[clue-tech] Re: [clue-talk] Triaging spam

[Angelo Bertolli]

 From the discussions I've seen and participated in, probably the most 
valuable thing I've taken with me about spam is that how you deal with 
it is intimately tied to your specific system:  number of users, what 
the users expect, and what is acceptable to both you and them.  Everyone 
is going to give you different advice.  (Which is a good thing--maybe 
the best way to keep spammers from getting through is to not all do the 
same thing.)

Personally I like things like SpamAssassin over rejecting email with 
sendmail because I think there is some statistical value to the spammers 
to know whether or not their attempt to deliver was successful.  But 
then again the server I manage has a specific demographic: seems to get 
certain kinds of spam, has about 600 users on it, and the users are ok 
with getting some spam.  I personally am OK with just running Mozilla 
and using the built in spam filter.

SpamAssassin does not have to be all or nothing.  I don't know about 
version 3, but in 2 the definitely/definitely not/ maybe is exactly what 
SpamAssassin does:

#From procmailrc
#DEFINITELY SPAM
:0: /var/tmp/SPAMASSASSIN.lock
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/var/spool/mail/spam/$LOGNAME.spam

#MAYBE SPAM
:0: /var/tmp/SPAMASSASSIN.lock
* ^X-Spam-Status: Yes
/var/spool/mail/spam/$LOGNAME.spam

And anything else gets sent to the inbox.

Well since you will probably get different suggestions, and have to come 
up with your own system for dealing with spam, I'll tell you what I do:

1) Filter through SpamAssassin with relaxed rules
2) Filter through procmail sanitizer 
(http://www.impsec.org/email-tools/procmail-security.html)

The users will still get some spam, but a lot of it is filtered out, and 
they don't get viruses.  And if they don't get viruses, they don't 
become a problem themselves.  (Ounce of prevention--blocking spam is a 
lot easier when you can rule out your own users.)

Angelo