perez2000 Posted November 29, 2004 Share Posted November 29, 2004 I have been a long time user of SpamAssassin and have recently upgraded to SpamAssassin 3.0. I have several spam traps on my mail server which I use "spamassassin -r" to automatically report spam to the various spam reporting services. 3.0 added SpamCop to the reporting list. I have tested it using the default reporting address and also a customized reporting address for a newly registered account. The custom submittal address sends me e-mails which I must take action on. If I understand the service correctly, the spams are simply queued for reporting. This won't due as my spamtraps received about 100 or so spams a day and manually slogging through the messages is not feasible. The default reporting address doesn't generate any e-mails, but I'm concerned that the e-mails are blackholed which defeats the point of reporting. My question: what is the "best practice" for mail administrators who have spamtraps and want to report the spams to SpamCop automatically using SpamAssassin? Thank you, Carlos Link to comment Share on other sites More sharing options...
Wazoo Posted November 29, 2004 Share Posted November 29, 2004 There's another Topic somewhere within the last month or so about this "neat" feature of SpamAssassin ... bottom line .. there is no such thing as a "Default SpamCop address" ... so yes, anything sent out that way goes nowhere. If you'd take the time, hit the FAQ, read other Topics, go through the "Rules" .... you'd find that there is no "automatic" setting ... the SpamCop tool-set is exactly that .. only a tool to be used woth care. The actual report/complaint generated by the parser and the list of suggested targets is also only that .. it is the reporter that decides whether those reports go out to those targets. Tales are legion from users that either set up a scri_pt or simply checked all the boxes presented and then come back complaining that their ISP cut them off due to sending complaints about themselves to their own ISP .... Link to comment Share on other sites More sharing options...
perez2000 Posted November 29, 2004 Author Share Posted November 29, 2004 There's another Topic somewhere within the last month or so about this "neat" feature of SpamAssassin ... bottom line .. there is no such thing as a "Default SpamCop address" ... so yes, anything sent out that way goes nowhere. Thank you for your quick response. I do appreciate it! This is what spamassassin 3.0 defaults for its submitted reports: spamassassin-submit[at]spam.spamcop.net which you can override with this parameter in user_prefs: spamcop_to_address The SpamAssassin docs state " If this is not set, SpamCop reports will go to a generic reporting address for SpamAssassin users and your reports will probably have less weight in the SpamCop system." I'm also setting the spamcop_from_address "just in case" it is used to calculate a reputation value. If I understand the situation, the generic address has "no weight", correct? Thanks! Carlos Link to comment Share on other sites More sharing options...
Wazoo Posted November 29, 2004 Share Posted November 29, 2004 e-mail between Don and I, back on 14Nov04; -=-=-=-=-=- >SpamAssassin and SpamCop >Subject line as above in the "spamcop.help" newsgroup. >What in the h*&^ is this all about? A "generic" >spamcop reporting address (allegedly identified >as spamassassin-submit[at]spam.spamcop.net ) First we've heard about it. We're just now starting to discuss it. I'm pretty sure any sort of "generic" submission address will not materialize, and if we find such a hole, it will be plugged. We wouldn't have any control over who is submitting spam and couldn't control abuse of a generic address. - Don - >Again, allegedly something "new" in the most >recent version of SpamAssassin. -=-=-=-=- So I'll repeat .. there is no such thing as a "Generic /Default Sumit E-Mail address" "No weight" as it doesn't exist .... Link to comment Share on other sites More sharing options...
perez2000 Posted November 29, 2004 Author Share Posted November 29, 2004 So I'll repeat .. there is no such thing as a "Generic /Default Sumit E-Mail address" I sense you are mad at me Seriously, I read the SpamCop FAQ and searched this group and google prior to posting, and didn't find the thread you are referring to. Obviously I didn't enter the magic search words... I'm an end-user of SpamAssassin and just in the process of configuring it. I'm surprised the SpamAssassin developers added a feature without consulting SpamCop. Out of the box, SA 3.0 will send a report to the generic address. I can't speak for the SA developers, but I'm quite positive they did not intend to blindside SC with useless traffic. I will take this thread over to the SA developers forum.... Thank you. Link to comment Share on other sites More sharing options...
