Author: W B Hacker Date: To: exim users Subject: Re: [exim] Please help me get more spam!
Dave Pooser wrote:
>>>I tried this formulation, but still no success; as soon as I put the
>>>!condition in place the server was no longer denying spammy messages sent to
>>>anyone. I also tried using a numeric value in place of the string (and
>>>changing the operator to "="), but still no dice.
>>
>>First, Spam score int above 50 is not all that common.
>
>
> I test the configuration with the GTUBE string from my home email server,
> which scores 1000 SA hits /spam_score_int 10,000. Trust me, SpamAssassin is
> completely failing. :-(
>
>
>>We seldom even see a 30. Couple a week maybe (OTOH, we have blocked 90% on RFC
>>violations, so seldom even call SA at all).
>
>
> I've been seeing 3-400 or so a day that have a spam_score_int over 100 (SA
> score over 10). Bayes + a lot of SARE rules + network tests. One of the
> things I love about Exim is I won't have to wade through 350 messages in the
> bit-bucket to check for false positives.
The world of mailadmins seems to be dividing on a sharp line:
- Those who take a perverse delight in how much spam they can take on-board,
scrutinize, score, tag accurately, add headers to, divert to quarantine, bask in
the statistics of it all.
IOW - "play with their food".
- Those who canot be bothered to muck about with such garbage, and simply block
it with near-zero resource load on the grounds that an *extremely high*
percentage of it emanates from senders that *must* try to hide for as long as
possible, ergo do NOT comply with DNS or smtp RFC's. Most, in fact, are
zombified WinBoxen with a primary mission, not of selling a damn thing, but of
first infecting as many more WinVictims as can be so that they can then be used
to social-engineer some poor fool out of his bank, charge-card, or brokerage
account information.
Lack of *any* DNS entry, or use of a known-dynamic IP *cannot* be a 'false'
positive - only a nuisance to the occasional user who feels they *must*
communicate with the fool - hopefully ignorant, not malicious - who is doing that.
I am supremely disinterested in running SA any more than absolutely necessary,
i.e. - on the roughly 10-12% of offered traffic that has passed all simpler
tests and *seems to be* legitimate. Even then, our Sa has been stripped to a
very few key tests only - Bayes and RBL's no longer among them.
The rest - 90% or so of arrivals - have never made it past 'HELO', and most of
it doesn't even survive 'CONNECT'.
Life is too damn short to drink bad wine, use slow computers, or sleep with
unpleasant partners.
Likewise, "playing" with spam instead of denying entrance of it just slows down
my computer, a clear violation of "Hacker's First Law" (above).
