Slashdot Mirror
Critical Eye on SpamAssassin
ErrorBase writes "In this Infoworld article, Logan G. Harbaugh makes a great deal about an ancient (2.44) version of SpamAssassin comparing it with newer comercial variants.
Quote : You get what you pay for. [...] However, it took more than 10 times as long to install and configure SpamAssassin as it did any of the other products. "
Why did he not ask Kevin Railsback who had the whole thing working some while ago?)"
What is a good, free client-side spam filter for Outlook?
You never know most places would have not looked for an OO solution.
A psychopath can't tell the difference between right and wrong. A sociopath knows the difference - he just doesn't care.
"SpamAssassin 2.44, an open source spam filter included with Red Hat Linux 9." Included with RedHat 9 is spamassassin v. 2.54, not 2.44
SpamBayes, by far.
All my incomming mail comes through SpamAssassin (cant remember which version off the top of my head), and once in a blue moon a single piece of spam will manage to find it's way through. When it does, I guess i should just applaud the spammer for being so devious.
TrollAssasin would be nice, imagine seeing posts subjects as *****TROLL***** heh
spam bayes
http://spambayes.sourceforge.net/
works well with outlook 2000 etc.
not using Outlook? Seriusly most good anti spam filters are server side.
A psychopath can't tell the difference between right and wrong. A sociopath knows the difference - he just doesn't care.
Seems like this guy did not verbalize it but that was his problem. If you know what you are doing hacking a conf file from vi is easier than a gui for sure. However, his low performance and configuration woes would have probably been handled with a easy to use graphical interface.
Aren't there tools that do this?
ACK
This was just a setup to make commercial software look better or just a incompetent reviewer. Next.
Webmin is great for setting up just about anything you can think of.
A psychopath can't tell the difference between right and wrong. A sociopath knows the difference - he just doesn't care.
"We compare a collection of recent operating systems: Windows XP Professional, Mac OS X Panther, Debian GNU/Linux 0.91".
Seriously, InfoWorld, SpamAssassin 2.44 was released in February, all the other vendors you compared were constantly updating their products to cope with the ever changing nature of spam.
John.
Great - compare generation or more older open source to fresh shrinkwrap. Who's zooming (or shilling) for who.
.01% (yes Bucko, less than 1/1000) false positives. When they implemented it several versions ago it was just as good.
My ISP (souther NH) runs SpamAssassin 2.6 - and I can tell you that at the default settings it catches 90-95% with
I've got one client where the run NO filter - some folks (the names GOTTA be on the web site) get up to 100 spams a day. IT are basically monkeys with hands. I have no idea what the CEO thinks. They wouldn't even think OS as they're a total MS shop.
I don't understand why he's so critical of a free product. I upgraded to 2.60 and it's running near flawless, and since the program is so simple, you just upgrade it, no need to change configuration options if you don't need to, you just call it from procmail.
Yeah all those GUI options look nice, but 90% of the time, why do I need to change my spamblocking settings? The Bayesian filter autoadjusts itself with little or no user intervention -- it's near transparent.
I run a mail server at home on a Linux box, with Postfix and Spamassassin 2.60. I have it configured to label mail as spam once it hits 8 points, and to automatically chuck it into /dev/null once it hits 12 (using Postfix's header_checks).
It works pretty well for me -- the mail server's only for my personal use so I don't really have to worry about irate subscribers sueing me for dropping them legit mail =p and the 8-12 point range in the spam marking gives me a chance to vet through those suspicious mails briefly before deleting them.
I've never tried any other spam filters on the server-side, so I can't really compare. I guess I'm also a bit of a Linux hacker so I don't mind tweaking all those config files along the lines of the FAQ and other hints on forums to get it to work the way I want it to.
Gan Family Homepage
Come to think of it, it seems to work out just fine.
Newt-dog
My Doctor prescribed daily nasal saline irrigation, hehe
This is likely funded by un-named virus vendors who has integrated SapmAssassin into their appliaces. Away on a vacation, I came back to find our people unaware SpamAssassin was open source. The vendor quietly forgot to mention that.
In the end, any company is going to have to put people and tools together to get a spam solutution, or outsource it. But DIY needs people time.
Don't pay vendors for SpamAssassin, it runs quite nicely on left over PCs reloaded with Linux.
I know people have been recommending SpamBayes but be warned - it is very slow to parse and move the emails. Only bother with this if you receive only a small volume of spam or have a pretty fast computer.
==> Start|Settings|Control Panel|Microsoft Office XP Professional with FrontPage|Remove
Best one yet!
He sent a long open letter to SAtalk. You can find it in the mailing list archive
well, on the first page the author already makes it pretty obvious why SpamAssassin had to come out at the bottom of the list. He is comparing version 2.44, which was included in RH9 and is thus at least 8 months old, to the latest antispam software that is regularly updated. How on earth is that an unbiased comparison? In a world where spam patters change every week, if not every day, 8 months is a generation... he even says so in his article. I'd be interested to see the results of a similar test, but with SpamAssassin 2.60 and of course with bayesian filtering and some of the other optional features enabled...
Why did he not ask Kevin Railsback who had the whole thing working some while ago?)"
He expected to get the results that he normally gets with most commercial software. Click Setup.exe, answer a question or two and it's done, up and running. Further configuration is not required though it may be desired.
The commercial vendors of Spamassassin have not improved the core product in any way. What they have improved is the packaging, the installation, the default configuration and the interface to modify that configuration. The stock SpamAssassin does not offer that although, Spamassassin setup is far more simple than some other packages out there.
versus
The first found Spamassassin easy, the second found it hard. Hmmm.
What really aggravates me is the typical "There are blacklists available that you can subscribe to, and some are updated regularly, but these are noncommercial lists with no guarantees." I'd like to see what guarantees the commercial lists come with.
you need to change them because the easy install solutions suck(and have default installs that somebody can try to get around and test untill it goes through).
world was created 5 seconds before this post as it is.
Each product was tested with a different stream of mail, so the number of messages received varied, but all received enough messages to assess their capabilities.
Can you imagine someone writing "Oracle, Sybase and Postgres were compared. While the data and workloads were different, all products performed enough work to assess thier capabilities."
All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves.
I don't know anything about Brightmail. Spamassassin end user whitelists entries can be set up in a number of ways.
And all the products but SpamAssassin use dynamic updates to keep up with the evolving technologies spammers use to circumvent less sophisticated filters.
As aluded to in the summary, this is false with modern versions of Spamassassin, which uses Baysian filtering. (The author later says he couldn't get it working.
However, it took more than 10 times as long to install and configure SpamAssassin as it did any of the other products. [...] But just because the software is installed does not mean it will work -- filtering criteria must be added manually, and until that's done nothing is filtered out. Getting the various configuration files edited properly so that the whole package worked was not simple. Documentation was difficult to find, and not always easy to follow.
While it is true that one must be comfortable with a text editor to configure Spamassassin, thus perhaps putting it out of reach of point-and-click admins and technical journalists, I also wouldn't be prone to put my mail servers in the hands of either of those groups of people.
It looks for keywords in the subject or body of e-mails, but is frustrated by words not in the dictionary, such as "V!agra," or words that contain invisible HTML characters.
While I am not sure what tests appeared in which version, I'm pretty sure 2.44 handled off-by-one works such as V!agra. I have no idea what he's talking about when he says "invisible HTML characters", but it does seem to point to a certain technical incompetence, similar to the ostritch belief - "If I can't see you, then you can't see me."
This is not to say Spamassassin is the easiest thing in the world to deal with. I happen to love it, because of the extreme flexibility.
I just get sick of tech journos who decide that because a tool doesn't have a gui and they don't want to take the time to configure it, it sucks.
