continued spam leakage
Luke Schierer
lschiere at pidgin.im
Tue Jun 11 20:45:41 EDT 2013
On Jun 10, 2013, at 21:39 EDT, Ethan Blanton <elb at pidgin.im> wrote:
>
> So, it's ultimately helpful to run spamprobe and then a rule-based
> filter, and if spamprobe didn't mark but the rule-based filter did,
> feed the mail back through spamprobe to retrain. This isn't critical
> (anything is better than what we've been having!), but it would be
> nice to have it in the ultimate configuration.
>
>> The configuration for this is a little awkward.
>>
>> spamassassin's configuration file configures how spamassassin checks
>> things. but amavis' configuration files determine whether or not the
>> score is sufficient to mark the mail as spam, and if so, if it is
>> sufficient to just mark the mail, or also block the sending.
>>
>> This will doubtless need some tweaking. I have not done this
>> configuration on the pubic internet where you get the volume of spam
>> (and unique kinds of non-spam) we do in 5 years or so.
>>
>> I will try to be available to help with this tweaking.
>
> Great. Hopefully we can get this knocked back down to pre-upgrade
> levels, where we leaked only a few mails a month. That level of
> leakage is justified for having open lists, I think, but this recent
> behavior is not.
>
> Thanks,
> Ethan
>
So I wrote /usr/local/sbin/getamavismail.sh
to create a maildir of the stuff blocked by the amavis/clamav/spamassassin combo above.
It looks like it caught 400+ emails so far.
More impressively, it looks like all of them (so far) are actually spam. My experience with spamassassin, I usually have false positives to deal with.
I am going to continue to monitor it for the next few days, as I can (realistically only in the evenings like today), but we may want to consider opening devel back up on some sort of trial (in other words when someone is free to close it back down if tons of spam starts coming through again).
If that goes well, and if the false positive rate remains nil, we can start feeding the results into spam probe for training like Ethan suggests.
Luke
More information about the Devel
mailing list