On Tue, Feb 13, 2007 at 11:34:57AM -0600, Martin McCormick wrote: > Andrew Sackville-West writes: > > > 3) it is fairly trivial to flag all messages with a .gif attachment as > > spam and chuck it in the right box. bogofilter is not the way to do > > that though. Even something like a procmail rule may > > suffice. certainly, various configs in your MTA could handle > > attachments. > > That's where it gets interesting. Here where I work, we > have Microsoft Outlook, Exchange, etc. About 2 to 3 of every 5 > work-related messages contain .gif files, some of which are > pictures or maps with most being someone's signature or some > other little flourish that they want to attach to their message. > It's still a .gif, however, so probably 2/3 of my work messages > would end up in the spam folder were I to do that.
well, that's a social problem. there are no real technological solutions for social problems. ;-P > > Right now, a mixture of bogofilter and .procmailrc rules > snags around 90% of the junk. I have received 10,300+ spams of > all kinds since New Year's Eve when I started counting to see > just how many spams I receive. It's about 250 messages per day. > if 10% get to one's inbox, that's still quite a waste of time. I > wanted to make sure there wasn't something completely unknown > that I was missing out on. > > Thanks for all constructive suggestions. I only recently switched from bogofilter to spamassassin w/ clamav and I have to say its impressive. It has tagged more spam more accurately than bogofilter ever did. And it has not given me 1 false positive which bogofilter definitely did on occaision. just last night I had 368 spam that scored over 10, about 22 that were scored between 5 and 10 (which i put in the "suspect-spam" folder just in case, never had one *NOT* be spam yet). 16 that were blackholed by clamav, and then maybe 12 that were missed and ended up in my regular folders. I feel pretty good about that, considering I haven't really started training the bayesian filters yet. So that's less than 3% of my total spam load that got missed by SA/clamav. There are ocr plugins for spamassassin that will look at things like the contents of images to determine if its spam. might work for you though, with the amount of images you guys are passing around, the performance hit could be pretty large. You'd need to set up some pretty strict rules about what gets filtered through that system. One of them is called fuzzyocr I believe. Finally, you might think about using a whitelist setup for who is allowed to send images and then everyone else gets the images stripped off. You could whitelist all your local users and known others and then dump any other images right in the blackhole and be done with it. If someone sends you an unsolicited image, that's their problem. A
signature.asc
Description: Digital signature