I forget what 8 was for.
And that is without even tring. This guy just has a chip on his sholder.
Karma: The shiznight, mostly because I am the Drizzle.
[SpamAssassin] filtered only 62 percent of spam, whereas the other products produced great results, blocking 90 percent to 96 percent of all the spam they encountered with few, if any, legitimate messages blocked.
To me, this statement is pretty telling. Harbaugh must get some completely different kinds of spam than me, because, even though I receive about 60 spam mails a day (directed to my "spam" folder, so I never see them until I scan the "From:" field and then delete them), maybe one per week makes it through the filter. And seeing as how I can't even remember the last time I got a false positive, that's a pretty damn good number.
I can believe that if you receive a variety of mail and if you took no time to configure SpamAssassin other than cranking it up, maybe then it'll only catch 80% of the spam. But 62%? I'm not sure if Harbaugh is skewing the benchmarks or if he just doesn't know what he's doing.
There are some legitimate issues with SpamAssassin that might not make it ready for the enterprise, but for a handful of users, I have been more than satisfied. And the price is right.
-- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear
You think 2.44 is ancient? Feh - Debian 'stable' is still stuck with 2.20.
Sounds to me like Infoworld has an advertising contract with (at least) one of these companies. At the very least he should have checked the site for an update before he started his "tests". For a while there, I got every one of those "IT industry" hype mags (always free). While there was some good information here and there, you had to wade through a lot of advertising pretending to be articles.
I love SpamAssassin and would not consider email hosting without it. It has made my email account useable again ! For the record, it seems to catch about 80-90% of my spam, and I have never seen a 'false positive' (I do check my 'spam' folder, but less and less)
The grass is only greener, if you don't take care of your own lawn.
It is not a fair comparison to compare the open source solutions against commercial variants, especially in the spam war. Yes, it is nice to have a small army working against your spam (like in the commercial products), but you have rendered your control to someone else. That is the beauty of open source. You are the captain of your own ship. Maybe that is the problem, if it sinks, you have to go down with it. With a commercial product there is someone else to lay the blame. Spamassassin is very easy to configure and tweak. I change settings as the flow of spam changes. We recieve a lot of e-mail from over seas and Spamassassin does a wonderful job of sorting out the unwanted mail.
i have been using spamassassin for a year and it works great! granted, in the beginnings about 18% of the spam (in my case 18% of about 30 emails per day) would get trough. BUT if you read the manpage and tweak with the different scores a bit, you can get that down to 1 - 2% with about the same amount of false positives. as an admin, you should be able to tweak any spam filter to match your needs best.
what i can highly recommend is to increase the score of MICROSOFT_EXECUTABLE as it generally is a piece of spam. in addition the bayesian statistics are a great idea: a spam filter that learns!
as for the reviewer: if it takes this person 10 times longer to read a manpage and punch in some trivial scores into a trivially set up configuration file, then you should take his review with a HUGE grain of salt... especially since he reviewed an ancient version of the software.
finally a general comment about spamassassin: EXCELLENT software, especially for the bargain price of $0.
Can we moderate the article at -1 Troll, please?
:)
It's just a bit too obvious that he was hoping for a severe slashdotting, driving his own numbers ("look, editor, how many people read my articles!") and the ad numbers of his paper up.
Probably submitted the story himself, too.
Assorted stuff I do sometimes: Lemuria.org
It takes me no more than 5 to 10 minutes max to get spamassassin working. I don't know what kind of idiot the author is, but he sure is a full-blown member of the idiot species.
Hell, I just reinstalled a distro on my desktop and had spamassassin up and running within 15 minutes of booting up the first time.
What. A. Tard.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Seriously:
- The Spamassassin installation documentation could be better written IMHO.
- Why doesn't RedHat's update service offer constand updates to the current version of SpamAssassin?
- Why doesn't it (as mentioned in another post) have the most important configuratoin setups included in their overall configuration GUI?
I really wish distributions would support SA better.then he can just get Spamassasin Pro but hey what do I know?
Rus
Cheap UK and US VPS
What? open source software having crappy and hard to find documentation?
Memo to self: if I ever spend 3 months creating free software to share, take 2 hours to write a web page showing somebody how it freaking works!
First thing, the user has to be at least as smart as the tool they are wielding. No, actually just smart enough to follow directions and go beyond clicking on "help" to get help. Just another case of wannabe administrator arrogance: "If the tool doesn't configure itself or have cool looking icons, it must suck."
The bias apparent in this article and the crappy comparison chart aside this review doesn't even begin to touch base as a throughly researched opinion ion piece and ends up look like an advert for Brightmail.
However we do in the OS community face a UI problem. The missing rung on the ladder to mass acceptance is the absence of high quality UI that give users and indeed administrators of the point and drool variety a interface with the service they are seeking to use.
Before the Highly polished phpmyadmin I met serious resistance from admins for MySQL over msSQL based mostly on interface. The same goes for CUPS which has a web interface that I think has come of age if not achieve adult hood. The Webmin's are OK as long as you don't tinker to much or do anything slightly non-standard. I dislike Swat and am now so used to editing smb.conf I haven't even checked it;s working. I think that a lot of these services, apache, Spamassassin and X11 for example, could bare providing embedded configuration UI's if they aim to capture wider markets. Mandrakes X11 confugulator is very good.
I was going to mention the difficulty presented for admins with widely deployed Outlook when looking at these kind of solutions but then I though no only have sympathy where it is due. An I know that SpamAssassin could work seamlessly with Outlook but if users want a front end for white-listing then SpamAssassin isn't going to be your toy just yet.
Though we love the text based config file you may have to put a lot of working into configuration UI's if you want to enter the area as far as that reviewer and many sysadmins are concerned.
During a single month i got about 2-3 SPAM mails ... without Spamassassin the count was 1500-2000 a month .. (Heil NNTP) so i guess it works :D . Ok our settings are a bit anal .. but that does'nt hurt.. and our users dont complain.
I knew nothing about filtering spam until I installed SpamAssassin 2.6 in a multi-user environment last week. Here are my responses:
I wouldn't recommend that my grandmother install SpamAssassin, but if you have any admin skills whatsoever, it's quite easy to use it to set up effective and useful filters. Furthermore, there are enough factual errors in the article that I'm tempted to dismiss it outright.
Of course, it's possible that it got a lot better between 2.44 and 2.6, but that begs the question, why did he install 2.44?
"The obvious mathematical breakthrough would be . . . an easy way to factor large prime numbers"
Bill Gates, 1995
Am I the only one who notices that Microsoft are lanuching their own anti-spam solution, and suddenly we get "honest-and-unbiased" reporting on solutions like SpamAssassin?
Who is kidding who here?
Ceci n'est pas une signature
I can install Spamassassin and six other applications via CPAN in the time it takes to get the syntax right for one license key.
I also like the characterization of Spamassassin as "first generation" without any supporting evidence to the fact. First generation was adding spam senders to your e-mail client's blocklist. Bayesian filtering is well beyond first generation, but spammers have learned to defeat Bayesian filtering with poison data in non-eyeball space and text obfuscation. The next generation in spam detection is to detect the Bayesian evasion features - and guess what does that!? Spamassassin (2.60).
who are those slashdot people? they swept over like Mongol-Tartars.
I've found the easiest way to implement SpamAssassin is to invoke it through MailScanner. MailScanner uses third-party virus scanners and can optionally invoke SpamAssassin as well. With the free ClamAV antivirus product, you can build a powerful open source mail scanner. Even without a virus scanner, MailScanner detects and quarantines executable attachments and other dangerous content which represent the most common types of mail-borne viruses and worms.
