Hi Karen, > shellworld.net the shell service where I do most of my internet work is > using Ubuntu. This is a Debian list but we are smart enough to differ between Ubuntu specific problems and general question about strategies. From my point of view I order yours into strategies. > Has something happened to the program ? There has nothing happend to the program. The type of spam you are receiving has changed. I don't know much about your mail setup but spam has to fight on different levels when processing mails. > Is there a better spam filtering option for shell servers that I might > suggest to our administrator? If I looked up the right smtp host on your side you are running Postifx. Enable Postscreen in Postfix which will kill a number of spambots based on your test. This will kill for example servers on blacklists and impatient servers which don't greet or greet before you have said hello. Next defense line are smtp restrictions. Here you gonna check for invalid sender domains which don't exists and performing ptr checks. You can also do header checks like "kill every email with viagra in subject". But this is a little bit expensive. I don't do it at this point. Has your email passed all the checks it's now time for content scanners. As you noticed there is more than one. There are enterprise solutions but you can do this all with opensource stuff. You may want to consider doing the following checks and based on the score flag the email as spam or not: SPF and DKIM This is for looking up if the senders is allowed to send emails for this domain. This will not kill spam but you can include it in your scoring for spamassassin. For SPF checks spamassassin can do this. For DKIM use opendkim or amavisd-new. DMARC SPF and/or DKIM has failed? Look up the DMARC policy if there is one. Some people wanna know which hosts are abusing their names and tell you what to do with this email. Best thing if you are allowed to reject it. opendmarc is what you are looking for. Check for viruses or unwanted files I reject a lot of files like .exe, .src, .vbs etc. Email is not for file sharing and in 99,99% it's a virus. All other files have to pass the virus scanner and if it's containing a virus just reject it. amavisd-new and clamav are the tools you are looking for. Also every other virus scanner which is supported by amavisd-new Content scan Last but not least: Let spamassassin scan the email. If you get spam which is not tagged as spam train your spamassassin or change the scoring rules. Not all rules are enabled if you are using the default installation and not all are scoring hard enough. This is based on the spam you get. Cheers Flo
Attachment:
signature.asc
Description: OpenPGP digital signature