[opensuse] OT slightly: Manually recognizing SPAM emails
Because I have a business and don't want to take the chance of deleting something I may want to get, I have been using the IP address as well as a few keywords to build my own spam control - so far blocking about 99%. I've tried googling many ways and not getting anything I'm looking for. However, is there any tell tale signs in the email headers to look for ? Any website that tells how to block spam using info from the headers ? Thanks, Duaine -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing & Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home & Business user of Linux - 10 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 8/24/2010 1:37 PM, Duaine Hechler wrote:
Because I have a business and don't want to take the chance of deleting something I may want to get, I have been using the IP address as well as a few keywords to build my own spam control - so far blocking about 99%.
I've tried googling many ways and not getting anything I'm looking for.
However, is there any tell tale signs in the email headers to look for ?
Any website that tells how to block spam using info from the headers ?
Thanks, Duaine
You are on a fools errand trying to block by these means. Just install SpamAssassin and let it detect spam. Spamassassin does not BLOCK. It only TAGS. Therefore you can put everything with low scores directly in your in-box and put things with high scores (spam) into a probably spam folder without fear of ever BLOCKING valid mail. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On 8/24/2010 1:37 PM, Duaine Hechler wrote:
Because I have a business and don't want to take the chance of deleting something I may want to get, I have been using the IP address as well as a few keywords to build my own spam control - so far blocking about 99%.
I've tried googling many ways and not getting anything I'm looking for.
However, is there any tell tale signs in the email headers to look for ?
Any website that tells how to block spam using info from the headers ?
Thanks, Duaine
You are on a fools errand trying to block by these means.
Just install SpamAssassin and let it detect spam.
Spamassassin does not BLOCK. It only TAGS. Therefore you can put everything with low scores directly in your in-box and put things with high scores (spam) into a probably spam folder without fear of ever BLOCKING valid mail.
That's the point of starting my own version. I don't want the mail in the first place. So, in Thunderbird, I tell it to delete it from the POP server - then - if by accident it gets to me, then I have it set to delete it. Therefore, even though my traffic is small potatoes, I'm saving that much more on "crap" traffic. Duaine -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing & Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home & Business user of Linux - 10 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Duaine Hechler wrote:
John Andersen wrote:
On 8/24/2010 1:37 PM, Duaine Hechler wrote:
Because I have a business and don't want to take the chance of deleting something I may want to get, I have been using the IP address as well as a few keywords to build my own spam control - so far blocking about 99%.
I've tried googling many ways and not getting anything I'm looking for.
However, is there any tell tale signs in the email headers to look for ?
Any website that tells how to block spam using info from the headers ?
Thanks, Duaine
You are on a fools errand trying to block by these means.
Just install SpamAssassin and let it detect spam.
Spamassassin does not BLOCK. It only TAGS. Therefore you can put everything with low scores directly in your in-box and put things with high scores (spam) into a probably spam folder without fear of ever BLOCKING valid mail.
That's the point of starting my own version. I don't want the mail in the first place.
So, in Thunderbird, I tell it to delete it from the POP server - then - if by accident it gets to me, then I have it set to delete it.
Therefore, even though my traffic is small potatoes, I'm saving that much more on "crap" traffic.
Duaine
Now, if I can tell spamassassin to delete it from the POP server then ........... -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing & Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home & Business user of Linux - 10 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 8/24/2010 3:19 PM, Duaine Hechler wrote:
Now, if I can tell spamassassin to delete it from the POP server then ...........
Who owns that pop server? If not you, you are TSOL. Your best bet, if you don't run your own mailserver is to get a gmail account and have it pick up the mail for you. Their spam filtering is pretty amazingly accurate. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On 8/24/2010 3:19 PM, Duaine Hechler wrote:
Now, if I can tell spamassassin to delete it from the POP server then ...........
Who owns that pop server? If not you, you are TSOL.
Your best bet, if you don't run your own mailserver is to get a gmail account and have it pick up the mail for you.
Their spam filtering is pretty amazingly accurate.
