.comment-link {margin-left:.6em;}

Frank

Viki
Saturday, June 19, 2004
 
Anti-spam solution
So this week I got madly serious about cutting down the amount of spam I get. My system specs:

Linux RH 7
qmail
tinydns

I already had spamassassin 2.55 installed, but I had never configured it. I had been stumped previously, via many complicated howtos, but this time I was just too sick of the spam. I get (got) about 300 messages a day from spam, so I decided to knuckle down and figure the fucker out.

So I found this page, which simply has superior instructions for the whole process. Most self-written howto's are either a bunch of commands with no explanation, or vice versa, however Roberto Alsina provides a great mixture of "do this" combined with "why you have to do this."

I'm not going to rewrite what he so excellently wrote in the first place, however there are some things still missing.

Custom Rulesets. The SpamAssassin WikiWiki has a page with various rulesets, however the real money is with the SARE Ninjas. These guys are the real die-hards when it comes to creating rulesets. I especially enjoyed their forums, e.g. this post (about halfway down), by Bob Menschel, listing his preferred config files, which I found to be an excellent starting point. Here are my SpamAssassin config files, in no particular order:

70_sare_adult.cf
70_sare_bayes_poison_nxm.cf
70_sare_genlsubj0.cf
70_sare_genlsubj1.cf
70_sare_html0.cf
70_sare_html1.cf
70_sare_oem.cf
70_sare_random.cf
70_sare_ratware.cf
70_sare_specific.cf
70_sare_spoof.cf
70_sc_top200.cf
72_sare_bml_post25x.cf
airmax.cf
antidrug.cf
bigevil.cf
chickenpox.cf
evilnumbers.cf
local.cf
weeds.cf

You should never use the sa-blacklist.current file for a .cf unless you are absolutely sure your server can handle the load. The thing about SpamAssassin rulesets is that they're just a bunch of perl regexes, and the thing about running a bunch of perl regexes is that they're quite cpu-intensive, and the thing about the sa-blacklist.current file is that it's about 1.7 MB of perl regexes that are run each time you get spam. I ran spamd with the max children set at 10, and instantly my celeron 333 with 256mb of ram shot up to about 3.5 worth of load. Luckily my server gets only a small amount of email, and I could kill spamd before things went catastrophic.

However, the blacklist is a quite handly little shitlist, so I went over to stearns.org, home of Bill Stearns, hacker and spam hater, as well as the maintainer of the sa-blacklist, and poked around. On the sa-blacklist page, I found this little gem that describes how to use the sa-blacklist with various mail servers, including my favorite, qmail, as well as some popular others (exim, postfix, sendmail).

Left todo whenever I get around to it:

  1. config learning cron job

  2. install RulesDuJour to keep my scripts updated


Comments: Post a Comment



<< Home

Powered by Blogger