Re: [exim] Reducing Spam Assassin Load

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Alun
Data:  
Para: exim-users
Assunto: Re: [exim] Reducing Spam Assassin Load
"Herb Martin" <HerbM@???> said, in message
EINSRXE-000PRG-JT@???:
>
> Which has the disadvantage of exposing you to
> spam under several not too unlikely circumstances:
>
>   1) Someone harvests addressess from a list (e.g.,
>     this one) where you are both members and
>     sends to some members from another member.


No. This can't work. Unless I e-mail you directly (off list), the
fact that we're both on the list can't lead to your address being
whitelisted. Even allowing for accidentally Cc'd messages, I suspect
any single member of this list has probably mailed only a tiny
percentage of the list members directly, so their probability of being
hit by a spam with the correct sender address is going to be fairly small.
Of course, the list address itself is whitelisted now, so spam arriving
on this list would be forwarded, but then anything other than full
text body searching of the messages (SpamAssassin, whatever)
probably wouldn't flag any content of this mailing list as spam.

>   2) You are both in someone else's email address
>     book who becomes a virus/trojan bot and
>     shares the lists or sends the spam directly.


True. But you *did* mention greylisting, and I *did* mention that we
use it.

> 3) Your actual correspondent is the victim in #2


Also true.

>   4) Your actual correspondent, especially in the case 
>     of a commercian concern, becomes the spammer.


Again, any whitelisting system which works on previous reputation
to avoid scanning is going to fall down with this one. I should have
mentioned that aging is an integral part of the whitelist - in my case,
I drop any sender/recipient pair which hasn't swapped mail in the past
3 days (which I'll now increase to 14, I think). A legitimate correspondent
would have to go bad very quickly to get spam through the whitelist.
If one of my users mails an address which spams them within a short time,
is it really "unsolicited"?


I'm not really wishing to get into an argument about this. I introduced it
quite some time back and it hasn't caused a measurable increase in our
accepted spam. Marc was asking what people do, so I described it
(even saying that it wasn't as effective at letting ham through as I had
hoped!).

Cheers,
Alun.

-- 
Alun Jones                       auj@???
Systems Support,                 (01970) 62 2494
Information Services,
University of Wales, Aberystwyth