Since I have a AT&T Uverse account - it's YAHOO - BOOOOOOO -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing & Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home & Business user of Linux - 10 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 8/24/2010 3:29 PM, Duaine Hechler wrote:
John Andersen wrote:
On 8/24/2010 3:19 PM, Duaine Hechler wrote:
Now, if I can tell spamassassin to delete it from the POP server then ...........
Who owns that pop server? If not you, you are TSOL.
Your best bet, if you don't run your own mailserver is to get a gmail account and have it pick up the mail for you.
Their spam filtering is pretty amazingly accurate.
Since I have a AT&T Uverse account - it's YAHOO - BOOOOOOO
You aren't married to that. Gmail has the ability to pick up your yahoo mail for you. You can continue to use the same email address (or cut over to the gmail one, (or do both if you prefer). Run your Gmail account as Imap (or use web interface) and you never even have to download the spam folder - saving bandwidth. I wouldn't even attempt this on Yahoo. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2010-08-24 at 15:34 -0700, John Andersen wrote:
On 8/24/2010 3:29 PM, Duaine Hechler wrote:
John Andersen wrote:
On 8/24/2010 3:19 PM, Duaine Hechler wrote:
Now, if I can tell spamassassin to delete it from the POP server then Who owns that pop server? If not you, you are TSOL. Your best bet, if you don't run your own mailserver is to get a gmail account and have it pick up the mail for you. Their spam filtering is pretty amazingly accurate. Since I have a AT&T Uverse account - it's YAHOO - BOOOOOOO You aren't married to that. Gmail has the ability to pick up your yahoo mail for you. You can continue to use the same email address (or cut over to the gmail one, (or do both if you prefer). Run your Gmail account as Imap (or use web interface) and you never even have to download the spam folder - saving bandwidth. I wouldn't even attempt this on Yahoo.
Or create an account at Fastmail.fm to use a company that supports Open Source and provides many of the very same features. -- Adam Tauno Williams <awilliam@whitemice.org> LPIC-1, Novell CLA <http://www.whitemiceconsulting.com> OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 24 Aug 2010 23:34:32 John Andersen wrote:
On 8/24/2010 3:29 PM, Duaine Hechler wrote:
John Andersen wrote:
On 8/24/2010 3:19 PM, Duaine Hechler wrote:
Now, if I can tell spamassassin to delete it from the POP server then ...........
Who owns that pop server? If not you, you are TSOL.
Your best bet, if you don't run your own mailserver is to get a gmail account and have it pick up the mail for you.
Their spam filtering is pretty amazingly accurate.
Since I have a AT&T Uverse account - it's YAHOO - BOOOOOOO
You aren't married to that.
Gmail has the ability to pick up your yahoo mail for you. You can continue to use the same email address (or cut over to the gmail one, (or do both if you prefer).
Run your Gmail account as Imap (or use web interface) and you never even have to download the spam folder - saving bandwidth.
I wouldn't even attempt this on Yahoo.