RedHat installs the daemonized version of SA as well as the SA Perl scripts. Using the daemon, the easiest implementation is to invoke SA in /etc/procmailrc on the mail delivery host; for mail gateways running sendmail, you need to use the milter interface. I've found the MailScanner+SpamAssassin approach much easier to configure than either of these methods, and you get virus scanning to boot!
I suspect if the reviewer had compared SA 2.60+ to the commercial products, rather than the older 2.44 version used in the review, SA would have shown better results.
I'd agree with the reviewer that one of the things SA lacks is an easy method for users to interact directly with the program. (Part of the issue has to do with security; SA runs as root. As I read the review, I wondered how the other products allow users to interact directly with the scanners without sacrificing security.) It's not easy to maintain per-user Bayesian filtering, for instance, but I generally recommend having the mail client, e.g., Mozilla, handle these tasks.
I was using version 2.44, I was able to compile and upgrade spamassassin before the number of posted replies hit 60! Can't be too hard!
Not only is this somewhat old news, it's been discussed on the spamassassin mailing list. Apparently, the article was edited so that it's more anti-spamassassin than the reviewer intended, but Mr. Harbaugh also defends his review of an older version of spamassassin as "it came with my Redhat 9" (NOT a direct a quote). He also claims it took nearly an hour to install and set up. (I counter that it took seconds to install and minutes to set up).
The current version of spamassassin is 2.60.
All my mail comes through spamassassin as well, but I am not having nearly the success you are...
.2-.5% false positive. Don't get me wrong, I am WAY happier now that before spamassassin, but if I could be getting better performace, that would be great...
I get about 60-70% of my spam correctly tagged, and about
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Since then, I've downloaded a bunch of rules from The SA Custom Rule Emporium and almost nothing gets through.
If this guy had trouble, it is the fault of the documentation, not the product. Either that, or he was dumb enough not to upgrade to perl 5.8 or above, and spent forever installing modules.
He says:
Funny how when you install an old version of the product, it seems outmoded, hmmm?
Sheesh.
Pixie
don't mess with those geekgrrls
Every little bit helps, though - and some people have to use Outlook at work. Plus, there are some nice client-side filters - look at Mozilla Thunderbird's filtering for a nice example.
I just recently started setting up some virtual hosting, and for mail I used netbsd, qmail and spamassasin 2.90 ( both of which are new to me ) and it's all working great now. It has taken me around 5 light days to get each working how I want it to.
:)
Netbsd qmail and spamasassin are excellent; Give them a try if you have not already
I run a commercial service hosting customers and my customers have gone positively APESHIT over S.A.. Just an opposing viewpoint.
While his review was perhaps not scientifically conducted. I think there was a point to be made with the SpamAssasin blurb.
Notice that he deliberately took a standard install from RedHat 9, something some IT person (Not a tr00 g33k) might buy at CompUSA. He then tried to install the provided product. Clearly, a tr00 g33k would go and download the latest release, but keep in mind that not everyone is so comfortable with being on the bleeding edge - I believe that this was a point he tried to make. There is also the perception that the release provided with a "product" such as RedHat 9 will be up to the same standards as the OS.
While it's true the latest version has default rules and whatnot - it's quite likely that his older, more out of date version does not. In fact, going briefly to the spamassin home page the links for the 2.5 and 2.4 release documentation are broken.
The point to be made was: OSS needs to be more buttoned up. Notice that he said that he had no trouble installing redhat 9. That's becuase the installer is rather good.
Here's a nice example of a commercial guarantee. See if you can determine where it's from:
...
11. LIMITED WARRANTY FOR PRODUCT ACQUIRED IN THE US AND CANADA.
Microsoft warrants that the Product will perform substantially in accordance with the accompanying materials for a period of ninety days from the date of receipt.
YOUR EXCLUSIVE REMEDY. Microsoft's and its suppliers' entire liability and your exclusive remedy shall be, at Microsoft's option from time to time exercised subject to applicable law, (a) return of the price paid (if any) for the Product, or (b) repair or replacement of the uct, that does not meet this Limited Warranty and that is returned to Microsoft with a copy of your receipt.
Note that a) no updates or fixes are guaranteed, b) your only remedy is media replacement or a refund, and c) this choice of remedy is up to Microsoft.
I love it when people claim that you're taking a huge risk with open source software without guarantees. Microsoft says their software will work, but isn't saying that if their software doesn't work, they have to fix it.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Just one of the things the author of the article failed to mention was the various security and privacy concerns of passing your email through an external handler (who has a vested interest in your email content), which is what a number of the products reviewed do...
That it looks like InfoWorld used/uses RH9, sendmail, and spamassassin???
Looks like the latter article was written by an IT guy at infoworld, and the "shill" was written by a "journalist"
"I installed the software on Red Hat Linux 9, with help from one of Proofpoint's systems engineers. She talked me through getting the Linux system configured properly, getting sendmail set up, and installing and configuring the Protection Server, which includes the MySQL database server for storing quarantined e-mail."
who needs a gui?
no wonder he gave spamassassin a low score. he couldnt have someone handhold him
Forget the photo - check out the CV. He states that he has "20 years of experience as a freelance reviewer, IT consultant and systems analyst", but his resume would seem to indicate otherwise. I also don't see anything on his resume to indicate that he really is qualified to talk about anything regarding networking, except for holding a CNE cert (do those even exist anymore?) - there's no real IT work on there except for his six years at Novell, mostly documentation management and technical writing.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
Is there a lighter-weight alternative that is just as effective?
I run a personal mail server (Debian on a P-75 w/ 32MB) which most of the time is just fine. If for some reason I stop Yahoo forwarding my messages and then catch up later with fetchmail, I have to stop spamd. If I don't then I have hit the power button as SpamAssassin will consume all memory and CPU and then some. Even if I hit Ctrl+Alt+Del, it will still be thrashing 6 hours later. It's kind of annoying... so any recommendations for alternatives?
"The SpamCop Email System will filter up to 90% of spam sent to your employees."
Thats "up to" not "at least" so I guess not much of a guarantee, but then again, they only charge $30 a year.
if HighBit can install spamassassin, anyone can.
-- Dan
Site will soon move to a DB driven, auto cf file creating masterpiece. Great group of people working on the project to make SA easier to "stay current"
h tm
merchantsoverseas.com/wwwroot/gorilla/sa_rules.
enjoy!
I don't know anything about SpamBayes so I cannot comment on it at all.
POPFile is easy to use. It also performs Bayesian filtering. It is what I use.
http://popfile.sourceforge.net/
My current POPFile statistics:
Messages classified: 1,440
Classification errors: 19
Accuracy: 98.68%
saconf works for the Windows versions of spam assassin.
http://www.openhandhome.com/saconf.html
Spamagogo doesn't have quite the same setup, but it is good, and free for now.
Time for a snack.
On my Athlon 1700+ it takes about 0.5 secs per message at most. I get 200+ spams a day and it sorts through them wonderfully. I have not yet had a false positive though I have set the filters to err on the side of caution.
Its a great product.
wot no sig
I know you're just joking, but to be serious for a minute, the reason not to do that is because you'd be transparently altering someone else's copyrighted property. Overzealous and/or overworked sysadmins misconfigure SA to globally analyze all incoming content and then to alter email subjects based on its opinion. This is an invasion of content, certainly prone to false positives because antispam scanning is an individually trained process, and breaks the trail of reply threads at least on a visual basis. There are always going to be tons of misconfigured or RFC ignorant smtp servers out there, and being compatible with them is what makes the Internet work. That would include corporate servers, legitimate opt-in bulk mail, and opt-in mailing lists run by Some Dude. There will be people on a mailing list whose personal content is always publicly marked by certain recipients as spam! It's confusing, insulting, and unnecessary. SMTP has invisible meta-tags in its headers to allow for that, and agents are supposed to respect them.
