Small Business Networking
Subscribe to this site with RSS
Ratcheting up SpamAssassin to block even more spam
You wrote a column on 5/1 about controlling spam with SpamAssassin. We have taken the steps you suggested but we still have an amount of spam getting
through greater than we think would be the norm. Are there any other steps that we can take?
-- Via the internet
Yes there are more steps that you can take. There are so many things that you can do with SpamAssassin that a book could be written about it. One that I am familiar with has been published by O'Reilly. For even more, I would suggest subscribing to listservs for SpamAssassin and any other related addons such as Razor that might be present on your particular SA setup. It would also be a good idea to subscribe to the listserv for the MTA (i.e. Postfix or something else) that you are using.
The spammers are getting better at sending though low-scored spam that will fly under the radar and still get through. Sometimes you have to take a more direct assault. A while back I was seeing quite a bit of spam getting through saying is was from admin@fbi.gov, admin@cia.gov or emails that were claiming to be sent by admin mailbox of my own system. This is where blacklisting comes into play. It will automatically block the email addresses you list regardless of how low or high that they score. You would put blacklist_from followed by a space and the email address that you want to block. You can either put in an explicit address or by using *@domain.name (replace this with the actual domain name you want to block and every email that claims to be sent from listed domain will be blocked.
There is another option called greylisting. Without getting into the details, you basically tell SpamAssassin to lie to the incoming mail server and give it a try again later message. This will put a slight delay in emails coming in. A valid mail server will try again a little bit later and the mail should get through at that point. Depending on the sophistication of the spammer, this stands a chance of helping to reduce some of the spam that tries to get through. Greylisting can be done with either SpamAssassin or the MTA that you are using. www.greylisting.org is one place where you can get information on implementing greylisting. The SpamAssassin listserv will help you get information on doing it with SA as well.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.
Featured Whitepapers