[Mimedefang] MIMEDefang as a mail gateway...?
Lucas Albers
admin at cs.montana.edu
Sat Mar 6 14:11:27 EST 2004
Fernando Gleiser said:
> On Fri, 5 Mar 2004, Michael Sims wrote:
>
>> Another solution is to build a virtusertable db on your MX which
>> contains a
>> list of all your valid usernames and reject anyone that isn't in it with
>> an
I just run logwatch and determine top invalid recipients that don't reject
and explicitly reject them.
I have too many widespread systems to determine all the valid users.
I also found that File::Scan was too aggressive on rejecting virus's on the
quarantine,virus type detected is "suspicious", so i disable rejection on
that.
See:
if (($action eq "quarantine") && ($VirusName eq 'suspicious')){
I'm not sure I understand not being able to train the bayesian database.
All the incoming mail gets trained on our relay, we only have one bayes
relay.
It appears to work ok, it would work better with individual user
preferences, but it catches most spam.
Looking at it I see I have around:
0.000 0 8289 0 non-token data: nspam
0.000 0 28903 0 non-token data: nham
0.000 0 251154 0 non-token data: ntokens
I've never manually trained it, if that is what you are referring to.
Just set your learn-ham/non-ham thresholds good enough.
I like to set my ham at around .5 so it catches a lot of normal user email
that might have html in it.
I Enabled pyzor/dcc/razor.
I add very few rules to the sa mix, as i would rather miss a lot of spam
on the external relay, then get a FP.
I added the following additional rules, but have not otherwise tweaked it.
header BLACKLIST_1 Received =~
/outblaze.com|hinet.net|chinanet-gd|kornet.net|above.net|level3.net|exodus.net|cw.net|interbusiness.it|outb
laze.com/i
describe BLACKLIST_1 known spammy domains,but not outright spam or
blacklisted
score BLACKLIST_1 1
#might be an improvement on this particular rule.
rawbody TINY_FONT_1 /\<.*font\-size\:[ \"]*1[^0-9]+.*\>/i
describe TINY_FONT_1 Body contains 1pt font
score TINY_FONT_1 1
rawbody TINY_FONT_0 /\<.*font\-size\:[ \"]*0[^0-9]+.*\>/i
describe TINY_FONT_0 Body contains 0pt font
score TINY_FONT_0 1
#catch bayes poison, will FP on long text.
#might fp on prose
body RANDOMWORD_10
/(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){10}/
describe RANDOMWORD_10 String of 10+ random words
score RANDOMWORD_10 1
body RANDOMWORD_15
/(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){15}/
describe RANDOMWORD_15 String of 15+ random words
score RANDOMWORD_15 2
body RANDOMWORD_20
/(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){20}/
describe RANDOMWORD_20 String of 20+ random words
score RANDOMWORD_20 3
#normally .1
score HTML_FONTCOLOR_UNSAFE .5
score HTML_FONTCOLOR_UNKNOWN .5
#normally .4
score HTML_FONTCOLOR_INVISIBLE 1
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list