Domain: canit.ca
Stories and comments across the archive that link to canit.ca.
Comments · 8
-
CanIt
CanIt works a charm for me. It's free ( beer free ) for 50 users, and uses open-source tools to get the job done. I used to get 30 - 50 spam messages per day ( and this was years back, before there was so much spam ). I might get 2 per week now, and the bayesian filter learns from experience, so whatever comes in at least helps you block more of the same stuff.
-
Server-side Bayes
AFAIK, Bayesian filters are not used much (if at all) on mail servers.
Our CanIt-PRO product does server-side Bayesian filtering, and different users can have their own personal Bayes corpus.
-
Old news
Our CanIt anti-spam product has been doing it for quite a while.
I posted an article about it in January. -
AnswersYou said you'd like to actually reject some mail. For this to work it has to be done during the SMTP transaction. You can't wait until the LDA gets its hands on the message. You have to do it at the MTA level. SpamAssassin can still do this. However now you need to glue it to Sendmail via a Milter. I highly recommend MIMEDefang for your milter. Actually if you're rolling it out for 50,000 users then I recommend you purchase the commerical version called CanIt. That way you get support and features that aren't in the open-source version. MIMEDefang is a wonder tool. David did a helluva job on it.
I personally use a large number of DNS blacklists. I call them from Sendmail and reject mail with them. Many people don't like DNSBLs; of course I believe these people are ignorany fools who couldn't admin a mail system if their life depended on it. That's ok. At the very least you should be able to use the DNSBLs that list open relays, open proxies, open SOCKS boxes, and vulnerable formmail.cgi web servers. We can surely all agree that you don't want your mail server talking to another mail server that's known to be vulnerable. Most of these specific lists require that an open * be abused before they list them. I'd also contend that we can all justify using Spamhaus's Spamhaus Block List (SBL). It lists known spammers and it very specific about it. You can block roughly 75% of spam with that list alone. Where you use these DNSBLs is up to you. Like I said above, I call all of mine straight from Sendmail. You can configure SpamAssassin to call these DNSBLs for you and assign a score you define. It's pretty easy. This way you can still use lists like SPEWS that rely on collateral damage to score mail but not outright block it. I use SPEWS and love it but it does block some legit mail by design. If you only score off of SPEWS you can minimize the FPs while still maximizing your spam filtering efforts. I am preparing to score foreign countries and RFC-Ignorant domains off of this as well.
I do not recommend you use the DCC. I highly recommend you use Razor which IMHO addresses the shortcomings in DCC. Submissions to Razor have to be confirmed unlike in the DCC. This way other people confirm that the message someone submits is actually spam and not JCPenny's spring mailing list. SpamAssassin can make these calls as well.
The mail system you're describing is going to be fairly large. This isn't something you want a single box handling. Ideally you'd put the spam and AV checks on a mailhub ahead of the actual MTA or cluster of MTAs. These boxes act as a spam firewall of sorts and takes the CPU intensive tasks you mentioned off of the actual mail server. I'm not actually using this type of setup myself but I will be eventually. There was a Slashdot article a while back about a setup roughly your size and what I guy did to make it work. It was quite a nice setup. I can't find the link now. IIRC, he scored mail and then sent probable spam via a seperate mail queue to a seperate spool for each user. Then using IMAP the user could check their probable spam for FPs. It was a nice setup.
You also mentioned Bayesian filtering. Let me make something very clear. Bayesian filters must be applied on a user by user basis. You can't simply enable Bayes for all 50,000 as one lump sum. It will never be able to learn what is an isn't spam that way. You have to let it learn on a user by users basis. The existing Bayes abilities within SpamAssassin don't work well (or at least easily) when SA is called from MIMEDefang. There are supposedly hacks for this but I have yet to see a working one. Along those same lines user-defined preferences also don't work well (or at least easily) fro
-
Re:big difference: not just rejecting mail
My product CanIt can tempfail mail also. However, it can be dangerous, because you tend to get a big increase in SMTP connection attempts. If you can tempfail early (as Theo's scheme does), it's not so bad.
Our stats, however, show that most spam does not come from open relays any more. With the advent of cheap broadband, I'd say a lot of spam comes directly from DSL or cable-modem machines. Some comes from Web servers with broken formail scripts, and some from legitimate non-open relays that are abused by subscribers. Only the minority comes from open relays nowadays. -
Re:Spam filters in officesThere just is no way of filtering by subject or content without the risk of losing real mail. If there is something that does the trick, I'll be happy to know about it.
At the risk of being labelled a spammer, I'll mention my product, CanIt. False-positives are never a problem. Ever.
-
I supply source code...I sell a commercial piece of software called CanIt, and I supply the source code to purchasers for the following reasons:
- A lot of the system is written in Perl and PHP, and it's impractical to obscure the source code.
- It gives me a competitive advantage over people who don't supply source code, because CanIt is something people might want to customize.
Of course, the license agreement limits what you can do with the source (basically, do what you want except distribute it, but don't expect support if you change it.) I would sue the pants off someone who violated the license agreement.
-
Re:You know what I'd kill for?Why put it on your client? The proper place for spam filtering is on the server, which is where CanIt works.
For ISP's, we're coming out with CanIt-PRO, which allows all your customers to have their own settings and preferences, without installing software on their PC's. And it works regardless of which mail client they use.