This is fine for using SA's global config as your personal config for your own little systems, but not for an ISP or business.
According to spamassassin.org:
indeed - I've been using this for a while now. No false positives, I see bits and pieces in my unsure folder - including the "Hi, heres that link you asked for http://spam.spam.spamcorp, cheers .." that Paul Graham reckons is the future of spam.
Given I get over 100 spams a day and I see non of them I am very happy with this indeed.
> I don't understand why he's so critical of a free product.
Why is there this attitude that if your project is free, then it does not matter if it is garbage. Furthermore, you are not allowed to say it is garbage, because, after all, you don't look a gift horse in the mouth. Perhaps that is why Linux is still not on the desktop. There are plenty of people who spend days configuring theirs and then post "it works for me" comments, while the rest of us silently wonder why anyone would want to spend so much time on such garbage.
F-16 detroyed on ground by Spitfire while undergoing routine maintenance.
The idea being that good programmes are classed as, if you like, spam and bad ones aren't. Therefore anything that gets tagged can be considered a programme that might be interesting to the user.
The problem is that I've not seen a good *basic* description of how the algorithm works (i'll be implementing it in Perl with a view to porting it to other languages). Preferably with some sample values and a step by step guide on how the final score comes out.
Can anyone point me to a resource? Paul Grahams description is good, but the formula makes no sense and there aren't any examples.
Avantslash - View Slashdot cleanly on your mobile phone.
I believe the article is a bit unfair on spamassassin. Spamassassin does fairly good at what it is good at -- filtering spam. The other commercial products seem to be a total solution package, which would not only filter spam but lets you configure it so that, for example, you could have special spam folders with an auto expiry date.
I would be more interested in seeing comparisons on how well it compares with other commercial products on the success rate of identifying spam email (false positives would also be quite interesting).
Having said that, I agree that it would be nice if there were some programs or scripts that would automate the setting up of these nice ``extra'' features for you.
A final note, it seems that the article is not very accurate. I am quite sure that spamassassin would allow you to define whitelists, however, that requires running it as root and that has security implications.
SpamBayes is very, very good.
Does he by any chance love outlook rules as well?
:)
Spam assasin is on my server and is absolutely brilliant.. it catches 99.9% of all my spam, and has only on 5-10 occasions in the past month (i get about 50-60 emails a day) counted 'innocent' mail as spam... and even those were newsletters....
Anyone who slates SpamAssasin is one very deluded person... its Open Source, constantly improved... open to editing by it's users, rules can be added.... marvellous.
Commercial variants ive seen have been painfully badly implemented and not worked properly. Get SpamAssasin and fight the closed source lovers
Maybe he just did not know who Kevin Railsback was, or that one had to contact him to get this particular piece of software working. Where do you get an idea like that? How is "Spam Assassin" suddenly supposed to be associated with "Kevin Railsback"? And don't you even dare to say "google it". There are so many pages mentioning every popular product, nobody has time to read them all.
We replaced an SMTP relay/spam filter/virus scanner based on Exchange and a commercial product (not one of the reviewed products) about a month ago with one using PostFix and SpamAssassin (and amavisd) on RH. Incoming spam levels have been reduced by about a factor of ten with no false positives to date. This solution was not much of a challenge to implement - for a primarily Windows-oriented admin for whom it was a learning exercise. I haven't tried the products reviewed, but am more than impressed with what we now have.
It should not be a problem on a >200MHz machine. Seriously. Unless you've had WAY too much coffee.
Humorous how the guy who liked SpamAssassin (Kevin Railsback) was a tech who actually set it up for use at infoworld and the guy who didn't like it is an "IT consultant the author of two books on networking." Always trust a tech.
The heat from below can burn your eyes out
Contrary to popular opinion, light seconds/days/years are a measurement of length, not of time ;-)
I'll third that - SpamBayes ROCKS. I use it at work where our IT department just wasted huge amounts of money on a back-end solution that stops less than half my spam while at the same giving me trouble with blocking legitimate messages. SpamBayes cleans up what the back-end commercial solution misses every time.
To moderators. When you mod something "informative", please check the facts first. Spamassasin in RH 9 is 2.44.
Save the bandwidth. Don't use sigs!
Takes about 2 seconds per message on my 1 GHz Mini-ITX based machine.
Logan is a dumbass! I got Spam assasin running in no time at all. I let cron delete the SPAM file
once per day. I don't get any unwanted mail.
Exactly how much compiling are you going to do to perl code??? besides, if it's not in portage, they can try this:
;)
time perl -MCPAN -e 'install Mail::SpamAssassin;'
Oh also, either go stable or unstable; testing is for girly-men!
BTW, I'm a slackware fan. heh.
Exactly, I had SA integrated into exim with custom rules and what not, but it would break on upgrading the debian package, happened twice, needed to tweak exim.
:( I really should re-enable the bayes stuff, and figure out how to teach it what isn't spam.
Then I found out about the beauty of procmail once I looked into filtering all spam to it's own folder without email client filters. So now, I have different emails filtered to specific folders before it ever hits my inbox. Oh and I had to disable the bayesian filter, it was catching way to many not spam emails. Stuff that didn't have any keywords in it at all. One was just a couple quick sentences from a friend, who knows why it thought it was spam.
Here's a watered down version of my procmail file for those interested: http://gid0ze.net/dl/dot.procmailrc
Hey buddy..
./configure && make && make install
/etc/mail/spamassassin/local.cf
gunzip spammassassin.gz && tar -xf spamassassin.tar
Use any of the available configuration pages to generate a config..
install new config file in
Now that's about 10 minutes of work.
Of course you could of also done
perl -MCPAN -e shell
install Mail::Spamassassin and then uploaded a config.
RTFM
Any fine-tuning tips? I currently have the level set at 5.2 but I start getting more false positives when I go lower... Since I use a winbloze email client there is no easy way for me to forward spam messages to my linux server to process them.
Anyone want to upload their config files? :)
"Thanks to the remote control I have the attention span of a gerbil."
The Bayes filter in SA 2.6 works very well but unfortunately is not well-suited to site-wide learning.
-- casual readers may skip the following details
In an attempt to mitigate this, SA makes an unfortunate mistake in its unsupervised learning algorithm - it uses a different set of rules for training than it uses for marking mail as spam or not. So you can easily have email marked as spam but have the system trained as non-spam (or vice versa). This introduces systematic bias into the learning so that spam detection can get worse in the long run. As a further attempt to mitigate this problem, the learner uses a higher spam threshold, so many spams that are correctly marked do not contribute to the learning process. There is no way to set the SA configuration parameters to eliminate these biases (setting the learn threshold does *not* do it).
--- end of gory details
It is not too difficult to set up SA for personalized learning. Just pipe your mail to the following command:
spamassassin -e
If the return code is 0 (non-spam) also pipe the mail to
sa-learn --ham --single
If the return code is 1 (spam) pipe to
sa-learn --spam --single
If you do this you are guaranteed that the statistics recorded in your personal bayes db correspond exactly to the judgements made by SA.
In addition to this you must correct SA when it makes a mistake, by piping the message to sa-learn again with the right flag. You may be able to set up a macro in your mail reader to do this.
This isn't as easy to set up as it should be, but it is *very* effective.
In the last year I've received 20,000 non-spam and over 100,000 spam messages & viruses (30,000 if you eliminated the "Cumulative Update" messages, which SA caught just fine.) About 100 spams have gotten through (a couple a week) and about 10 false positives have occurred. All of the false positives have been 'weird' - advertising, automatic responses, or web pages that were forwarded to me. As far as I know (and I do check periodically) I've had no false positives in the last 50,000 spams.
My preliminary analysis indicates that personalized learning reduces both false negatives and false positives by a factor of ten. I'll report more systematic analysis in due course.
I, my wife, and yes - even the inlaws - run PopFile
It can be used locally, or used at the mail server. Either way, I'm over 98% alltime accuracy - with thousands of mail's checked and its very easy to config via its web interface.
Larry Seltzer did a similar job with a review of disposable email address services in
PC Magazine.
Spamgourmet (open source and free to use) was lined up against several commercial offerings, and was rated the lowest. It was clear from the review that he didn't spend much time learning about how spamgourmet works -- he wound up faulting it for perceived problems that were addressed by features that he ignored in the review.
Not to be cynical, but if I were a tech reviewer, I might be afraid of lawsuits resulting from my reviews -- open source projects have no revenue, and therefore can't prove up any damages in court. This might make me more likely to choose the open source alternative to get the shaft. Hopefully that's not what's going on here, but you've got to wonder...
who's moderating the meta-moderators?
spampal does the trick for me.
:)
quick and effective identification. can check the online black hole lists for IP ranges to block and you can manually set the thing up to ignore email from any country.
goooooodbye china!
I just started using SAProxy on Windows, after Consumer Reports rated it the best anti-spam tool. It's a POP proxy with SA embedded. Quite easy to use, and effective. See http://www.statalabs.com/ .
hmm... TrollAssassin seemed to work on this one, I must have it configured right.
The contents of this message have been doubly encrypted by ROT13
Notice that he deliberately took a standard install from RedHat 9, something some IT person (Not a tr00 g33k) might buy at CompUSA. He then tried to install the provided product.
Ok, I'm confused. Everyone keeps justifying this "review" because "it comes with RH9, and only geeks would upgrade".
Now, correct me if I'm wrong, but if the reviewer went out and bought Windows, he'd have no spam filtering at all. If he bought ANY of these other products, he still has to go and get additional software and install it. I don't see how an upgrade is any harder or less geekier than installing an entirely new application.
If he's not comfortable being on the "bleeding edge", then why would he be going out and buying brand-new commercial software in the first place?
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
If you have your mail on a POP server (ISP, hosting provider, etc.) try PrismEmail. It filters between your server and you so there is effectively no time or load on your computer, plus it works with virtually any mail client with nothing to install on the server or on the client.
I'm at 99.9% accuracy so far this month.
I got spamassassin up and running in about 5 minutes using the nice RPM package for it. Didn't need to do much in the way of hand configuring and it worked just fine.
This sig has been temporarily disconnected or is no longer in service
Comment removed based on user account deletion
For WinBlows users who couldn't install a spam filter on their mail server if they had a "For Dummies...' book about it, there is always SAproxy Pro from Stata Labs. For a Windows application it works pretty damn well.
SAproxy Pro
-Chris
-- This sig is only a test. If this were a real sig it would say something witty. --
This article is almost 6 month old. Maybe the guys at SpamAssassin have changed some things....
NoSuchGuy
Grundgesetz * 23. Mai 1949 - 30. November 2007 - http://www.vorratsdatenspeicherung.de/
to set up SpamAssassin with procmail.
And you better change that sime, straightforward procmail recipe to use ":0fw:" on the first line. That trailing ":" is important if you are not running spamd, as it makes procmail use a lock file and only run 1 instance of SpamAssassin at a time. Otherwise, if you get 30 messages, you'll get 30 instances of SpamAssassin, which is 30 instances of Perl, etc. Large load spike.
Two things, first, it is probably more proper to match the X-Spam: YES header than the number of asterisks in the X-Spam-Level header. Then you configure you can tweak your cutoff level for X-Spam: Yes in the SA config.
Also, rather than running SA from procmail or other means, it is much more efficient and clean to run it from a seperate daemon like amavisd-new and then configure postfix to use amavisd-new as a content_filter. There are several advantages of this approach, the greatest one being that you do not have process startup penalties for incoming mails to be scanned since amavisd-new is written in perl, references the SA engine through the perl module rather than the commandline, and has a similar scalable child process architecture to apache and many other network server daemons. Other nice things about amavisd-new is that you can integrate many different virus scanners with it as well as SA and it will handle all the subject rewriting, mail deleting, etc for you.
This is a bit off topic, but I'm wondering what people think of the advantages/disadvantages of running a mail server at home versus using a service like FastMail or pulling mail from an ISP. Spam-wise and otherwise.
I've used all three approaches at home, and now doubt that the return from caring and feeding a mail server is worth the effort.
-- Slashdot: When Public Access TV Says "No"
To all concerned, I apologize for the apparent maligning of SpamAssassin in my recent article in InfoWorld. In my original article, I stated that I used the 2.44 release of SpamAssassin for two reasons - because it was the version shipping with the latest release of Red Hat 9 and because it would illustrate how much the state of the art has changed in the last year or two. This explanation was condensed in the finished article by copy editors, which is beyond my control. This will be covered in the letters to the editor section of InfoWorld so the rest of the world will know that I did not deliberately use an old version of SA to show it in a bad light against commercial products. I plan to review the current version in an upcoming article, and I am sure that it will perform better.
Regarding some of the other comments that have been made in the many emails I've received defending SpamAssassin, some of you have said that SA is not hard to install, taking no more than an hour or two to download, install, configure and begin using. That is consistent with the 10 times longer number I used, because the other installation and configuration times were all around 5-10 minutes. You have said that an experienced Linux administrator doesn't find SA difficult to install or configure, and that additional functionality such as user-accessible white lists can be added, either through additional open source software or by writing scripts or programming to extend the functionality of SA. That's true, but not really relevant, unless there is a distribution that contains all of those features.
You have also said that I should have taken into account the fact that it doesn't cost anything before making statements about it being harder to install, configure and manage than the commercial products. SA does cost - but in an administrator's time rather than money, which I did say in the article.
The same is true of support - while you may get faster or better support through this group than you get with commercial software, there's no guarantee that you'll get any support at all - and most organizations will find that hard to live with.
So, when I review the latest version of SA, you can expect performance to be better, but I will still look closely at installation, administration, updates, maintenance, reporting, granularity of management, and end-user features for SA, just as I will for any other anti-spam packages I review.
Again, my apologies for creating a story that distressed so many of you. I do try to create balanced reviews that reflect the pros and cons of all the products reviewed.
Thanks,
Logan G. Harbaugh
530 222-1164
693 Reddington Drive
Redding, CA 96003
www.lharba.com
Brielle
I've got one client where the run NO filter - some folks (the names GOTTA be on the web site) get up to 100 spams a day. I'm just a normal user, I do have far too many domain names, but I never use them on usenet and the VAST majority of spam that arrives is to "randomly selected name"@mydomain.com and today, so far, I've received over 350 spams AN HOUR! (And that's after the Brightmail filter). Someone, somewhere, has picked one of my domains and I get just *so* much crap sent to it. 95% of my domains get nothing (or just stuff sent to "billing@mydomain2.com" where that's the admin address on the whois record (never used for email or posting EVER) but one domain in particular gets totally saturated. I'm talking to my ISP about putting in a filter further up line so that only the dozen or two "names@domain" that I've actually used for signing up for things like ebay and amazon can get through and everything else will be bounced. I use MailWasherPro for client side clean up, but since it runs first, and then email is downloaded, there are usually a few that arrive while downloading my email that haven't been "washed".
2.44 is Almost recent compared to the version 2.20-1 that is in the stable tree in Debian.
