Spam tagging ?

Dominic Lepiane archangel
Thu Aug 24 10:12:19 PDT 2006 

On Wednesday 23 August 2006 21:56, Chong Yu Meng wrote:
> On Wed, 2006-08-23 at 11:43 -0700, Dominic Lepiane wrote:
> > I use Amavis (http://www.amavis.org/) which uses whatever virus checking
> > and spam filtering facilities you have available.  I use ClamAV
> > (http://www.clamav.net/) and spamassassin
> > (http://spamassassin.apache.org/) which are somewhat simple to configure
> > within Amavis.  In my setup, mail is untagged under the minimum
> > threshold, mail is tagged up to the max threshold but delivered still,
> > and then anything about that is discarded.  I haven't seen any
> > false-positives above "10" so we do discard some obviously spammy
> > messages.  Current settings throw out probably 90% of spam, 8-9% are
> > tagged as spam but delivered to the user just in case, maybe a couple
> > percent are not caught.
>
> Hmm... I'm not sure I understand what you're describing here. I'm just
> getting started in spam filtering, so I'm afraid I'll need a little
> hand-holding.
>
> My setup is Postfix + Spamassassin and what I was thinking was setting
> it up so that it would tag spam instead of getting rid of it. The reason
> is I don't know where to begin to start defining sensible rules for the
> spam filter. I want to avoid a situation where legitimate mail gets
> identified as spam and blocked. By tagging and sending it anyway, my
> mail users have the option of checking through.
>
> What are these settings you speak of, and do you have any tips on
> sensible configurations that you can share with me?
>
> Thanks and Regards.

Basically, here's how it goes:

Message delivered from remote site via SMTP to Postfix,
Postfix gives message to Amavis for inspection,
Amavis gives message to any number of checking services (ClamAV for 
anti-virus, SpamAssassin for spam),
Each service, including SA, can manipulate the message, quarantine it, or 
discard it,
Once Amavis finishes running the message through all the services, it hands it 
back to Postfix if the message still needs to be delivered,
Postfix delivers the message to the local mailbox (or procmail or whatever).

In Amavis there are several options for SpamAssassin (SA) tag levels (my 
custom levels, btw):
$sa_spam_subject_tag $sa_tag_level_deflt  $sa_tag2_level_deflt $sa_kill_level_deflt $sa_dsn_cutoff_level 
The tag levels are SA score parameters.  

If SA assigns a score greater then tag_level, which for -1000 should be all 
messages, then it adds the score to the message headers.  

If SA assigns a score greater then tag2_level, then it adds the 
header "X-Spam: Yes" and adds the spam_subject_tag to the subject of the 
message.  The message is delivered to the user like this.

If SA assigns a score greater then kill_level, then the message is discarded 
and not delivered to the user.  For my site, 6.0 works well, I had not seen 
any false-positives scored above 6.

The dsn_cutoff_level is just for when not to send any sort of bounce (IIRC), I 
don't really worry about it.  It just has to be >

So you don't need amavis, but amavis is a nice way of doing things if you 
intend to add anti-virus or additional spam checking later.  At any rate, you 
can start by setting your tag_level to -1000 so all messages start getting 
tagged and set your tag2 and kill levels to something high, like 10 (or 100)  
until you get enough mail tagged to make a reasonable decision about what 
levels you want to take action at.
-- 
Dominic Lepiane

"When I read of the evils of drinking, I gave up reading."
- Henry Youngman

 .o.
 ..o
 ooo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20060824/6407aa93/attachment.pgp

More information about the Linux-users mailing list