The mailing list for listmasters using Sympa

[Serge <address@concealed>]

Jeff Abbott wrote:

> Folks,
>
> We, like many sites, use an external spam filtering and tagging tool  
> (specifically, Sophos PureMessage) running on our mail gateways that  
> handles the identification and tagging of spam and viruses.  While 
> some  viruses are immediately quarantined at the gateway, no spam is 
> ever  blocked then and there, though most users have their mail 
> filters for  their Duke email accounts set up to abandon anything 
> that's 80%+ likely to  be spam, and some even drop anything 50% and 
> above.  PureMessage tags  messages that it thinks are 30%+ likely like 
> so:
>
>   X-PerlMx-Spam: Gauge=XXXXXXII, Probability=62%,  
> Report='OBFU_CLASS_FINANCIAL_LOW 3, RCVD_IN_CBL 3'
>
> (The Report='.....' part is usually much longer, but I cut it short 
> to  keep it readable.)
>
> List owners, understandably, don't like it when spam makes it to 
> their  list, even if their users are eventually filtering it out.  
> While I could  set up a bunch of scenarios for filtering different 
> levels of spam with  something like (to block 50% or higher):
>
>   match([msg_header->X-PerlMx-Spam], /Gauge=X{5,10}/) -> reject,quiet
>
> I'd rather not have to create an abundance of scenario files just for  
> filtering different thresholds of spam.  Is there another way to do 
> this?   It'd be ideal to have it be completely and easily configurable 
> by list  owners, but if it requires Listmaster intervention I suppose 
> that's okay  so long as it works and doesn't require us to maintain a 
> huge number of  scenarios.  Thoughts?  Anyone else solved a similar 
> problem, or looking  for a solution to a similar problem?


What you can do is to introduce such rule in 
/home/sympa/etc/scenari/include.send.header This set of scenario rule 
will be included in any send authorization scenario.  Of course this way 
scenario administrationis reduuce to the muinimum but list owners can't 
adjust it. When using global rules it is probably beter  to request 
sender authentication* then reject the message. How experience is that 
spammer never confirm messages.

Some simple rules can also block almost every spam :
*equal([*is_bcc*],'1') smtp -> request_auth

The best way to block spam is to limit sending to subscribers. For non 
subscribers, request authentication or submit to editor is good.

Serge Aumont

* *