Slashdot Mirror
Critical Eye on SpamAssassin
ErrorBase writes "In this Infoworld article, Logan G. Harbaugh makes a great deal about an ancient (2.44) version of SpamAssassin comparing it with newer comercial variants.
Quote : You get what you pay for. [...] However, it took more than 10 times as long to install and configure SpamAssassin as it did any of the other products. "
Why did he not ask Kevin Railsback who had the whole thing working some while ago?)"
SpamBayes, by far.
All my incomming mail comes through SpamAssassin (cant remember which version off the top of my head), and once in a blue moon a single piece of spam will manage to find it's way through. When it does, I guess i should just applaud the spammer for being so devious.
TrollAssasin would be nice, imagine seeing posts subjects as *****TROLL***** heh
not using Outlook? Seriusly most good anti spam filters are server side.
A psychopath can't tell the difference between right and wrong. A sociopath knows the difference - he just doesn't care.
Seems like this guy did not verbalize it but that was his problem. If you know what you are doing hacking a conf file from vi is easier than a gui for sure. However, his low performance and configuration woes would have probably been handled with a easy to use graphical interface.
Aren't there tools that do this?
ACK
This was just a setup to make commercial software look better or just a incompetent reviewer. Next.
Webmin is great for setting up just about anything you can think of.
A psychopath can't tell the difference between right and wrong. A sociopath knows the difference - he just doesn't care.
"We compare a collection of recent operating systems: Windows XP Professional, Mac OS X Panther, Debian GNU/Linux 0.91".
Seriously, InfoWorld, SpamAssassin 2.44 was released in February, all the other vendors you compared were constantly updating their products to cope with the ever changing nature of spam.
John.
Great - compare generation or more older open source to fresh shrinkwrap. Who's zooming (or shilling) for who.
.01% (yes Bucko, less than 1/1000) false positives. When they implemented it several versions ago it was just as good.
My ISP (souther NH) runs SpamAssassin 2.6 - and I can tell you that at the default settings it catches 90-95% with
I've got one client where the run NO filter - some folks (the names GOTTA be on the web site) get up to 100 spams a day. IT are basically monkeys with hands. I have no idea what the CEO thinks. They wouldn't even think OS as they're a total MS shop.
I don't understand why he's so critical of a free product. I upgraded to 2.60 and it's running near flawless, and since the program is so simple, you just upgrade it, no need to change configuration options if you don't need to, you just call it from procmail.
Yeah all those GUI options look nice, but 90% of the time, why do I need to change my spamblocking settings? The Bayesian filter autoadjusts itself with little or no user intervention -- it's near transparent.
I run a mail server at home on a Linux box, with Postfix and Spamassassin 2.60. I have it configured to label mail as spam once it hits 8 points, and to automatically chuck it into /dev/null once it hits 12 (using Postfix's header_checks).
It works pretty well for me -- the mail server's only for my personal use so I don't really have to worry about irate subscribers sueing me for dropping them legit mail =p and the 8-12 point range in the spam marking gives me a chance to vet through those suspicious mails briefly before deleting them.
I've never tried any other spam filters on the server-side, so I can't really compare. I guess I'm also a bit of a Linux hacker so I don't mind tweaking all those config files along the lines of the FAQ and other hints on forums to get it to work the way I want it to.
Gan Family Homepage
Come to think of it, it seems to work out just fine.
Newt-dog
My Doctor prescribed daily nasal saline irrigation, hehe
This is likely funded by un-named virus vendors who has integrated SapmAssassin into their appliaces. Away on a vacation, I came back to find our people unaware SpamAssassin was open source. The vendor quietly forgot to mention that.
In the end, any company is going to have to put people and tools together to get a spam solutution, or outsource it. But DIY needs people time.
Don't pay vendors for SpamAssassin, it runs quite nicely on left over PCs reloaded with Linux.
I know people have been recommending SpamBayes but be warned - it is very slow to parse and move the emails. Only bother with this if you receive only a small volume of spam or have a pretty fast computer.
==> Start|Settings|Control Panel|Microsoft Office XP Professional with FrontPage|Remove
Best one yet!
