This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPAM- which setting to use- Aggressive?

Hi,

Which SPAM setting is best? Reasonable, Conservative, or Aggressive? Also, where is the criteria for each based? Does Astaro use an external database to determine what is spam and what is not?

Any suggestions on which RBL to use?

Thanks for any suggestions.

This thread was automatically locked due to age.

Parents

0 Gregg_01 over 21 years ago
Astaro uses Spam Assassin as its spam filter. Spam Assassin evaluates each email with many rules, each having a specific point value. The higher the point value, the greater chance there is that a message is spam.

What I would recommend that you do initially is set Threshold One at Level 10 and "Pass." I would then set Threshold Two at Level 15 and "Quarantine".

Now, each email you receive will have an numerous additional X- fields in the message header.

X-Spam-Score: Gives you the total score from all rules that were true
X-Spam-Report: Shows you which rules were positive and their respective scores
X-Spam-Flag: "Yes" or "No"
X-Scan-Signature
[/list]
In our initial configuration, ASL's Spam Assassin implementation does will put "* SPAM *" in the subject for all messages that that are at or above that Level One threshold. I suggest setting that level very high so that you don't freak out your users.

Now check out the SPAM scores of messages that you believe to be SPAM and those that you don't. You'll probably find that a threshold of 04 or 05 will make a good Level One setting (with Pass) once you've done some testing and a threshold between 08 and 10 will make a good Level Two (with quarantine).

Depending on the mail system you use you will then probably want your users to create rules or filters that put any messages with "* SPAM *" in a special folder.

As for RBL's to use, I suggest you go to http://www.spews.org but here are the ones I use:
bl.spamcop.net
sbl-xbl.spamhaus.org
list.dsbl.org
dun.dnsrbl.net
dnsbl.njabl.org
relays.ordb.org
opm.blitzed.org
[/list]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Gregg_01 over 21 years ago
Astaro uses Spam Assassin as its spam filter. Spam Assassin evaluates each email with many rules, each having a specific point value. The higher the point value, the greater chance there is that a message is spam.

What I would recommend that you do initially is set Threshold One at Level 10 and "Pass." I would then set Threshold Two at Level 15 and "Quarantine".

Now, each email you receive will have an numerous additional X- fields in the message header.

X-Spam-Score: Gives you the total score from all rules that were true
X-Spam-Report: Shows you which rules were positive and their respective scores
X-Spam-Flag: "Yes" or "No"
X-Scan-Signature
[/list]
In our initial configuration, ASL's Spam Assassin implementation does will put "* SPAM *" in the subject for all messages that that are at or above that Level One threshold. I suggest setting that level very high so that you don't freak out your users.

Now check out the SPAM scores of messages that you believe to be SPAM and those that you don't. You'll probably find that a threshold of 04 or 05 will make a good Level One setting (with Pass) once you've done some testing and a threshold between 08 and 10 will make a good Level Two (with quarantine).

Depending on the mail system you use you will then probably want your users to create rules or filters that put any messages with "* SPAM *" in a special folder.

As for RBL's to use, I suggest you go to http://www.spews.org but here are the ones I use:
bl.spamcop.net
sbl-xbl.spamhaus.org
list.dsbl.org
dun.dnsrbl.net
dnsbl.njabl.org
relays.ordb.org
opm.blitzed.org
[/list]
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 synopex over 21 years ago in reply to Gregg_01

Hi Gregg,
IICC I think first ist threshold one and then threshold two which spam-assassin checks. what is better: first a high threshold or first a slow threshold? whatever seqence?

At the moment i set the first level to 08 -> blackhole and second level to 03 -> quarantine

regards...
Cancel
Vote Up 0 Vote Down

Cancel
0 Gregg_01 over 21 years ago in reply to synopex

Threshold One should always be lower than Threshold Two. My guess is that your current setting will do nothing for values less than 8.

The only reason I recommended an abnormally high Threshold One for initial testing was so as to not scare your users w/ the "*SPAM*" tag in the subject.

In production I run Threshold One at 4 (pass) and Threshold Two at 8 (quarantine). We quarantine so that we may forward false positives to the recipient rather than having them rejected outright.

BTW--I think that setting a threshold to 3 (quarantine) will end up quarantining a lot of legitimate mail. Of course YMMV.
Cancel
Vote Up 0 Vote Down

Cancel
0 Steve_Friedl over 21 years ago in reply to Gregg_01

[ QUOTE ]
As for RBL's to use, I suggest you go to http://www.spews.org

[/ QUOTE ]
Before using any RBLs, it's wise to look up on their listing policy and make sure you can live with it. Some are conservative, some are aggressive, and - in particular - SPEWS believe in "collateral damage" by listing entire ISP netblocks. This has the effect of intentinoally ilsting non-spammers in order to get them to put the heat on the ISP to get clean.

This recently happened when SPEWS listed NAC.NET (upstream of Broadband Reports), and the furor raised the issued of collateral damage.

Many people agree with this "nut squeezing by proxy", but even more believe it's improper, and you should not go down the SPEWS road without really researching it. If you have not spent any time on the newsgroup net.admin.net-abuse.email, you've probably not researched it enough.

SPEWS should never be your first blocklist. Start with a conservative one, such as ORDB and gradually add more as you develop tools and procedures to deal with false positives.

Steve
Cancel
Vote Up 0 Vote Down

Cancel