I had decided that I would mainly stick with the stable tree on my server, with just a few things testing or unstable if I needed them. I'd like to upgrade to 2.60 in the testing tree, but it drags all sorts of other things into the testing tree as well, like apache, so so far I've stuck with 2.20.
I am very tempted to upgrade it, though.
It takes about .3s/msg (I get hundreds of SPAM per day), and I'm running a Cyrix 166 (running at 120MHz). It gets faster as it caches the SPAM SMTP relay server credentials in the e-mail headers.
including installing FreeBSD 4.8, Exim 4.latest and MailScanner 4.24-5 and SA 2.6 with bayes. The longest bit was find enough Ham to train the bayes engine :-)
catches 99% of spam, more importantly in a month of live operation no false positives reported.. and that's with spam levels of around 75% of all external (inbound and outbound) email.
Interesting to note the reviewer needed help in installing Red Hat so I'd hardly say he's the sort of person you want installing a *nix based application anyhow.
Why did he not ask Kevin Railsback who had the whole thing working some while ago?
Maybe he tried but his email was marked as spam. Or maybe Kevin's reply was missed in the sea of spam.
Seriously though, I didn't know Kevin Railsback was willing to help people install spamassassin. What's his email address, so I can get him to help me?
I don't think this review is quite fair if he's reporting on the older version of SpamAssassin (2.44). Although the test could have been done 6 months ago and just published.
However I find SpamAssassin to be quite effective. I haven't crunched any hard numbers but I'm guessing my spamassassin filters 95% of my spam before it hits my inbox. That number has just gone up DRAMATICALLY now that Bayesian Filtering kicked in (it must learn a couple hundred messages before it becomes active). It does this by scoring any message that's more than double the default SPAM score as spam.
The default settings are 5.0 points, so any message scoring 10 or higher is "learned" as spam. The same is true for ham (non-spam) email, if it's below a certain threshold it flags it as a good email. Once the bayesian kicks in it's REALLY effective at catching spam. Because now you have all the regular filters contributing to the score as well as the Bayesian stuff.
Add on top of that the auto-whitelist feature and it really starts to take shape. If a user sends email to you, it gets logged: user abc@def.com sent an email of score 1.4. So the next time that user sends you an email it uses an average of the scores. This allows SA to learn who sends you valid email and adjusts scores accordingly.
It even works the other way. Spam Company X sends me three spams with scores: 16.3, 17.1, and 15.9. It logs that email address with those scores. Maybe that company gets smart and tries to get around the filters and sends a message with a score of only 2.1, the average is still well above the 5.0 threshold and the message is still flagged as spam. This often keeps out those spams that real borderline (4.5-5.5).
Overall I'm VERY happy with spam, it's VERY effective at what it does.
We've just started using MailScanner on a box running Fedora Core 1 here. So far MailScanner with SpamAssassin, DCC, Razor and Pyzor is doing a good job, but it is too early for us to get meaningful statistics. A nice web front end for MailScanner is MailWatch, and we monitor the throughput and performance of the box with MailScanner-MRTG.
Phil
Yes, I know, it's superman tearing his shirt off -- but was it just me who at first thought of a certain famous site?
Yes there is, right on the SpamAssassin download pages...
a.
How does spamassassin work exactly?... How would student type computer neophytes or college personnel type computer neophytes use spamassassin when its installed on centrally the college computer system?...
b.
Where are there end user instructional materials that avoid using computer industry jargon and avoid unexplained enthusiast jargon unfamiliar to neophytes?...
I know its against typical slashdot philosophy, but if you did read the entire article you would have seen that he couldn't figure out how to use the bayesian filter! First of all this man is not qualified for writing articles on tech if he can't do this (for anyone who hasn't done it, it is really simple, try it and you'll see). Second of all, he pounded spam assassin for being terrible, but 63% without a bayesian filter is damn good, if not amazing. He should have disabled the bayesian filters on the other products, he would have been seeing like 20-40% accuracy. Spam Assassin is really good, really really good, something like 98-99% accurate. This guy didn't know what he was doing and because (as one poster stated earlier) there wasn't someone to hold his hand, his results were extremely inaccurate.
I wrote an article about the open source tools that I use to keep Spam out of my inbox here:
http://www.involution.com/spamstats.php
Has anybody else seen this?
Webmin now offers a GUI to configure spamassassin via procmail.
www.webmin.com
Try Barracuda Networks for some real SA power. We run a BN 300 and have reduced Spam/Virus problems to nothing. I wish I had this for the last couple years.
We block obvious spam at the mail gateway and are looking to catch the rest of it at client level - IMO this is a function the mail server doesn't need to perform in a fairly large enterprise.
On my itty bitty home domain I use spamassassin, though :)
we see things not as as they are, but as we are.
-- anais nin
Motino isn't free - but a 2000 user license is about six bucks a head. I think a single user is $20 and as far as I'm concerned it's well worth it. They have a free demo - you might want to check it out.
we see things not as as they are, but as we are.
-- anais nin
... "I installed the software on Red Hat Linux 9, with help from one of Proofpoint's systems engineers. She talked me through getting the Linux system configured properly, getting sendmail set up, and installing and configuring the Protection Server, which includes the MySQL database server for storing quarantined e-mail."
... ]
Ok, which one of you helped him with the book?[
IT consultant Logan Harbaugh is the author of two books on networking. Contact him at [snipped]
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
This guy's article was a joke. Not only did he use an ancient version (in the spam world) of SpamAssassin but he either flat out lied in his article or was too lazy to seek out the truth. Hard to configure? Can't find docs? Doesn't support A B C D or E? If this guy had spent 5 minutes of his precious time doing to research on SA he wouldn't have made these flagrant lies. I don't get these people. I really don't. I CCd the Editor-in-Chief at InfoWorld, Mr. Steve Fox, as well.
Mr. Harbaugh,
This letter is in response to your InfoWorld article titled "Commercial solutions win, spam loses." In that article you portray all commercial spam solutions as winners and you portray the only open-source spam solution you reviewed as a dismal failure. I must say that as a professional in the anti-spam field I'm am truly disappointed by your incomplete and inaccurate assessment.
You start the article off quite well. Your introduction regarding two of the possible types of spam filtering is in terms that the average reader can understand. The introduction is also technically accurate, although it doesn't mention the other ways to filter spam.
You quickly take an opportunity to kick dirt on SpamAssassin by claiming it filters a fraction of the amount of spam all the commercial solutions filter. You hint at something during that statement when you said that SpamAssassin's "age showed in my tests," yet you fail to actually make it apparent to the user what the real truth is. I must ask, why did you choose to compare such an ancient version of SpamAssassin to the current versions of the four commercial products? Version 2.44 is over 9 months old. Spam filtering techniques are constantly evolving to filter a continually changing target. Comparing a 9.5 month old copy of SpamAssassin to the current version of BrightMail is like comparing a 1990 Chevy Silverado to a brand-new 2004 model. As an author and professional in the IT industry writing a column for InfoWorld, one of your goals is accuracy and fairness in reporting, is it not?
You make numerous false statements regarding SpamAssassin in your article:
1) "All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves... SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users."
This is simply not true. SpamAssassin allows its users to add whitelist or blacklist entries to the personal preferences. It also allows its users to control the scoring for each individual ruleset with SpamAssassin's arsenal. Even the ancient version of SpamAssassin you chose to use had that simple feature. SpamAssassin also has the ability to automatically whitelist senders.
2) "Delegation of specific administrative functions is possible with all the products except SpamAssassin..."
