Re: Is there a way

Dallman Ross wrote:

> On Wed, Jul 21, 2004 at 02:05:42PM -0400, Curtis Maurand wrote:
>  
>
> > I've need more machine due to trying to catch spam.  Worse, I'm getting 
> > way too many false positives.  Spamassassin/Razor only catch a fraction 
> > of  stuff that gets sent.  without the extra filters (on the order of 
> > 200 to 300), I would get 40 to 50 per day.  I'm really really frustrated 
> >    
> I can only say I think you are working hard but not smart.  No insult
> intended.
>
> I have described in general terms here my setup before.  A few others
> do some similar things.  In a nutshell, I've under 40 anti-spam
> recipes, all but four of which are headers-only checks; and I have
> 1/1000 false negatives and about 9/1000 false positives.  It is very
> light on the machine.  I have mail convening here from 22 domains,
> and I get lots of legit mail from weird and unknown places, so
> I can't be too cavalier with my heuristics.
>
> I don't meant to sound like I'm bragging.  It's hard work, and I
> admit it!  But that's the biz we're in.  If you sysadmin 100 users,
> then I say, well, hunker down and do some homework and get it
> done.  There are no easy shortcuts to putting in the time and
> learning, with thinking cap in place on head.  However, there are
> helpful resources around now that were not there years ago, including
> paramount among them Nancy McGough's QuickStart tutorials.  The
> result to well done work is almost always rewarding.
>
> People often misjudge the preparation effort involved in coding
> with procmail.  After all, the language is meager and flat; there
> are few bells and whistles, but also thereby few overweening
> constructs to have to sweat-effort your way through (once you
> get past the scoring syntax basics and some other, oh, shall we
> say eccentric expressional nuances).  In short, people often tend
> to think that with a spare language, it should be easy to
> stay out of trouble.  To the degree that they don't think through
> their strategy (heuristic) and build their algorithms soundly,
> though, they fool themselves!  For this procmail stuff is no different
> from coding in any other language.  Do sloppy prep work with bad
> or no internal documentation, and you have a rat's nest of code
> that will cause you infinitely more grief than good.  On the
> other hand, plan out your attack with some mental rigor, and do
> the homework to get you up to speed on articulating those ideas
> in the language, and you will be surprised at the ease and
> subtlety and success -- even with what we may in all fairness call
> a "brittle" little language like procmail.  And developing for
> yourself at least a yeoman's facility with regexes is an excellent
> first start.
>
>  
most of my filters are filtering the bodies for particular content (such 
as a multitude of ways of spelling viagra, cialis and other 
pharmaceuticals.  Mostly I have rules that look for domain names in the 
bodies.  One of the rules that really worked was a rule that I was given 
from here on the "Received: from" which stopped quite a bit of stuff. 
Once I get spf done, that will be a really good one. 
www.rulesemporium.com has a script called rules_du_jour to upgrade 
spamassassin rules on a regular basis.  That's helped quite a bit.  I 
may start sending all spam through and not holding it on the server for 
users to get via webmail.  I just dropped a ton of "REJECTS" from 
/etc/mail/access.  This will increase the onslaught, but lets see what 
happens.

>  
>
> > It would still be handier to have procmail record its process id with 
> > each entry in the logfile.
> >    
> I thought David posted that yesterday.
>
>  
He did, but the solution that he gave wasn't what I was looking for.  I 
need to modify the source code and submit it back to procmail.  I'm 
using the "LOGFILE=/usr/local/logs/$LOGNAME syntax and that will do what 
I need it to do. 

Thanks,
Curtis

>  LOG = "
>  $$
>  "
>
>  


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail