Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Image SPAM

  1. #1
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default Image SPAM

    Has anybody else seen a recent rise in the amount of image SPAM being delivered ? Hmmm, looks like it is time to re-introduce FuzzyOcrPlugin - Spamassassin Wiki.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,579
    Rep Power
    57

    Default

    I haven't seen any image spam since .... a long time, probably since early last year.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Blimey You are lucky ... Had five so far this morning. Not huge hits from SA neither
    Code:
    X-Spam-Status: No, score=5.143 tagged_above=-10 required=6.6
    	tests=[AV:Sanesecurity.Spam.10082.UNOFFICIAL=0,  AV_SS=3,
    	BAYES_50=0.001, CRM114_CHECK=0.181, HTML_MESSAGE=0.001,
    	RCVD_IN_BL_SPAMCOP_NET=1.96]

  4. #4
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Not that it directly attacks the problem, but I'd consider either blocking at MTA with Spamcop, or pushing up the scoring for it. In my current production system (not Zimbra) I use Spamcop to block at MTA, and I can't remember the last time it generated a false positive, if ever.

  5. #5
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    True, though I do not like to alter the scores from the base configuration. Hence why I look to other possibilities of blocking so that I am not dependant on one single method.

    IMHO it helps to build a more realistic picture; in that if all of the methods report a particular email as a SPAM then there is a greater chance of it not being a false positive.

  6. #6
    tgx's Avatar
    tgx
    tgx is offline Elite Member
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default

    Put ASSP in front of your Zimbra server and make it all go away.
    Much better than SA.

    Stop spam with the Anti-Spam-SMTP-Proxy (ASSP)

  7. #7
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    At one time I wanted to set up ASSP with our production system, but I was distracted by other projects. With Zimbra, a well-tuned MTA blocklist, and SA configured with tweaked scores and inputs (as suggested in the wiki and forum), I am hoping there will not be much demand for additional measures.

    The reason: Zimbra's approach to user-feedback is transparently simple. Just move messages into/out of the Junk folder to train. With 6.0 users can optionally whitelist/blacklist senders on their own.

    Last I checked, ASSP trains via self-feedback (looking at the automatically-sorted corpus). User feedback requires sending to special addresses, which is a drag compared to just clicking a button or filing a message.

    Having said that--it'd probably be easy to have Zimbra send the ham/spam to the ASSP addresses, or conversely to get ASSP to look at the Zimbra ham/spam accounts. Hmmm...

    (ASSP also whitelists based on people whom you've sent messages to.)

  8. #8
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,319
    Rep Power
    13

    Default

    Can you handle "cluster" with ASSP ?

    If I put another AS/AV system in front of my ZCS (and other mails) servers, I want to put at list two different servers (in two different datacenters), but with a single configuration system (web interface or CLI) and sharing "databases" (for spam, ham, greylisting, configuration, etc)... If one goes down (even the master), I want the other to stay up (even if I must wait for the master to come back up to do some configuration changes).

    Is that possible ?

  9. #9
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Only way I know is Fort Systems Products but it does come with a price; though from my research it appears very good. Certainly on price not for a small install.

  10. #10
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Quote Originally Posted by Klug View Post
    Can you handle "cluster" with ASSP ?
    Hm, I thought I responded to that a few hours ago but my post is missing. Hopefully just an oversight on my part.

    Anyway, my answer is: I don't know. Best to ask on the ASSP forum or (probably better) the mailing list. Both are linked from the page indicated above.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. spam filtering/training methodology
    By ewilen in forum Administrators
    Replies: 6
    Last Post: 04-24-2009, 08:26 AM
  2. Weird behaviors and LOTS of spam.
    By zwvpadmin in forum Administrators
    Replies: 7
    Last Post: 01-02-2009, 10:26 AM
  3. spam - ham training
    By Viking0 in forum Administrators
    Replies: 6
    Last Post: 12-02-2008, 01:07 PM
  4. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 10:54 PM
  5. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •