X-Spam-Check-By: sourceware.org
Date: Thu, 25 Jan 2007 22:44:10 -0500
From: Christopher Faylor <cgf-use-the-mailinglist-please AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Cygwin anti-spam techniques
Message-ID: <20070126034410.GA15853@trixie.casa.cgf.cx>
Reply-To: cygwin-talk AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <45B97009 DOT 6060004 AT kleckner DOT net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <45B97009.6060004@kleckner.net>
User-Agent: Mutt/1.5.11
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Thu, Jan 25, 2007 at 07:05:45PM -0800, Jim Kleckner wrote:
>The presence of a little bit of spam on this list reminds
>me how little normally gets through.
>
>I know it might be considered a little OT, but do you have
>a pointer to what techniques are used these days?

Spamassassin:	http://spamassassin.apache.org/
qpsmtpd:	http://smtpd.develooper.com/
clamav:		http://www.clamav.net/

mlcheck - a homegrown filter which stops certain types of predictable
spam from coming through if it clears the above.  This is the program
which stops html mail and various "harmful" attachments.  It operates in
a slightly more relaxed mode if you're subscribed.

I use a bunch of "rules du jour" rules with spamassassin:

  BLACKLIST_URI
  BOGUSVIRUS
  RANDOMVAL
  SARE_ADULT
  SARE_BAYES_POISON_NXM
  SARE_BML
  SARE_EVILNUMBERS0
  SARE_FRAUD
  SARE_GENLSUBJ
  SARE_HEADER
  SARE_HIGHRISK
  SARE_HTML
  SARE_OBFU0
  SARE_OBFU1
  SARE_OEM
  SARE_RANDOM
  SARE_REDIRECT_POST300
  SARE_SPAMCOP_TOP200
  SARE_SPECIFIC
  SARE_SPOOF
  SARE_STOCKS
  SARE_UNSUB
  SARE_URI0
  SARE_URI1
  TRIPWIRE

and will be adding a couple more soon.

spamassassin is run during the smtp connection phase courtesy of qpsmtpd.  I
use a number of spam blocks in qpsmtpd, too.

But, actually, despite all of the above, I think the thing that keeps
the lists relatively spam free is my constant retraining of both the
spamassassin bayes filter and the mlcheckd keyword filter.  I update
those 5-10 times a day - whenever I get spam.  The postmaster account at
sourceware.org gets a lot of spam and it often seems to be a heads up
for spam that will soon be flooding the mailing lists.  So, if I can
catch spam that shows up there before it hits the mailing lists you
never see it.

Oh, and there's also the "aaaspam" honeypot as well as a bunch of other
email aliases at sourceware.org/gcc.gnu.org.  Mail sent there
automatically causes the email address to be added to a black list.  I
scan the black list hourly for accidental additions from mailing list
subscribers and remove any that show up.

That's it in a nutshell.

Any further questions about this should probably go to cygwin-talk.
I've set the cc there.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/