Hi .. I have to say that i have found very little problem with the Yahoo mail system i am on BT here in the UK their system is hived off to Yahoo , I get very few spam mails thru maybe 4 or five a day at best yet if i use the web page (disgusting idea but still) and look in the Bulk folder there will be on average 350 mails in there correctly marked as spam The few that manage to escape get dealt with here in Kmail via the spamassin system Pete . -- Powered by openSUSE 11.3 (x86_64) Kernel: 2.6.34-12-desktop KDE Development Platform: 4.4.4 (KDE 4.4.4) "release 2" 07:39 up 17 days 21:37, 2 users, load average: 0.00, 0.00, 0.00 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Duaine Hechler said the following on 08/24/2010 06:19 PM:
Now, if I can tell spamassassin to delete it from the POP server then
You can't. It doesn't work that way. Like you were told, SpamAssassin TAGS mail. What you want is this: use 'fetchmail' to get the mail from the POP server and hand it over to 'procmail' Among other things, 'procmail' pipes in into SpamAssassin and back and then looks at the tags. 'Procmail' can do the delete, or 'rate' the severity/likelihood. It can also whitelist and blacklist. I use the whitelist to avoid the load of sending known 'closed' and presumable 'safe' mailing lists directly to my local mailbox rather than waste effort running them through spamassassin. If you check the archives I've described my setup at length before. Let me repeat that SpamAssassin ONLY tags the mail. You can't use it to delete. You need to have a wrapper around it such as procmail Some user interfaces such as Thunderbird have the hooks to fetch from the repository, pipe though SpamAssassin and then you can set up filters on the tags. Pop is fine, but the pop protocol "downloads" and removed the mail from the server. I use that to fetch and empty my various _remote_ mailboxes and, via fetchmail/procmail/spamassassin put them in my local mail server. I then access it with Thunderbird using IMAP. Unlike POP, IMAP does NOT delete on read. POP and IMAP are very different. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 8/24/2010 3:12 PM, Duaine Hechler wrote:
John Andersen wrote:
On 8/24/2010 1:37 PM, Duaine Hechler wrote:
Because I have a business and don't want to take the chance of deleting something I may want to get, I have been using the IP address as well as a few keywords to build my own spam control - so far blocking about 99%.
I've tried googling many ways and not getting anything I'm looking for.
However, is there any tell tale signs in the email headers to look for ?
Any website that tells how to block spam using info from the headers ?
Thanks, Duaine
You are on a fools errand trying to block by these means.
Just install SpamAssassin and let it detect spam.
Spamassassin does not BLOCK. It only TAGS. Therefore you can put everything with low scores directly in your in-box and put things with high scores (spam) into a probably spam folder without fear of ever BLOCKING valid mail.
That's the point of starting my own version. I don't want the mail in the first place.
So, in Thunderbird, I tell it to delete it from the POP server - then - if by accident it gets to me, then I have it set to delete it.
Therefore, even though my traffic is small potatoes, I'm saving that much more on "crap" traffic.
Duaine
Oh, I see. I was confused by your lead in statement that implied a false positive was your biggest fear. (Deleting something important). If in fact your major concern is cutting down on crap traffic, AND you OWN a pop server (one has to ask why in gods name are you still using pop), then you can put some filters on that machine. But those filters are STILL better done in postfix before the mail is accepted, and preferably by something under constant maintenance like spamassassin running under postfix with something like Amavis. You've ALREADY paid the bandwidth by the time it hits your mail server tho... -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 24.08.2010 22:37, Duaine Hechler wrote:
Because I have a business and don't want to take the chance of deleting something I may want to get, I have been using the IP address as well as a few keywords to build my own spam control - so far blocking about 99%.
I've tried googling many ways and not getting anything I'm looking for.
However, is there any tell tale signs in the email headers to look for ?
Any website that tells how to block spam using info from the headers ?
Any such Website would make the spam problem even worse. You should only block spam directly on the first server that receives mails for a domain. If you reject the mail later you bounce the mail to the sender address. Unfortunately, in case of spam the sender address is almost always falsified, so you bounce the mail to the innocent third party. This case of spam is called backscatter. In other words, your own server turns into a source of spam and will soon be blacklisted. So, if you do not control the mx of your domain, please do not reject the mail. For the mx of the domain there are a lot of measures to cut spam down. If you use Postfix (the default MTA on opensuse systems) you can use header_checks to reject mails that match certain expressions. Unfortunately, spam is changing so fast that it is too much trouble to update the header_checks every day. Usually a spam wave lasts for 4-12 hours, so when you have analyzed the recent spam and updated the header_checks, the spam run is already over and the spams don't get caught any more. Even worse is the danger of false positives. You reject innocent mails that match your quickly written rule. Since you don't read the mail you can't even check if the mail was actually a spam or not. That is the reason why it is much safer to add your own patterns to spamassassin. That way you can safely add/reduce points of the score. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-08-24 22:37, Duaine Hechler wrote:
Because I have a business and don't want to take the chance of deleting something I may want to get, I have been using the IP address as well as a few keywords to build my own spam control - so far blocking about 99%.
