[milters] Archive

Lists Index Date Thread Search

Article: 1385
From: G1OGY \(Dave\)
Date: 2007-01-03 19:04:28 -0500
Subject: Re: Have they cracked it? (Or am I simply paranoid?)

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------




milters-bounce@milter.info wrote:

Thanks for thinking Anthony.
> 
> G1OGY (Dave) wrote:
>> I have received a series of ~apparent~ porn spam (not a flood) during
>> the past few days - the sort of thing that tempts in text with tales
>> of grandmothers and young men and/or young women of asian parentage
>> wielding certain implements. These are common - a few sentences and a
>> URL.  They score 20/25++ on the vocabulary employed and are generally
>> rejected.
> 
> How long does it take for the command line scan of an example message
> on average?
> 

For a legit mail - between 1.3 and 5 (depending on size - as they say in the spam ;)
Between 3 and 8 seconds for the average spam.  If FuzzyOcr gets in to the frame (given a
picture attachment) then it can extend to
12 or 15 secs but never more than 20.  ~Extraordinary~ numbers like 158, 159 or 166
seconds are visible in the current weekly log.



>> All of the ones that have infiltrated are addressed to the same email
>> address and have circumvented the barriers through:
>> milter-spamc[<pid>]: <message id> timeout before input from SPAMD
>> server milter-spamc[<pid>]: <message id> SPAMD status line failure
> 
> Sounds like SpamAssassin being its usually bloated & slow
> self. Are you
> using the network tests? 

Majority of the DNS checks are done in sendmail.
Network tests are disabled in local .cf <skip_rbl_checks 1>
but I load plugins:
	RelayCountry
	URIDNSBL 
	Hashcash
	SPF
out of init.pre
	AntiVirus	
	AWL
	AutoLearnThreshold
	TextCat
	AccessDB
	WhiteListSubject
	DomainKeys   <!!! - thought I'd turned that off>
	MIMEHeader
	ReplaceTags
out of 310.pre
	
> 
> Does SpamAssassin consulting
> ORDB.com, which is
> no longer working and so possibly causing a timeout? 

No.

> Are you consulting maybe too many BLs. 

I'd say the minimum effective:
Spamhaus (combined)
dsbl.org
njabl (combined)
all out of sendmail

> Have you updated recently SpamAssassin?

Have you stopped beating your wife?  Damned either way ;)  No. (3.1.7)
> 
> Have you increased the spamd-timeout value from the default 120s?

Er..  No.  Needs a spamassassin code hack, doesn't it?  (and a corresponding increase in
the sendmail timeout too, I'd have
thought...)

Appreciate you taking time to answer. 

Regards

-Dave


Lists Index Date Thread Search