He sent a long open letter to SAtalk. You can find it in the mailing list archive
well, on the first page the author already makes it pretty obvious why SpamAssassin had to come out at the bottom of the list. He is comparing version 2.44, which was included in RH9 and is thus at least 8 months old, to the latest antispam software that is regularly updated. How on earth is that an unbiased comparison? In a world where spam patters change every week, if not every day, 8 months is a generation... he even says so in his article. I'd be interested to see the results of a similar test, but with SpamAssassin 2.60 and of course with bayesian filtering and some of the other optional features enabled...
Why did he not ask Kevin Railsback who had the whole thing working some while ago?)"
He expected to get the results that he normally gets with most commercial software. Click Setup.exe, answer a question or two and it's done, up and running. Further configuration is not required though it may be desired.
The commercial vendors of Spamassassin have not improved the core product in any way. What they have improved is the packaging, the installation, the default configuration and the interface to modify that configuration. The stock SpamAssassin does not offer that although, Spamassassin setup is far more simple than some other packages out there.
versus
The first found Spamassassin easy, the second found it hard. Hmmm.
What really aggravates me is the typical "There are blacklists available that you can subscribe to, and some are updated regularly, but these are noncommercial lists with no guarantees." I'd like to see what guarantees the commercial lists come with.
you need to change them because the easy install solutions suck(and have default installs that somebody can try to get around and test untill it goes through).
world was created 5 seconds before this post as it is.
Each product was tested with a different stream of mail, so the number of messages received varied, but all received enough messages to assess their capabilities.
Can you imagine someone writing "Oracle, Sybase and Postgres were compared. While the data and workloads were different, all products performed enough work to assess thier capabilities."
All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves.
I don't know anything about Brightmail. Spamassassin end user whitelists entries can be set up in a number of ways.
And all the products but SpamAssassin use dynamic updates to keep up with the evolving technologies spammers use to circumvent less sophisticated filters.
As aluded to in the summary, this is false with modern versions of Spamassassin, which uses Baysian filtering. (The author later says he couldn't get it working.
However, it took more than 10 times as long to install and configure SpamAssassin as it did any of the other products. [...] But just because the software is installed does not mean it will work -- filtering criteria must be added manually, and until that's done nothing is filtered out. Getting the various configuration files edited properly so that the whole package worked was not simple. Documentation was difficult to find, and not always easy to follow.
While it is true that one must be comfortable with a text editor to configure Spamassassin, thus perhaps putting it out of reach of point-and-click admins and technical journalists, I also wouldn't be prone to put my mail servers in the hands of either of those groups of people.
It looks for keywords in the subject or body of e-mails, but is frustrated by words not in the dictionary, such as "V!agra," or words that contain invisible HTML characters.
While I am not sure what tests appeared in which version, I'm pretty sure 2.44 handled off-by-one works such as V!agra. I have no idea what he's talking about when he says "invisible HTML characters", but it does seem to point to a certain technical incompetence, similar to the ostritch belief - "If I can't see you, then you can't see me."
This is not to say Spamassassin is the easiest thing in the world to deal with. I happen to love it, because of the extreme flexibility.
I just get sick of tech journos who decide that because a tool doesn't have a gui and they don't want to take the time to configure it, it sucks.
I forget what 8 was for.
[SpamAssassin] filtered only 62 percent of spam, whereas the other products produced great results, blocking 90 percent to 96 percent of all the spam they encountered with few, if any, legitimate messages blocked.
To me, this statement is pretty telling. Harbaugh must get some completely different kinds of spam than me, because, even though I receive about 60 spam mails a day (directed to my "spam" folder, so I never see them until I scan the "From:" field and then delete them), maybe one per week makes it through the filter. And seeing as how I can't even remember the last time I got a false positive, that's a pretty damn good number.
I can believe that if you receive a variety of mail and if you took no time to configure SpamAssassin other than cranking it up, maybe then it'll only catch 80% of the spam. But 62%? I'm not sure if Harbaugh is skewing the benchmarks or if he just doesn't know what he's doing.
There are some legitimate issues with SpamAssassin that might not make it ready for the enterprise, but for a handful of users, I have been more than satisfied. And the price is right.
-- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear
You think 2.44 is ancient? Feh - Debian 'stable' is still stuck with 2.20.
Sounds to me like Infoworld has an advertising contract with (at least) one of these companies. At the very least he should have checked the site for an update before he started his "tests". For a while there, I got every one of those "IT industry" hype mags (always free). While there was some good information here and there, you had to wade through a lot of advertising pretending to be articles.