This too is not true. As I said in response to number 1, SpamAssassin allows its users to control the scoring for each individual ruleset. This gives them the ability to disable certain rules, lessen the scores of others, and increase the scores of rules they wish had more weight. For example a user could disable the MAPS RBL DNS blacklist checks, whitelist joe@mydomain.tld, blacklist annoying-spammer@spamdomain.biz, and increase the score of the rule ALL_CAP_PORN to 2. The users can also create their own rulesets. SpamAssassin gives its users a high level of control over their spam filtering.
3) "Finally, in addition to stopping spam, all four commercial products provide content-filtering features, allowing the administrator to block incoming or outgoing e-mail that contains proprietary data, audio or video files, executables, sexually explicit words, or racial slurs. They also provide protection against DoS attacks and directory harvesting attacks."
This one baffled me at first. I'm honestly not sure why you want to compare features that have nothing to do with filtering spam. Filtering racial slurs from an email is
Yes, SpamBayes has been far and away the best filtering solution I've ever used for Outlook. Once it is trained, it is nearly infallible.
I implemented a whole new email services based on exim 4 + acl, vexim, clamav, and spamassassin.
So now I reject any windows executable file (inc vbs, scr. etc) reject any virus laden email, and spam assassin rewrites the email, as per its usual configuration rather than risk rejecting false positives. (I could still reject spam but I decided to err on the side of caution).
It took me all of a few minutes to STFW with google, to get the examples and opinions (to confirm whats already on SA's site) and that was to configure exim, not SA.
However installing clamav was a PITA, though it was a permissions problem in the end - Ah well.
Why people want GUI/Web setups is beyond me - absolutly nothing wrong with text files.
My spams have gone down from about 100/day to about 1 spam every two. I think thats a bloody good thing, tbh.
This is sadly one area where open source in many cases lags behind. Documentation and setup tools. The software itself is often excellent.
The only program I have found that can do that is SpamProbe. The reason for that is 'cause SpamProbe is still the only program I have found that counts word pairs, not just single words.
With this program running on my server, I get 99.6% spam rejection for a whole office and zero false positives in more than a year of use on gigabytes of e-mail.
????
I receive a crap load of email, ham, spam and otherwise. My computer is reasonably fast, but nothing out of the ordinary and I've never noticed any kind of performance issue with SpamBayes. Basically, I just never see spam unless I care to take a peek into the spam folder. Otherwise, you don't know it's there.
I've got spamassassin on my personal email server filtering all the incoming mail and it works really
really well for nearly all the spam.
BUT I get three or four spams a day that do get through from Far East spammers in Korean or Japanese
or other unicode alphabet languages that I can't read!
now, spam you can't read isn't as annoying as ads for viagra and better home loans, but it's still annoying.
I've tried feeding these messages to sa-learn but they still come through the spam filter.
Is there another trick I can use to block all of them? I really don't need any messages in unicode at all. Can I put a rule in user-prefs to match the unicode header and raise the score?
I think the most frustrating thing about sa is the lack of docs -- maybe I should go look for them again.
MIT's been installing SpamAssassin on its mail servers for all internal e-mail accounts for a few months now, updating it regularly like a proper spam-filter user should. I get about 50 messages caught A DAY, with maybe two or three slipping through, and more importantly NOT A SINGLE FALSE POSITIVE YET. I haven't been able to ask for much better performance...
Here's how I catch false positives. But basically you should just learn to live with either false positives or spam. Take your pick.
:0 H :0 H
I turned subject rewriting on:
rewrite_subject 1
Then I set the subject tag to include the hit number:
# Text to prepend to subject if rewrite_subject is used
subject_tag *****SPAM****:*_HITS_*
then in your email client you can sort your JUNK messages based on subject. This will put the tagged spam messages with the fewest hits at the top. That way you can easily look at messages with the fewest hits.
I added another level of filtering to avoid looking at totally bogus spam messages. I setup two folders in my email client. "SPAM" and "EVILSPAM". I have a procmail filter that pipes spam messages with hits greater than 10 to EVILSPAM, that way I don't even look at them. All other spam goes to SPAM:
* ^X-Spam-Status: Yes, hits=[0-9][0-9]
mail/EVILSPAM
* ^X-Spam-Status: Yes
mail/SPAM
Your email client can probably do this for you, instead of a procmail filter. But this way I can use webmail and all my rules are on my server, not on my client.
joe.
REF: http://www.infoworld.com/article/03/11/14/45FEspam _1.html
.. then when the GPS breaks you go blame the company,
Greetings,
I'm not sure what your problem was. You call yourself a consultant, and
yet you couldn't figure out how to get spamassassin running quickly? We
run spamassassin on a farm of mail servers, and if what you said was
true that would be my full time job. Rather spam assassin is as easy to
install as doing:
perl Makeconfig
make
make install
Then adding a line to QMail which tells it to run qmailqueue (which
proccesses through spamassassin).
That's 3 steps and a line to add to a config file.
Sorry but the whole thing takes maybe all of 10 minutes. You are saying
that these others can be up and WORKING in under 10 minutes? WOW!
Maybe your issue was that you tried to use the SpamAssassin that came
with RedHat... rather then blaming this on SpamAssassin, maybe you
should blame it on RedHat since they set it up. If you are going to
evaluate SpamAssassin then download it and install it.. don't go off of
what RedHat did to it... that's like purchasing a car (redhat) with a
special after market "GPS NAVIGATION" (spamsassassin) unit installed
which was installed by Ford, and has some funky wire setup that isn't
really standard
when you didn't even set it up yourself..
You are doing an evaluation of how easy the GPS unit is to setup in your
car, yet you purchased a car with the unit already installed by a third
party and then you rate it bad because it didn't work.
BLAH.. Glad you don't do my consulting work..
~ Matt
"it took more than 10 times as long to install and configure" Did I miss something I last installed and configured (configured???) Spamassassin the last time? Maybe the author of this article lives in a parallel universe.
100-180 spams per day detected by Spamassassin here, hardly any false positives (none I am aware of), and only a handful per day if any which get through. It couldn't be better.
open (SIG, "</dev/zero"); $sig = <SIG>; close SIG;
What's a good client-side spam filter for Outlook 97? As far as I can tell, there isn't anything available that doesn't need at least Outlook 2000 to run.
Statistics to date:
Spams caught: 2987 (when I last looked.)
False positives: 0
False negatiges: 16
I keep a spam folder under my imap folders so I can watch the numbers tick up whenever one comes in. :-)
The only thing missing from my setup is to do it site-wide, but I don't yet know how.
Karma: It's all a bunch of tree-huggin' hippy crap!
Thank you to Mr. Harbaugh for replying. His second paragraph still indicates that he doesn't realize that the current release of SA has all the features he said were missing. I look forward to this being corrected in a future article. I didn't go into much of a free vs commercial debate in my reply; however it seems that some folks did. I also didn't touch on the support issue. Frankly I find that support really isn't needed as long as the admin is compotent. I was involved in a discussion yesterday with a company I consult with. The topic of the discussion was which Linux distro we should use in the future now that RH is going towards an entreprise distribution and support contracts. Many seemed to believe that we should have technical support for whatever distro we chos
A lot of the best spam filters only work with POP3. And SpamPal doesn't like MyRealBox. So I think I'll compile SpamAssassin one day when I'm really, really bored.
Pelé!
i managed 1/150,000 a few weeks ago, it's getting there.
Custom Rules For SpamAssassin
Oh and I had to disable the bayesian filter, it was catching way to many not spam emails. Stuff that didn't have any keywords in it at all. One was just a couple quick sentences from a friend, who knows why it thought it was spam. :( I really should re-enable the bayes stuff, and figure out how to teach it what isn't spam.
