Fighting Spam, any best practices?

[Marc]

Hi All,

Have AMS running on a server with 20 odd domains, the older domains are now getting a lot of spam. Over time we have added various filtering in SPAM and Content to tackle certain common spam messages, and its starting to look a mess and hard to follow. Also I don't think its that effective either.
I also have problems using the RBL's. Anytime I try and implement them I find it just blocks most mail, spam or not.

I wonder if people would be willing to share what works and what doesn't, and what methods you can impliment that never falsely detect spam.

I am thinking off starting again with new rules that work.

Thanks, Marc

[m1byo]

Spam filtering is never perfect, however the best implimentations I have used on AMS are:

1. Greylisting, this seems to eliminate most spam from coming onto the network in the first place, the down side to this is some automated emails do not get re-sent.
2. Baysiean Filtering, this takes a lot of learning and training, however I managed to get this to approximatley 99.8-99.9% sucess rate (which I would think is pretty good)

the greylisting on its own seems to have reduced the incoming spam on our mail server from approx 15,000 spam emails per week down to about 400, spread over 35 users! the baysiean filtering just sends the remainder to the junk mail box for the user to decide what to do with!

You may find it advantageous to enable baysean learning without enabling the filtering to improve the size of the database, however all the users contributing to the database need to be very disciplined to ensure the database does not get poisoned with wrong information.

Hope this helps

Ian

[Marc]

Thanks for that. We use Bayasian, but not grey listing.

Are the default settings enough, does grey listing ever stop legite mail?

Regards, Marc

[m1byo]

Hello,

I have changed the default settings to

Tempory Fail Time Mins: 1
Tempory Allow Time mins: 720 (12 hours!)
Lifetime Days: 90

This seems to work very well, I have been told that a couple of emails have been missed which they shouldnt have from a couple of automated systems, however these emails have now been included in the spam whitelist and so as far as I know we do not miss many at all.

I know there are a couple of other forum threads discussing greylisting which may be worth looking into

Hope this helps

Ian

[THX_1138]

Hi,

We have an awfull lot of users on our AMS and before we started using the greylist the spam volume was reaching dangerous levels.

We now use a combination of Baysiean / Content filtering and the Grey List. This seems to work very well for us and has dramatically cut the spam traffic right back. Yes, the grey list has occassionaly failed where some automated responses are concerned but its a situation where the pros easily outweigh the cons. We have a white list for those that encounter grey list problems. We are really looking forward to seeing what anti-spam measures the new version of AMS will have.

Regards

Jay

[Marc]

Great advice, thanks all.

[philsbbs]

I'm looking to add content filtering is there any example that people have in place I could look at.

[Code Crafters]

You can use the preset content filter rule "SPAM Identifier" via the Add Preset button in content filtering. This rule will mark any mail with the SPAM flag set by SPAM filtering to have its subject pre-pended with <SPAM> so that you can more easily identify SPAM mails and sort them into your junk folder, ideally for Bayesian training. You have to disable rejecting mails at the SMTP (delete mail there and then) in the SPAM filters for SPAM mails to reach content filtering though. If there are any other things you want, content filtering can do just about anything so let me know and I'll help you set up rules for whatever filtering you need.

[trinitysrv]

Most spammers have invalid or missing SPF records.
That's been one of the best methods of filtering for me. 98%

[Code Crafters]

Grey listing will usually stop 80% of all SPAM on its own. Bayesian will stop 99.5% once well trained (several thousand SPAM / non-SPAM mails trained). Other SPAM filters are also very effective but these are usually the strongest two. For version 2.62 this is what we recommend for your SPAM setup:

Basic Filtering:
1) Make sure you’re running version 2.62.
2) Run the SPAM wizard from the dialog admin interface for medium level protection.
3) Disable Sender Domain Check (this will become new default setting in update 2.63).
4) Change grey listing first setting from 60 mins to 1 min (this will become new default setting in update 2.63).
5) Set up any black / white listing that you need. The relaying exemption option will allow any authenticated users to bypass SPAM filtering.

Advanced Filtering:
6) If you want to also do Bayesian filtering, this take a bit of setting up but is by far the most effective SPAM filter available today.
a) Set up Bayesian filtering to use only the Auto-Learn from Users training method. Add participating users and appropriate SPAM / non-SPAM folders to the Bayesian settings.
b) Get Participating users to sort their mail into SPAM / non-SPAM folders where Bayesian will automatically learn from them periodically.
c) You need to disable rejecting (deleting) the email on all SPAM filters so that the SPAM flag is set and the mail is allowed to pass through.
d) Set up Content Filtering with the Preset Content Filter Rule (Add Preset button) “SPAM Identifier”. This rule will mark SPAM detected mails with <SPAM> in the subject so that they can be more easily identified and moved to the SPAM folder. Bayesian is a learning system so once it is well trained (minimum of 1000 SPAM and 1000 non-SPAM mails) you can set this content filter rule to also place mails in the SPAM account directory but don’t do this until you are happy it is training accurately and you must then check your SPAM folder for false positives (mails wrongly marked as SPAM that aren’t really SPAM) and move them appropriately.