I've tried googling many ways and not getting anything I'm looking for.
However, is there any tell tale signs in the email headers to look for ?
Any website that tells how to block spam using info from the headers ?
I understand from other posts that you are using pop3 to get your email, and using your own filters to delete email on your ISP server. That you don't want to use spamassassin because you simply do not want to download the email. That contradicts what you said in your original post, ie, that you “don't want to take the chance of deleting something I may want to get”, because you are running that chance by your current method. Attempting to keep ahead of spam that way is futile: they are many, you are one; and they are good at what they do (ie, spamming). You have to use services from people that make their job to do just that, fight them, and they are good at it, too. Well, You have two possibilities. One: use spamassassin - yes, I insist. Download all the email (yes, download it), then filter it with SA, moving (yes, not deleting) to a different folder, and keep good email in the "good" folder. Why? Because the best known method to classify spam email is to analyze each email completely, both headers and body. SA does this via what they call Bayesian filtering. First they analyze the headers the "classical way", then all of it⁽¹⁾. The people in the best position to do this are your ISP, but they don't. So... alternative "a", download it and let SA examine it. Alternative "b", let some other, nice, ISP, do the job for you. Ie, let gmail (for example) download your email, do the filtering for you (after you train it), and then you download it. Notice two things. Gmail will "machine read" your email. They do this, they say, to put appropriate comercials on the side bar. The other is that gmail will not delete your spam. It will be left there for a month before they delete it; you have to review it (via web interface) and reclassify what is spam and not before deleting the real spam. Note ⁽¹⁾: It is possible to analyze some headers and then dump email, using spamassassin, before it is downloaded. It needs that you run your own "real" smtp server, so that you can really reject email. I haven't read of this while fetching from pop3/imap and SA. If you do it badly and bounce emails, you can be blacklisted as spammer yourself. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
On 2010-08-24 22:37, Duaine Hechler wrote:
Because I have a business and don't want to take the chance of deleting something I may want to get, I have been using the IP address as well as a few keywords to build my own spam control - so far blocking about 99%.
I've tried googling many ways and not getting anything I'm looking for.
However, is there any tell tale signs in the email headers to look for ?
Any website that tells how to block spam using info from the headers ?
I understand from other posts that you are using pop3 to get your email, and using your own filters to delete email on your ISP server. That you don't want to use spamassassin because you simply do not want to download the email.
That contradicts what you said in your original post, ie, that you “don't want to take the chance of deleting something I may want to get”, because you are running that chance by your current method.
Yes & No. Since I am doing a whois on the IP addresses (from received or originating IP), I'm finding that most of the spam is coming from other countries. So, in Thunderbird, I filter by least common denominator of the IP address. So if IP address range is 145.165.0.0 - 145.165.255.255 - then - I filter for [145.165. Also, if IP address does not work, I filter by email domain, keywords, phrases, etc. So to double check my settings, I clean the trash folder and run my filter definition. If more emails get moved to the trash folder then I expect, then I have to step back and regroup. Duaine -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing & Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home & Business user of Linux - 10 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-08-25 04:10, Duaine Hechler wrote:
Carlos E. R. wrote:
Yes & No.
Since I am doing a whois on the IP addresses (from received or originating IP), I'm finding that most of the spam is coming from other countries. So, in Thunderbird, I filter by least common denominator of the IP address.
So if IP address range is 145.165.0.0 - 145.165.255.255 - then - I filter for [145.165.
Also, if IP address does not work, I filter by email domain, keywords, phrases, etc.
So to double check my settings, I clean the trash folder and run my filter definition. If more emails get moved to the trash folder then I expect, then I have to step back and regroup.
That's a lot of work, and you can make mistakes. And a mistake of erasing a good email is very, very, bad. Simply use SA and forget it all. It simply works. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
participants (7)
-
Adam Tauno Williams -
Anton Aylward -
Carlos E. R. -
Duaine Hechler -
John Andersen -
Peter Nikolic -
Sandy Drobic