http://www.uniforum.chi.il.us/slides/assp.ppt

1. Extracting the Ham from Spam David J. Young

4. SP iced h AM

11. Terminology True Positive (*****SPAM*****) False Positive SPAM (Positive) False Negative (*****SPAM*****) True Negative Not SPAM (Negative) Identified as SPAM Not Identified as SPAM

14. Processing matrix No processing (also doesn’t contribute to spam/nospam collections) Redlist (but does contribute to spam/nospam collections) Doesn’t contribute to whitelist Spam Lover Normal ASSP operation Contributes to whitelist Unfiltered Mail Filtered Mail

28. ASSP Configuration

30. Mail Flow Internet Mail Svr Clients Inbound Outbound Internet ASSP Mail Svr Clients Inbound Outbound Internet ASSP Mail Svr Clients Internet Mail Svr Clients with ASSP Internet Mail Svr ASSP Clients Invalid

31. Email Flow Internet ASSP GroupWise/ Exchange Clients Inbound Outbound MTA Internet GroupWise/ Exchange Clients MTA ASSP ASSP MTA smtp0 in out spam Not spam white red black grey Bayesian DB Errors 125 25

32. 1999 This is an email that is being sent to the Internet. Th This is an email that is GWIA MTA POA GroupWise Internet

33. 2003 Internet GWIA MTA POA GroupWise sendmail Virtuser table aliases Internet MTA DNS Block List

34. 2004 GWIA MTA POA GroupWise sendmail Virtuser table aliases Internet MTA sendmail SpamAssassin SpamAssassin Internet

35. 2006 GWIA MTA POA GroupWise sendmail Virtuser table aliases Internet MTA ASSP sendmail ASSP spam Not spam white red black grey Bayesian DB Errors sendmail SpamAssassin SpamAssassin Internet

36. Phase In GWIA MTA POA GroupWise sendmail Virtuser table aliases Internet MTA ASSP sendmail ASSP spam Not spam white red black grey Bayesian DB Errors sendmail SpamAssassin SpamAssassin Internet

37. Flow with Anti-Virus Internet ASSP Mail Svr Clients Internet ASSP Clients Inbound Outbound Antivirus Mail Svr Antivirus

45. Spam Report

49. Before ASSP

50. Turning ASSP on

51. With ASSP

52. stat.pl Statistics [root@smtp]# perl stat.pl /tmp/m.log As of Mon Jan 22 21:48:46 2007 the mail logfile shows: 0 proxy / smtp connections 253 were dropped for attempted relays (0.0% of total). 31523 messages, 16758 were spam (53.2%) in 65 days for 485.0 messages per day or 257.8 spams per day 1518 additions to / verifications of the whitelist (23.4 per day) 14643 were judged spam by the bayesian filter (87.4% of spam) 2115 were to spam addresses (12.6% of spam) 0 were rejected for executable attachments (0% of spam) 10121 were sent from local clients (68.5% of nonspam) 842 were from whitelisted addresses (5.7% of nonspam) 0 messages were passed to SPAMLOVERs 3802 were ok after a bayesian check (25.8% of nonspam) 1498 addresses are on the whitelist 0 hits on the blacklist 0 resulted in spam (0.0% of Bayesian spam, 0.0% of blacklist hits) 0 resulted in non-spam (0.000% of blacklist hits)

53. ASSP Statistics

59. Questions