Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Filter Rules / Order Question
  FAQ FAQ  Forum Search   Register Register  Login Login

Filter Rules / Order Question

 Post Reply Post Reply
Author
insitec View Drop Down
Newbie
Newbie


Joined: 21 April 2008
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote insitec Quote  Post ReplyReply Direct Link To This Post Topic: Filter Rules / Order Question
    Posted: 16 February 2017 at 12:07am
Hi Folks,

One of the things we're experiencing at the moment is a huge amount of spam that's being picked up by reverse DNS, or MAPS search; and is getting quarantined. Our issue is that around 90% of that spam would be set to 'do not quarantine' from a keyword match. 

I don't want to set reverse DNS or MAPS to 'not quarantine' because we're still getting around 0.5% to 1% of emails on those categories being legitimate.

Any ideas? I've increased the number of countries we're blacklisting (and not quarantining), in an attempt to reduce it; but I'm keen to know how other people have tackled this issue?

Cheers,
Andy
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 16 February 2017 at 4:17pm
Andy,

This one is not going to be simple... SpamFilter does not allow the order of the filters to be changed, so the only option I can think of so far is to query the database to delete records that match your keywords from the database itself.

The difficulties are with the fact that SpamFilter's keywords can be plain or RegEx, there may be multiple keywords on one line, and that you may be using the ::NULL option for some of the keywords to tell SpamFilter to not quarantine the emails containing that keyword, but otherwise quarantine the others.

Are you configuring SpamFilter to not quarantine your entire blacklist keyword filter, or just individual keywords? What is your DB platform - SQL or MySQL?
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
insitec View Drop Down
Newbie
Newbie


Joined: 21 April 2008
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote insitec Quote  Post ReplyReply Direct Link To This Post Posted: 16 February 2017 at 9:27pm
Thanks Roberto,

I figured it was probably non-trivial! 

We are using regex for most of our keywords, and we've got them all set to ::NULL. To confirm - we are not currently quarantining anything that filters on a keyword match.

We are using MSSQL as our database.

Cheers,
Andy
Back to Top
insitec View Drop Down
Newbie
Newbie


Joined: 21 April 2008
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote insitec Quote  Post ReplyReply Direct Link To This Post Posted: 23 February 2017 at 11:01pm
We've been looking into this a bit more, and we were thinking we might have to write a custom database trigger.

The trigger would fire whenever a new message is quarantined, and it would immediately run a regex match of the keywords. If it gets a hit, it will delete the message. 

Have you ever heard / seen anyone doing something similar, or is there something else you would suggest?

--Andy
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 24 February 2017 at 8:15am
Yes, other users (us at LogSat included) employ database triggers to act upon new messages that are added to the quarantine. We fully support SpamFilter even with users making changes to the DB, even adding their own tables to obtain new functionality they need in their environment.

In regards to your need, I was personally thinking about a scheduled query within your SQL Server to perform the cleanup - the difficulty is with coming up with a query that will handle entries in SpamFilter's keyword list and "convert" them into keywords that SQL server can use. But once this query is discovered, applying it with a database trigger would indeed be better than a scheduled job.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.070 seconds.