I love SpamAssassin and would not consider email hosting without it. It has made my email account useable again ! For the record, it seems to catch about 80-90% of my spam, and I have never seen a 'false positive' (I do check my 'spam' folder, but less and less)
The grass is only greener, if you don't take care of your own lawn.
i have been using spamassassin for a year and it works great! granted, in the beginnings about 18% of the spam (in my case 18% of about 30 emails per day) would get trough. BUT if you read the manpage and tweak with the different scores a bit, you can get that down to 1 - 2% with about the same amount of false positives. as an admin, you should be able to tweak any spam filter to match your needs best.
what i can highly recommend is to increase the score of MICROSOFT_EXECUTABLE as it generally is a piece of spam. in addition the bayesian statistics are a great idea: a spam filter that learns!
as for the reviewer: if it takes this person 10 times longer to read a manpage and punch in some trivial scores into a trivially set up configuration file, then you should take his review with a HUGE grain of salt... especially since he reviewed an ancient version of the software.
finally a general comment about spamassassin: EXCELLENT software, especially for the bargain price of $0.
Can we moderate the article at -1 Troll, please?
:)
It's just a bit too obvious that he was hoping for a severe slashdotting, driving his own numbers ("look, editor, how many people read my articles!") and the ad numbers of his paper up.
Probably submitted the story himself, too.
Assorted stuff I do sometimes: Lemuria.org
Seriously:
- The Spamassassin installation documentation could be better written IMHO.
- Why doesn't RedHat's update service offer constand updates to the current version of SpamAssassin?
- Why doesn't it (as mentioned in another post) have the most important configuratoin setups included in their overall configuration GUI?
I really wish distributions would support SA better.What? open source software having crappy and hard to find documentation?
Memo to self: if I ever spend 3 months creating free software to share, take 2 hours to write a web page showing somebody how it freaking works!
First thing, the user has to be at least as smart as the tool they are wielding. No, actually just smart enough to follow directions and go beyond clicking on "help" to get help. Just another case of wannabe administrator arrogance: "If the tool doesn't configure itself or have cool looking icons, it must suck."
The bias apparent in this article and the crappy comparison chart aside this review doesn't even begin to touch base as a throughly researched opinion ion piece and ends up look like an advert for Brightmail.
However we do in the OS community face a UI problem. The missing rung on the ladder to mass acceptance is the absence of high quality UI that give users and indeed administrators of the point and drool variety a interface with the service they are seeking to use.
Before the Highly polished phpmyadmin I met serious resistance from admins for MySQL over msSQL based mostly on interface. The same goes for CUPS which has a web interface that I think has come of age if not achieve adult hood. The Webmin's are OK as long as you don't tinker to much or do anything slightly non-standard. I dislike Swat and am now so used to editing smb.conf I haven't even checked it;s working. I think that a lot of these services, apache, Spamassassin and X11 for example, could bare providing embedded configuration UI's if they aim to capture wider markets. Mandrakes X11 confugulator is very good.
I was going to mention the difficulty presented for admins with widely deployed Outlook when looking at these kind of solutions but then I though no only have sympathy where it is due. An I know that SpamAssassin could work seamlessly with Outlook but if users want a front end for white-listing then SpamAssassin isn't going to be your toy just yet.
Though we love the text based config file you may have to put a lot of working into configuration UI's if you want to enter the area as far as that reviewer and many sysadmins are concerned.
I knew nothing about filtering spam until I installed SpamAssassin 2.6 in a multi-user environment last week. Here are my responses:
I wouldn't recommend that my grandmother install SpamAssassin, but if you have any admin skills whatsoever, it's quite easy to use it to set up effective and useful filters. Furthermore, there are enough factual errors in the article that I'm tempted to dismiss it outright.
Of course, it's possible that it got a lot better between 2.44 and 2.6, but that begs the question, why did he install 2.44?
"The obvious mathematical breakthrough would be . . . an easy way to factor large prime numbers"
Bill Gates, 1995
I can install Spamassassin and six other applications via CPAN in the time it takes to get the syntax right for one license key.
