Re: [exim] Exim4 Anti-Image-Spam Program

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MCraig Whitmore at <-
Mmaciek@net2000.pl at ->
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Exim4 Anti-Image-Spam Program
Craig Whitmore wrote:
>
>>
>> A) Do I understand that your method works with DSpam or otherwise
>> does NOT
>> require SA?
>
> It is a standalone program. No other anti-virus/spam is needed. I used
> DSPAM instead of SpamAssassin, DSPAM does find most of the spam as well.
> It will run without dspam or any other type of spam protection. My
> Intercepted Spam folder was at least filled with 50% of image spam
> (Which Dspam found). now it is alot less than 1% Image spam (with about
> 5000 spams getting into the spam folder per day normally). If you check
> the source it isn't very complex at all in the method employed.

Sounds interesting - I'll do that...

>
>>
>> B) Do you perchance have any statistics, specifically and only from
>> the '40,000
>> per day' that your software is nailing, as to how many of these were
>> also/might
>> have been rejected by other means, to wit:
>>
>
> I will only check for Image Spam if it actually makes it into exim. Ie
> all the RBL,Helo checks, pipelining etc are valid.
>

Good news...

>>
>> C) Any evidence of 'False Positive' hits? i.e. - it is dirt-simple to
>> reject ALL
>> graphics attachments, unless from 'whitelisted' sources, but that is a
>> whole
>> 'nuther issue.
>
> Rejecting all messages with images attached is quite bad. People image
> signatures, Incredimail etc would all get rejected if you do it this way.
>

Actually it works great!

CAVEATS:

- It is a user/department selectable preference.

- 'regular'correspondents (anyone sent TO in the last 12 months or so) are
auto-whitelisted for exemption.

- 'New' correspondents get instructions in the rejection message to FIRST
contact the recipient with 'plain text'. A reply AWL's their subsequent
messages. Ignoring that - i.e. - NOT responding - leaves the door shut.

Downside is the need to manually block if/as/when a recipient changes their mind
and/or wants to carry on with a given far-end, but ONLY w/o graphics.

Simpler than it sounds.

> I have no real stats at the moment for the mail but we get millions of
> emails which attempt to come in per day. but one thing I've noticed
> recently in the % of animated image spam has reduced.
>
> Thanks
>
>

Busy on the 'wrong continent' for another week. Will try to look at it when
back in Asia.

Regs,

Bill




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim4 Anti-Image-Spam Program[exim] exim + postgrey on multiple incoming hosts->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)