tons of spam

[jdow]

From: "David G. Miller" <dave at davenjudy.org>
> "jdow" <jdow at earthlink.net> wrote:
>
>> I may have some "sharp words" about the spam fighting tools that come 
>> with
>> FC7. I have little time to play with it. And it does not like my laptop.
>> So I have to download a bunch of debug files so I can track it down. (The
>> bug is in X-Windows so the gnome based folks want me to download and
>> install an unknown number of gnome debug files. Go figure. When I have
>> time I will humor them. But it's hard as heck to debug a frozen machine
>> that has kicked the display out the window, metaphorically speaking. The
>> SpamAssassin RPMS that came with FC4 and FC5 seemed to be incomplete when
>> I attempted to use them in the past. And for an effective SpamAssassin
>> install SOME mention of the Spam Assassin Rules Emporium is properly
>> required, as is mention of FuzzyOCR and a couple other gems.
>>
>> (SARE is so effective it was included in the massive DDoS attack that
>> struck Spamhaus as well. Some spammer got REALLY peaved, po' baby.)
> If you run your own mail server, I've had good luck with dSpam.  It takes 
> a little while to get it trained since it's Bayesian filter based but I 
> now get overall accuracy of over 95% and the spam identification is over 
> 93%.  I should add that I get *very few* false positives (currently 12 out 
> of over 15,000 e-mails) and several of those were right after installation 
> when the filter had very little data to go on.

Wow - at THAT level it'd get chucked with extreme prejudice. (Since it
is not actively evil I'd not give in the paraffin and lead foil wraps
followed by a staking and burial at midnight of a full Moon. But I would
put it on a disk and bury the disk.) That accuracy is horrible. If I cut
my spam catch percentage to about 99% or so I could virtually eliminate
my false alarm rate. But that's not worth the effort tuning the system.
It ain't broke so I am not going to fix it. I'm serious that when I had
the 250-300 spam a day spam traffic I'd go one to two weeks without a
false alarm, once I found some juju to handle technical mailing lists
that have patch files cross the list frequently.

SpamAssassin can be awkward to setup. But once setup it is devastatingly
effective, especially since it scores block lists. No one block list
will give you a false positive. But they do save a lot of spam sneak-
throughs. I'm quite convinced that a proper anti-spam tool combines
rules and Bayes.

{^_^}