Image SPAM

[uxbod]

Has anybody else seen a recent rise in the amount of image SPAM being delivered ? Hmmm, looks like it is time to re-introduce FuzzyOcrPlugin - Spamassassin Wiki.

[phoenix]

I haven't seen any image spam since .... a long time, probably since early last year.

[uxbod]

Blimey You are lucky ... Had five so far this morning. Not huge hits from SA neither

Code:

X-Spam-Status: No, score=5.143 tagged_above=-10 required=6.6
	tests=[AV:Sanesecurity.Spam.10082.UNOFFICIAL=0,  AV_SS=3,
	BAYES_50=0.001, CRM114_CHECK=0.181, HTML_MESSAGE=0.001,
	RCVD_IN_BL_SPAMCOP_NET=1.96]

[ewilen]

Not that it directly attacks the problem, but I'd consider either blocking at MTA with Spamcop, or pushing up the scoring for it. In my current production system (not Zimbra) I use Spamcop to block at MTA, and I can't remember the last time it generated a false positive, if ever.

[uxbod]

True, though I do not like to alter the scores from the base configuration. Hence why I look to other possibilities of blocking so that I am not dependant on one single method.

IMHO it helps to build a more realistic picture; in that if all of the methods report a particular email as a SPAM then there is a greater chance of it not being a false positive.

[tgx]

Put ASSP in front of your Zimbra server and make it all go away.
Much better than SA.

Stop spam with the Anti-Spam-SMTP-Proxy (ASSP)

[ewilen]

At one time I wanted to set up ASSP with our production system, but I was distracted by other projects. With Zimbra, a well-tuned MTA blocklist, and SA configured with tweaked scores and inputs (as suggested in the wiki and forum), I am hoping there will not be much demand for additional measures.

The reason: Zimbra's approach to user-feedback is transparently simple. Just move messages into/out of the Junk folder to train. With 6.0 users can optionally whitelist/blacklist senders on their own.

Last I checked, ASSP trains via self-feedback (looking at the automatically-sorted corpus). User feedback requires sending to special addresses, which is a drag compared to just clicking a button or filing a message.

Having said that--it'd probably be easy to have Zimbra send the ham/spam to the ASSP addresses, or conversely to get ASSP to look at the Zimbra ham/spam accounts. Hmmm...

(ASSP also whitelists based on people whom you've sent messages to.)

[Klug]

Can you handle "cluster" with ASSP ?

If I put another AS/AV system in front of my ZCS (and other mails) servers, I want to put at list two different servers (in two different datacenters), but with a single configuration system (web interface or CLI) and sharing "databases" (for spam, ham, greylisting, configuration, etc)... If one goes down (even the master), I want the other to stay up (even if I must wait for the master to come back up to do some configuration changes).

Is that possible ?

[uxbod]

Only way I know is Fort Systems Products but it does come with a price; though from my research it appears very good. Certainly on price not for a small install.

[ewilen]

Quote:

Originally Posted by Klug

Can you handle "cluster" with ASSP ?

Hm, I thought I responded to that a few hours ago but my post is missing. Hopefully just an oversight on my part.

Anyway, my answer is: I don't know. Best to ask on the ASSP forum or (probably better) the mailing list. Both are linked from the page indicated above.