Wazoo Posted November 29, 2004 Share Posted November 29, 2004 No mad <g> ... and like you, I spent a lot of time trying to find the Topic I thought was "here" .... apologies for that ... had to go back to my old e-mail and that's where I caught the "newsgroup" item that turned out to be what I was thinking of ... Based on not hearing about the spam being submitted to "the default SpamCop address" .. I'm more guessing that the SpamAssassin programmers just added in a "default placeholder" that really doesn't do anything until the user puts in a "real" SpamCop e-mail submittal address. again, just a possible guess ... Link to comment Share on other sites More sharing options...
julian Posted November 30, 2004 Share Posted November 30, 2004 I have been a long time user of SpamAssassin and have recently upgraded to SpamAssassin 3.0. I have several spam traps on my mail server which I use "spamassassin -r" to automatically report spam to the various spam reporting services. 3.0 added SpamCop to the reporting list. I have tested it using the default reporting address and also a customized reporting address for a newly registered account. The custom submittal address sends me e-mails which I must take action on. If I understand the service correctly, the spams are simply queued for reporting. This won't due as my spamtraps received about 100 or so spams a day and manually slogging through the messages is not feasible. Hi Carlos. Here are the different reporting methods in the order of their weighting in the bl system: Spamtraps: In order to submit spamtraps to spamcop, you must set up permanent forwarding and work with me to configure an account for you. I'm adding a FAQ for this here: http://www.spamcop.net/fom-serve/cache/402.html We currently get about 85% of spam from traps. Registered submissions: These are the normal confirmation-required submissions. Whether you use spam Assasin or another method to submit spam. These reports account for about 10% of the spam. "Unsolicited" submissions: Submissions from default spam Assasin and some other sources are used to "bolster" other types of reports about a source of spam. They cannot cause a new source of spam to be blocked. These submissions are not shared with ISPs. They account for about 5% of the submissions. The trap system has existed for a long time, though I have not publicly asked for submissions before now. It will probably remain a pretty low-profile choice. The unsolicited method is very new, and I'm still evaluateing it's cost/benefit. I may tie it into cooperative ISP's spam-feedback mechanisms (like AOL's "this is spam" or similar). ISPs who wish to discuss this possibility are welcome to contact me to set up some sort of trial. -=Julian=- Link to comment Share on other sites More sharing options...
Jeff G. Posted November 30, 2004 Share Posted November 30, 2004 Julian, thank you for the clarification. Reading between the lines, SpamAssassin users' reports will carry more weight if they go to registered submit addresses and get confirmed. Do reports sent to quick addresses carry registered or "Unsolicited" weight? Thanks! Link to comment Share on other sites More sharing options...
perez2000 Posted November 30, 2004 Author Share Posted November 30, 2004 Here are the different reporting methods in the order of their weighting in the bl system: After thinking about the issues of automated spamtraps, I agree that there has to be some kind of QA or vetting process. Just because I try to be a conscience mail administrator, doesn't mean anything. I can see how unverified or unauthenticated spamtraps can cause all sorts of havoc with RBL's. The cure would be worse than the disease. I check several DNSBL's on my SMTP front-ends, so when something slips through, I believe it should be reported immediately. So for every message that gets caught, there were probably 100x refused connection attempts. The question distills down to how to compute the reputation value of a "Good Samaratin" spamtrap and detecting when a spamtrap is erroneously submitting false positives. Perhaps I will research this more. Let me know if I can help out Carlos Link to comment Share on other sites More sharing options...
julian Posted December 1, 2004 Share Posted December 1, 2004 Julian, thank you for the clarification. Reading between the lines, SpamAssassin users' reports will carry more weight if they go to registered submit addresses and get confirmed. Do reports sent to quick addresses carry registered or "Unsolicited" weight? Thanks! Quick reports are the regular registered reports. -=Julian=- Link to comment Share on other sites More sharing options...
Wazoo Posted December 1, 2004 Share Posted December 1, 2004 I'll say thanks for the explanation, expansion on the concept and all that. Of course, still feeling a bit silly for so recently posting the last data I had from RW ... he does know this by now also or ...????? Link to comment Share on other sites More sharing options...
Ellen Posted December 1, 2004 Share Posted December 1, 2004 I'll say thanks for the explanation, expansion on the concept and all that. Of course, still feeling a bit silly for so recently posting the last data I had from RW ... he does know this by now also or ...????? 20748[/snapback] Yes Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.