[Users] BAYES_00 and SpamAssasin love it or hate it?

Barry de Graaff info at barrydegraaff.tk
Thu Nov 30 20:48:51 CET 2017 

Hey David,

I am implementing right now your suggestion to block some ip's in China and Brazil!!

Thanks for your information!!

Kind regards, 

Barry de Graaff
Zeta Alliance 
Co-founder & Developer
zetalliance.org | github.com/Zimbra-Community

+31 617 220 227 | skype: barrydegraaff.tk
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0

----- Original Message -----
From: "David Sommerseth" <dazo at eurephia.org>
To: "L. Mark Stone" <lmark.stone at reliablenetworks.com>, "Barry de Graaff" <info at barrydegraaff.tk>
Cc: users at lists.zetalliance.org
Sent: Thursday, November 30, 2017 8:27:05 PM
Subject: Re: [Users] BAYES_00 and SpamAssasin love it or hate it?

On 29/11/17 22:59, L. Mark Stone wrote:
[...]
> 
> When we use Bayes, we don't let the results be a major part of the scoring.
> 
> I expect others have different, more positive experiences with Bayes!

I have quite good experience with the setup provided via CentOS/Scientific
Linux and packages from Fedora EPEL.  I've tweaked the rules (both amavisd-new
and spamassassin) quite a bit, and Bayes alone is not the main score provider.
 But all together, it works surprisingly well for me.  I'm using this with
Postfix as a front mail gateway with a couple of Zimbra servers behind it.

There are some spam storms which occasionally requires some additional tweaks
before Bayes captures it.  But once got enough seeding, I don't think about it
any more.

Regarding false positives, that is very seldom.  And most of them even makes
me wonder if is spam or ham.


That said, I do have quite strict rules .... so 70% of mail connections do get
dropped before they even reach the spam check.  Good starting points are:

   reject_non_fqdn_helo_hostname,
   reject_unknown_reverse_client_hostname,    [1]
   sleep 3,       # Slows down "hammering" from single IPs
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unauth_pipelining,
   reject_unauth_destination,

 [1] This may require some love and care, there are valid hosts which
     have poor DNS setups which does not do reverse lookup correctly.
     These cases are easily fixed by adding records to /etc/hosts.

In addition comes reject_rbl_client, I currently use:

   - bl.spamcop.net
   - zen.spamhaus.org
   - bl.blocklist.de
   - b.barracudacentral.org
   - psbl.surriel.com

Spamcop, Spamhaus and Barracuda Central are those capturing most of the
spammers; and surprisingly few false positives in my case.  Can't say the same
about SORBS (which I had to stop using).  I have about 30 hosts/IPs enlisted
in a couple of whitelists, which is quite manageable.


Another trick is also to simply block a bunch of Chinese, Indonesian,
Vietnamese and Brazilian xDSL IP addresses in the firewall.


-- 
kind regards,

David Sommerseth

More information about the Users mailing list