods of emails that spamassassin identifies as possible spam but
> not to ditch (the threshold is right as occasional ham goes in here). The
> flood emails all have the same sender and subject but come to different
> recipients @domain.com .
>
> So I'd like either a spamassassin rule that says:
> If (same sender more than 4 times in last 10mins) then (add 5 to spam
> score)
> Or a local .forward rule of:
> If (same sender more than 4 times in last 10mins) then (move to spam
> folder).
>
> Is it possible to create such a rule, please, or any other ideas to
> address?
>
> Thanks,
> Nick.
>
> _______________________________________________
> Bristol mailing list
> Bristol@mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/bristol
>
--
?Science is a differential equation. Religion is a boundary condition.?
Alan Turing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.lug.org.uk/mailman/private/bristol/attachments/20140622/13ffe95d/attachment-0001.html>
------------------------------
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
End of Bristol Digest, Vol 555, Issue 3
***************************************
Tidak ada komentar:
Posting Komentar