Battling Spam


#1

Out of sheer desparation, I recently changed the way I handle mail across my domains. I created a large whitelist, and then dropped my tag level and quarantine levels to 0. In theory, this should allow everyone on my whitelist through, while quarantining everyone else. If someone is not on my whitelist, they can request addition via my website.

The problem is that about 2% of the spam still gets through to me. I figured out that on a couple, it was because the spammer used my email address as the “from” address, which was whitelisted. Sneaky, huh? But on the others, I can’t figure out why they were not quarantined. I’ve pasted the headers below, after changing my real email address to “my@real-email.address”. Any suggestions would be very much appreciated.

---------- Begin Paste -----------

Return-Path: mcevoyiuj@elegantradiators.com
X-Original-To: my@real-email.address
Delivered-To: sebatical@spunkymail-mx3.g.dreamhost.com
Received: from terminator.dreamhost.com (sd-green-bigip-66.dreamhost.com [208.97.132.66])
by spunkymail-mx3.g.dreamhost.com (Postfix) with ESMTP id 1DEE68DDEA
for my@real-email.address; Wed, 14 Mar 2007 22:10:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by terminator.dreamhost.com (Postfix) with ESMTP id E9685B868E
for my@real-email.address; Wed, 14 Mar 2007 22:10:24 -0700 (PDT)
X-DH-Virus-Scanned: Debian amavisd-new at terminator.dreamhost.com
X-Spam-Score: -0.525
X-Spam-Level:
X-Spam-Status: No, score=-0.525 tagged_above=-999 required=0
tests=[BAYES_00=-2.312, EXTRA_MPART_TYPE=0.733, HTML_20_30=1.053,
HTML_MESSAGE=0.001]
Received: from terminator.dreamhost.com ([127.0.0.1])
by localhost (terminator.dreamhost.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id HNnIYfCJTBWm for my@real-email.address;
Wed, 14 Mar 2007 22:10:24 -0700 (PDT)
Received: from alaxxjax (unknown [210.1.222.39])
by terminator.dreamhost.com (Postfix) with ESMTP id 6C753B869F
for my@real-email.address; Wed, 14 Mar 2007 22:10:18 -0700 (PDT)
Message-ID: 000b01c766c0$3d177550$0300a8c0@ganelance
Reply-To: “Peter Ford” mcevoyiuj@elegantradiators.com
From: “Peter Ford” mcevoyiuj@elegantradiators.com
To: “Lisha” my@real-email.address
Subject: Time To Find It Out
Date: Thu, 15 Mar 2007 15:10:24 +1000
MIME-Version: 1.0
Content-Type: multipart/related;
type=“multipart/alternative”;
boundary="----=_NextPart_000_0007_01C766C0.3D177550"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
---------- End Paste -----------


#2

X-Spam-Score: -0.525 X-Spam-Level: X-Spam-Status: No, score=-0.525 tagged_above=-999 required=0 tests=[BAYES_00=-2.312, EXTRA_MPART_TYPE=0.733, HTML_20_30=1.053, HTML_MESSAGE=0.001]This did not score above 0. And its because of a Bayesian filter bringing the score down. Its apparently easy for spammers to break Bayesian filtering, or at least it may not be much of a help when the other filters work just as well if not better.

:cool: [color=#6600CC]Atropos[/color] | openvein.org


#3

Thank you – this definitely points me in the right direction as far as what I need to learn more about.

Any suggestions on how to set parameters for this scoring so that the last little bit of spam is quarantined?

Thank you again for the repsonse!