I also like the characterization of Spamassassin as "first generation" without any supporting evidence to the fact. First generation was adding spam senders to your e-mail client's blocklist. Bayesian filtering is well beyond first generation, but spammers have learned to defeat Bayesian filtering with poison data in non-eyeball space and text obfuscation. The next generation in spam detection is to detect the Bayesian evasion features - and guess what does that!? Spamassassin (2.60).
who are those slashdot people? they swept over like Mongol-Tartars.
I've found the easiest way to implement SpamAssassin is to invoke it through MailScanner. MailScanner uses third-party virus scanners and can optionally invoke SpamAssassin as well. With the free ClamAV antivirus product, you can build a powerful open source mail scanner. Even without a virus scanner, MailScanner detects and quarantines executable attachments and other dangerous content which represent the most common types of mail-borne viruses and worms.
RedHat installs the daemonized version of SA as well as the SA Perl scripts. Using the daemon, the easiest implementation is to invoke SA in /etc/procmailrc on the mail delivery host; for mail gateways running sendmail, you need to use the milter interface. I've found the MailScanner+SpamAssassin approach much easier to configure than either of these methods, and you get virus scanning to boot!
I suspect if the reviewer had compared SA 2.60+ to the commercial products, rather than the older 2.44 version used in the review, SA would have shown better results.
I'd agree with the reviewer that one of the things SA lacks is an easy method for users to interact directly with the program. (Part of the issue has to do with security; SA runs as root. As I read the review, I wondered how the other products allow users to interact directly with the scanners without sacrificing security.) It's not easy to maintain per-user Bayesian filtering, for instance, but I generally recommend having the mail client, e.g., Mozilla, handle these tasks.
I was using version 2.44, I was able to compile and upgrade spamassassin before the number of posted replies hit 60! Can't be too hard!
Not only is this somewhat old news, it's been discussed on the spamassassin mailing list. Apparently, the article was edited so that it's more anti-spamassassin than the reviewer intended, but Mr. Harbaugh also defends his review of an older version of spamassassin as "it came with my Redhat 9" (NOT a direct a quote). He also claims it took nearly an hour to install and set up. (I counter that it took seconds to install and minutes to set up).
The current version of spamassassin is 2.60.
All my mail comes through spamassassin as well, but I am not having nearly the success you are...
.2-.5% false positive. Don't get me wrong, I am WAY happier now that before spamassassin, but if I could be getting better performace, that would be great...
I get about 60-70% of my spam correctly tagged, and about
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Since then, I've downloaded a bunch of rules from The SA Custom Rule Emporium and almost nothing gets through.
If this guy had trouble, it is the fault of the documentation, not the product. Either that, or he was dumb enough not to upgrade to perl 5.8 or above, and spent forever installing modules.
He says:
Funny how when you install an old version of the product, it seems outmoded, hmmm?
Sheesh.
Pixie
don't mess with those geekgrrls
While his review was perhaps not scientifically conducted. I think there was a point to be made with the SpamAssasin blurb.
Notice that he deliberately took a standard install from RedHat 9, something some IT person (Not a tr00 g33k) might buy at CompUSA. He then tried to install the provided product. Clearly, a tr00 g33k would go and download the latest release, but keep in mind that not everyone is so comfortable with being on the bleeding edge - I believe that this was a point he tried to make. There is also the perception that the release provided with a "product" such as RedHat 9 will be up to the same standards as the OS.
While it's true the latest version has default rules and whatnot - it's quite likely that his older, more out of date version does not. In fact, going briefly to the spamassin home page the links for the 2.5 and 2.4 release documentation are broken.
The point to be made was: OSS needs to be more buttoned up. Notice that he said that he had no trouble installing redhat 9. That's becuase the installer is rather good.
Here's a nice example of a commercial guarantee. See if you can determine where it's from:
...
11. LIMITED WARRANTY FOR PRODUCT ACQUIRED IN THE US AND CANADA.
Microsoft warrants that the Product will perform substantially in accordance with the accompanying materials for a period of ninety days from the date of receipt.
YOUR EXCLUSIVE REMEDY. Microsoft's and its suppliers' entire liability and your exclusive remedy shall be, at Microsoft's option from time to time exercised subject to applicable law, (a) return of the price paid (if any) for the Product, or (b) repair or replacement of the uct, that does not meet this Limited Warranty and that is returned to Microsoft with a copy of your receipt.
Note that a) no updates or fixes are guaranteed, b) your only remedy is media replacement or a refund, and c) this choice of remedy is up to Microsoft.