Give bayes another chance, it's as accurate as you train it to be. Don't let it mis-learn, feed it roughly equal quantities and it'll amaze you
Custom Rules For SpamAssassin
i installed spamassassin last april (v. 2.53) and spent quite a while "configuring" it, trying to get it to reject some quite obvious spams, such as the barrage of mails from e-gold.com. in the latter case, i finally gave up, spamassassin just kept delivering them to my inbox so i put a recipe in my .procmailrc to get rid of them. or, the case of a daily newsletter that i received that SA consistently labelled spam, in spite of my having added it to my whitelist more than 1/2 dozen times (and not even an html newsletter, plain text!). again, i finally had to resort to procmail to get it into my inbox.
i'm about to ditch "SA" and go back to spambouncer, possibly during my vacation this week. i just don't have the time to spend here, every night, adding dozens of new spams to the blacklist. installing SA was kind of supposed to get me out of that position.
my experience with SA is that it is overrated, while it has been getting a large number of the mails, when the failure rate puts 15-20 or more spams in my inbox every day, that is not an acceptable performance. that represents a substantial investment of effort to update the software ... and even then, the update process doesn't always work.
mp
"The secret to strong security: less reliance on secrets." -- Whitfield Diffie
okay, this article looks like was written by someone that is incredibly afraid of spamasassin (i.e. a spammer or a friend of one), I am a downriht linux newbie, yeah, I can recompile kernels but how hard can xconfig be? no documentation on spamasassin? I was able to have evolution piping it through in next to no time just by doing a little hunting for docs. in windows however, I did actually find it a little harder to set up, maybe this person is just lazy and prefers point and drool.
My biggest hassle with it is that we use a lot of Outlook Forms in our organisation and a lot of times SpamBayes will stop with a dialog box saying that it can't open the form and stops parsing my inbox until I click ok. This can mean that I come in to work in the morning to find my inbox has not been parsed since a couple of minutes after I left the office the night before.
that's the problem with bayes, I never figured out how to train it
If Red Hat advertise and support SpamAssassin as a feature in their distro, then it should be well documented and integrated.
The SpamAssassin documentation / packaging needs improvement, providing instructions and scripts to integrate SpamAssassin as a Postfix content filter or with Procmail for those using Sendmail. The package, as part of its post install scripts, could so much of this work as well.
Personally, the best thing I ever found on setting up SpamAssassin was a guide for Suse I adopted for my Red Hat system.
I contract for Red Hat, but (pretty obviously) this is my own opinion.
First off, before flaming, read this ENTIRE post, not just the subject.
.forwards, oh and if you want to use bayesian filtering, go and get the berkeley db package too.. Once you do get everything compiled you then try and fire up spam assassin only to find out the sys::syslog module in perl is broken on solaris..but we ignore this anyways.. it's not quite so simple as the Redhat installation where you click on the little box that says "add spam assassin". Took me a good 2 weeks to get it all configured and working with out breaking anything else.
I haven't read the article but there are cases where spam assassin isn't easy to install. I have it installed on multiple machines and I do like it. It does a great job and it's free. For all those people who say "I can have it installed and set up in ten minutes", I don't doubt it, provided that you have a very standard verison of linux with all your core requirements installed and you are using your favorite postix/exim package. After all, I remember the days when i could compile and have a running apache server fully functional in 10mins too.
Now try and install that on some other hardware which isn't linux.. it's alot toughter, trust me.. i had to get it running on Solaris 9 for Sparc. You might say sure it's supported it will get installed in about 12 mins. Good luck, for most people a little x86 linux box is the same as a large enterprise sized server in their mind.. it's not. We have 14 processors, and 8gig's of ram supporting about 100 terminals plus about 30 more users, and these things you can't just shutdown and have it reboot in 2 mins, it takes 20 mins for the system to come up on a clean shutdown, longer if it has to fix any of the mirrored disks or arrays. Oh.. and you can't use CPAN cause it's broken, also you can't even use the base install of PERL on solaris cause it's so bad nothing works, and if you try and replace it with the later version it breaks alot of the base SUN apps, so then you have users freaking out cause stuff won't work. So once you do have another verison of perl installed and managed not to break anything then you can start loading in the CPAN mod.
Since CPAN is busted for some reason, then you have to load each and every required module by hand.. after that you find out that there is no procmail on the system, and you must use the base sendmail (for support reasons) so have to install procmail and filter everything with
Good luck to anyone who wants to use it on an enterpise sized server.
-b
oh.. and yes 20 000 messages a day do go thru the system..most pc servers are lucky to handle 1000 messages a day.
I recently applied ORFilter (FREE) to my home mail server and blocking of spam is almost perfect. It took about 5 minutes to install and configure. I then had it installed at am successfully blocking 99% of all spam (and a 1 out of 1000 valid emails) We blocked 7000 spam emails in only 3 days.
http://www.martijnjongen.com/eng/orfilter/
"Times may change, but standards must remain the same." - George Carlin.
...post to blogs with an email address which pipes straight into sa-learn, in my case I could use changethiswordtosomethingelse@leon.brooks.fdns.net and feed all mail for "changethiswordtosomethingelse" straight to sa-learn.
What I'd like to see, though, is a dynamic spam analyser that checks messages as they hit the SMTP server, and if they're unquestionably spam have it launch a crack attack on the sender instead of just bouncing it. If the sender's an open relay, they would no longer be. This of course relies on having the vigilante server hosted somewhere "safe" like China, a country which apparently doesn't care very much about hosting spammers.
An alternative to killing the sending machine might be an information-sweeping utility, something like BackOrifice but which grabs as many documents as it can and stuffs them down the wire to you, then opens mike and camera (if any) in an attempt to get pictures of the perpetrators and.or anything else (view out of a window, view of a document) which might place them. Of course, if the box is only being a relay it would be worth chasing the connections until the real perp turns up.
Got time? Spend some of it coding or testing
He's right what's up with the fuck tard mod? Isn't this supposed to be about Spamass Assin?
http://rave.ch/mail.html ...free email forwarding service, SpamAssassin 2.60 filtered. Works perfect for me!
Cheers, !Mike
First of all, for the articles' author to moan about SpamAssassin's accuracy when he's using an ancient version (2.44 as opposed to 2.60) is a bit rich.
Secondly, yes it does take a bit longer to set up than other systems, but I find it's well worth it in the end
At home, I have a Mandrake 9.2 based mail gateway set up that uses Fetchmail + Qmail + Qmail-Scanner + ClamAV + SpamAssassin + CourierIMAP. I set this up from scratch in less than a day to replace an ageing machine that died (that includes building the machine from scratch). The system periodically downloads all my mail from the various email accounts I have, which I then access from Outlook using IMAP.
The trick I've used is to provide an 'Unfiltered' maildir that I can move mail into that SpamAssassin has missed. Once a day, a simple cron job performs an 'sa-learn -spam' operation on these items.
Overall, I've only ever had two false positives in all the time I've used SpamAssassin (which is well over two years now). Considering I receive well over 500 spam emails a day, this is an excellent record. I can't recommend SpamAssassin highly enough.
Life is like a sewer; what you get out of it depends on what you put into it...
The vast majority of people on the net do not run the servers. I'd love to run my own, but I can't even get DSL/Cable in this area. I've got to deal with a dial-up. That means I have to let someone else run the server. At that point, anything I want to have any control over is client side. No, I don't use Outlook - but I still end up with a very similar situation, because no matter what email client I use, I'm logging into a POP3 server to download my mail.
Much of the discussion in this thread is interesting to me - but it's also mostly completely useless considering that I'm not able to set up my own server. Give me a static IP and a 24 hour connection (even if it's a slow connection) and I'd do things quite different from the way I do now.