From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: To: 9fans@cse.psu.edu Subject: Re: [9fans] need help with improving my spam filtering From: Heiko Dudzus Date: Sun, 15 Oct 2006 17:39:47 +0200 In-Reply-To: <2ca63ae02fe6fd23697275bb72c31a7b@tombob.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: cad8208a-ead1-11e9-9d60-3106f5b1d025 > This worked for a while, but now I am getting > more and more spam getting through (mostly because of the anti-bayes > mechanism of hiding the spam in a picture and sending it together with > random but apparently OK text). Same here. I made a hold rule for this in /mail/lib/patterns, allowing only some people and lists to send GIFs. Works for the moment but could be too restrictive. > So, I'd like to expand my spam stopping capabilities. I have read > smtpd(6), ratfs(4), and scanmail(8) but find myself slightly at sea on > how to combine these to allow me to filter out some of the more > obvious spam. > If I understand correctly, I can start ratfs(4) and since it'll read > the default /mail/lib/blocked file my smtpd(6) will then block some > emails. Based on the connecting IP address and originating account, yes. > I can also replace qer(8) with scanmail(8) in my > /mail/lib/qmail and therefore block out even more emails. Based on the content of the mail. Because you said, it's just for your own little maildrop, be aware that incoming mail can only be filtered with scanmail(8) when it gets resent (and queued) to your own system with the little trick discussed in this thread: http://9fans.net/archive/2002/03/257 > PS I guess an alternative approach would be for me to use fresh email > addresses for mailing lists every so often. But that feels > shortsighted somehow. Greylisting is another option. (When I saw in the source, that greylist.c can deal with entire whitelisted subnets, it was an option for me again) Heiko