I love it when people claim that you're taking a huge risk with open source software without guarantees. Microsoft says their software will work, but isn't saying that if their software doesn't work, they have to fix it.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
"I installed the software on Red Hat Linux 9, with help from one of Proofpoint's systems engineers. She talked me through getting the Linux system configured properly, getting sendmail set up, and installing and configuring the Protection Server, which includes the MySQL database server for storing quarantined e-mail."
who needs a gui?
no wonder he gave spamassassin a low score. he couldnt have someone handhold him
I don't know anything about SpamBayes so I cannot comment on it at all.
POPFile is easy to use. It also performs Bayesian filtering. It is what I use.
http://popfile.sourceforge.net/
My current POPFile statistics:
Messages classified: 1,440
Classification errors: 19
Accuracy: 98.68%
saconf works for the Windows versions of spam assassin.
http://www.openhandhome.com/saconf.html
Spamagogo doesn't have quite the same setup, but it is good, and free for now.
Time for a snack.
I know you're just joking, but to be serious for a minute, the reason not to do that is because you'd be transparently altering someone else's copyrighted property. Overzealous and/or overworked sysadmins misconfigure SA to globally analyze all incoming content and then to alter email subjects based on its opinion. This is an invasion of content, certainly prone to false positives because antispam scanning is an individually trained process, and breaks the trail of reply threads at least on a visual basis. There are always going to be tons of misconfigured or RFC ignorant smtp servers out there, and being compatible with them is what makes the Internet work. That would include corporate servers, legitimate opt-in bulk mail, and opt-in mailing lists run by Some Dude. There will be people on a mailing list whose personal content is always publicly marked by certain recipients as spam! It's confusing, insulting, and unnecessary. SMTP has invisible meta-tags in its headers to allow for that, and agents are supposed to respect them.
This is fine for using SA's global config as your personal config for your own little systems, but not for an ISP or business.
According to spamassassin.org:
indeed - I've been using this for a while now. No false positives, I see bits and pieces in my unsure folder - including the "Hi, heres that link you asked for http://spam.spam.spamcorp, cheers .." that Paul Graham reckons is the future of spam.
Given I get over 100 spams a day and I see non of them I am very happy with this indeed.
> I don't understand why he's so critical of a free product.
Why is there this attitude that if your project is free, then it does not matter if it is garbage. Furthermore, you are not allowed to say it is garbage, because, after all, you don't look a gift horse in the mouth. Perhaps that is why Linux is still not on the desktop. There are plenty of people who spend days configuring theirs and then post "it works for me" comments, while the rest of us silently wonder why anyone would want to spend so much time on such garbage.
Does he by any chance love outlook rules as well?
:)
Spam assasin is on my server and is absolutely brilliant.. it catches 99.9% of all my spam, and has only on 5-10 occasions in the past month (i get about 50-60 emails a day) counted 'innocent' mail as spam... and even those were newsletters....
Anyone who slates SpamAssasin is one very deluded person... its Open Source, constantly improved... open to editing by it's users, rules can be added.... marvellous.
Commercial variants ive seen have been painfully badly implemented and not worked properly. Get SpamAssasin and fight the closed source lovers
We replaced an SMTP relay/spam filter/virus scanner based on Exchange and a commercial product (not one of the reviewed products) about a month ago with one using PostFix and SpamAssassin (and amavisd) on RH. Incoming spam levels have been reduced by about a factor of ten with no false positives to date. This solution was not much of a challenge to implement - for a primarily Windows-oriented admin for whom it was a learning exercise. I haven't tried the products reviewed, but am more than impressed with what we now have.
Humorous how the guy who liked SpamAssassin (Kevin Railsback) was a tech who actually set it up for use at infoworld and the guy who didn't like it is an "IT consultant the author of two books on networking." Always trust a tech.
The heat from below can burn your eyes out
I'll third that - SpamBayes ROCKS. I use it at work where our IT department just wasted huge amounts of money on a back-end solution that stops less than half my spam while at the same giving me trouble with blocking legitimate messages. SpamBayes cleans up what the back-end commercial solution misses every time.
To moderators. When you mod something "informative", please check the facts first. Spamassasin in RH 9 is 2.44.
Save the bandwidth. Don't use sigs!
Exactly, I had SA integrated into exim with custom rules and what not, but it would break on upgrading the debian package, happened twice, needed to tweak exim.
