Has anybody else seen a recent rise in the amount of image SPAM being delivered ? Hmmm, looks like it is time to re-introduce FuzzyOcrPlugin - Spamassassin Wiki.
Printable View
Has anybody else seen a recent rise in the amount of image SPAM being delivered ? Hmmm, looks like it is time to re-introduce FuzzyOcrPlugin - Spamassassin Wiki.
I haven't seen any image spam since .... a long time, probably since early last year.
Blimey :eek: You are lucky ... Had five so far this morning. Not huge hits from SA neitherCode:X-Spam-Status: No, score=5.143 tagged_above=-10 required=6.6
tests=[AV:Sanesecurity.Spam.10082.UNOFFICIAL=0, AV_SS=3,
BAYES_50=0.001, CRM114_CHECK=0.181, HTML_MESSAGE=0.001,
RCVD_IN_BL_SPAMCOP_NET=1.96]
Not that it directly attacks the problem, but I'd consider either blocking at MTA with Spamcop, or pushing up the scoring for it. In my current production system (not Zimbra) I use Spamcop to block at MTA, and I can't remember the last time it generated a false positive, if ever.
True, though I do not like to alter the scores from the base configuration. Hence why I look to other possibilities of blocking so that I am not dependant on one single method.
IMHO it helps to build a more realistic picture; in that if all of the methods report a particular email as a SPAM then there is a greater chance of it not being a false positive.
Put ASSP in front of your Zimbra server and make it all go away.
Much better than SA.
Stop spam with the Anti-Spam-SMTP-Proxy (ASSP)
At one time I wanted to set up ASSP with our production system, but I was distracted by other projects. With Zimbra, a well-tuned MTA blocklist, and SA configured with tweaked scores and inputs (as suggested in the wiki and forum), I am hoping there will not be much demand for additional measures.
The reason: Zimbra's approach to user-feedback is transparently simple. Just move messages into/out of the Junk folder to train. With 6.0 users can optionally whitelist/blacklist senders on their own.
Last I checked, ASSP trains via self-feedback (looking at the automatically-sorted corpus). User feedback requires sending to special addresses, which is a drag compared to just clicking a button or filing a message.
Having said that--it'd probably be easy to have Zimbra send the ham/spam to the ASSP addresses, or conversely to get ASSP to look at the Zimbra ham/spam accounts. Hmmm...
(ASSP also whitelists based on people whom you've sent messages to.)
Can you handle "cluster" with ASSP ?
If I put another AS/AV system in front of my ZCS (and other mails) servers, I want to put at list two different servers (in two different datacenters), but with a single configuration system (web interface or CLI) and sharing "databases" (for spam, ham, greylisting, configuration, etc)... If one goes down (even the master), I want the other to stay up (even if I must wait for the master to come back up to do some configuration changes).
Is that possible ?
Only way I know is Fort Systems Products but it does come with a price; though from my research it appears very good. Certainly on price not for a small install.
Hm, I thought I responded to that a few hours ago but my post is missing. Hopefully just an oversight on my part.Quote:
Originally Posted by Klug
Anyway, my answer is: I don't know. Best to ask on the ASSP forum or (probably better) the mailing list. Both are linked from the page indicated above.