Pegasus Mail & Mercury

I am using Mercury/32 and reject SpamCop matches, Spamhaus XBL & ZEN matches and Composite Blocking List matches. Those all helped to greatly reduce the spam received but there was still a decent amount that would get a high probability with Spamhalter and be false positive. I just stopped using F-prot DOS and went to Clamwall (ClamAV) and also use the Sanesecurity anti-phish / anti-scam signatures and get nearly zero spam now - remarkable!

 

I am sure a fair amount of you will say that I am likely denying delivery of legitimate mail but this is a much better solution than any of the alternatives (yes I use Content Control as well as Transaction filters). I look at it this way - if you or your ISP has gotten you listed (blocked) by SpamCop, Spamhaus or CBL; I'm not the only one that won't be getting mail from you. In addition to that, if Barracuda Networks is using the Sanesecurity signatures they must be fairly trustworthy.

 

I welcome any feedback. 

 

---

Harvesters come get this address!

mapspots@tfs.pvt.k12.ga.us

Check out spamhaus in more detail.  It seems to me you've got some overlap if you are checking xbl, zen and cbl.

PaulW:

Check out spamhaus in more detail.  It seems to me you've got some overlap if you are checking xbl, zen and cbl.

 

 

Right you are! I will change that ASAP.

 

- Update Apr 07, 08-

Spamhaus is supposed to be using CBL lookups but explain th following numbers from my latest statistical report (prior to removing CBL lookups locally):

 Mercury/32 v4.52 statistical report, Wed Apr 02 02:14:15 2008

   Spamlist 'Spamhaus SBL-XBL Rej' - hits       14157 (13784)
   Spamlist 'Spamhaus PBL-ZEN Rej' - hits       20716 (20212)
   Spamlist 'CBL Composite Blocki' - hits       1535 (1534)
   Spamlist 'SpamCop Reject' - hits             3446 (3389)
   Spamlist 'dnsbl.NJABL.ORG .4-.' - hits       45 (44)
   Spamlist 'DSBL single stage Ta' - hits       27 (27)
   Spamlist 'DOMAINS .2-.3 ex.dns' - hits       4 (4)
   Spamlist 'dnsbl.NJABL.ORG .02 ' - hits       2 (2)
   Spamlist 'CBL Comp. Blocking R' - hits       2 (0)
 

Is the CBL number just the specific number of matches to their list?  

---

Harvesters come get this address!

mapspots@tfs.pvt.k12.ga.us

bryroller:

I am using Mercury/32 and reject SpamCop matches, Spamhaus XBL & ZEN matches and Composite Blocking List matches. Those all helped to greatly reduce the spam received but there was still a decent amount that would get a high probability with Spamhalter and be false positive. I just stopped using F-prot DOS and went to Clamwall (ClamAV) and also use the Sanesecurity anti-phish / anti-scam signatures and get nearly zero spam now - remarkable!

 

I am sure a fair amount of you will say that I am likely denying delivery of legitimate mail but this is a much better solution than any of the alternatives (yes I use Content Control as well as Transaction filters). I look at it this way - if you or your ISP has gotten you listed (blocked) by SpamCop, Spamhaus or CBL; I'm not the only one that won't be getting mail from you. In addition to that, if Barracuda Networks is using the Sanesecurity signatures they must be fairly trustworthy.

 

I welcome any feedback. 

 

 

So how does one actually setup Mercury to use the  "Sanesecurity anti-phish / anti-scam signatures" I'm a little lost on how to configure this.

They are additional patterns for Clamav to use for detecting spam etc.

Go to http://www.sanesecurity.com/clamav/usage.htm to learn more.  Then follow the link towards the bottom of that page to download, Clamsup which is a batch file you can put in 'scheduled tasks' to download these signatures.

PaulW:

They are additional patterns for Clamav to use for detecting spam etc.

Go to http://www.sanesecurity.com/clamav/usage.htm to learn more.  Then follow the link towards the bottom of that page to download, Clamsup which is a batch file you can put in 'scheduled tasks' to download these signatures.

I'm a little confused I thought mercury only called ClamAV when there was an attachment in an email?
How do I configued mercury to use Clamsup?

Mercury calls clamav on ALL messages.

Clamsup is nothing to do with Mercury, all it does is to update the definitions that clamav uses to clasify each message.