:( I really should re-enable the bayes stuff, and figure out how to teach it what isn't spam.
Then I found out about the beauty of procmail once I looked into filtering all spam to it's own folder without email client filters. So now, I have different emails filtered to specific folders before it ever hits my inbox. Oh and I had to disable the bayesian filter, it was catching way to many not spam emails. Stuff that didn't have any keywords in it at all. One was just a couple quick sentences from a friend, who knows why it thought it was spam.
Here's a watered down version of my procmail file for those interested: http://gid0ze.net/dl/dot.procmailrc
The Bayes filter in SA 2.6 works very well but unfortunately is not well-suited to site-wide learning.
-- casual readers may skip the following details
In an attempt to mitigate this, SA makes an unfortunate mistake in its unsupervised learning algorithm - it uses a different set of rules for training than it uses for marking mail as spam or not. So you can easily have email marked as spam but have the system trained as non-spam (or vice versa). This introduces systematic bias into the learning so that spam detection can get worse in the long run. As a further attempt to mitigate this problem, the learner uses a higher spam threshold, so many spams that are correctly marked do not contribute to the learning process. There is no way to set the SA configuration parameters to eliminate these biases (setting the learn threshold does *not* do it).
--- end of gory details
It is not too difficult to set up SA for personalized learning. Just pipe your mail to the following command:
spamassassin -e
If the return code is 0 (non-spam) also pipe the mail to
sa-learn --ham --single
If the return code is 1 (spam) pipe to
sa-learn --spam --single
If you do this you are guaranteed that the statistics recorded in your personal bayes db correspond exactly to the judgements made by SA.
In addition to this you must correct SA when it makes a mistake, by piping the message to sa-learn again with the right flag. You may be able to set up a macro in your mail reader to do this.
This isn't as easy to set up as it should be, but it is *very* effective.
In the last year I've received 20,000 non-spam and over 100,000 spam messages & viruses (30,000 if you eliminated the "Cumulative Update" messages, which SA caught just fine.) About 100 spams have gotten through (a couple a week) and about 10 false positives have occurred. All of the false positives have been 'weird' - advertising, automatic responses, or web pages that were forwarded to me. As far as I know (and I do check periodically) I've had no false positives in the last 50,000 spams.
My preliminary analysis indicates that personalized learning reduces both false negatives and false positives by a factor of ten. I'll report more systematic analysis in due course.
Bayesian filtering is a bit like fuzzy-logic. Right now, it's best known for filtering spam. SpamAssassin uses a whole long list of tests and assigns +ve or -ve scores to each test that comes out positive (a bit like Slashdot's moderation).
I know someone who did a project on classifying video using Bayesian filtering. It looked at stuff like brightness, contrast, volume, basically everything they could extract from the movie file and give a value to. The concept itself is quite powerful; the difficulty is getting a list of tests that can accurately predict / classify what you have (spam/non-spam, or for video, thriller/drama/etc).
If you're interested in finding out more about actually coding Bayesian filters, you can check out the Bayes ++ project page.
Gan Family Homepage
Larry Seltzer did a similar job with a review of disposable email address services in
PC Magazine.
Spamgourmet (open source and free to use) was lined up against several commercial offerings, and was rated the lowest. It was clear from the review that he didn't spend much time learning about how spamgourmet works -- he wound up faulting it for perceived problems that were addressed by features that he ignored in the review.
Not to be cynical, but if I were a tech reviewer, I might be afraid of lawsuits resulting from my reviews -- open source projects have no revenue, and therefore can't prove up any damages in court. This might make me more likely to choose the open source alternative to get the shaft. Hopefully that's not what's going on here, but you've got to wonder...
who's moderating the meta-moderators?
spampal does the trick for me.
:)
quick and effective identification. can check the online black hole lists for IP ranges to block and you can manually set the thing up to ignore email from any country.
goooooodbye china!
If you have your mail on a POP server (ISP, hosting provider, etc.) try PrismEmail. It filters between your server and you so there is effectively no time or load on your computer, plus it works with virtually any mail client with nothing to install on the server or on the client.
I'm at 99.9% accuracy so far this month.
And you better change that sime, straightforward procmail recipe to use ":0fw:" on the first line. That trailing ":" is important if you are not running spamd, as it makes procmail use a lock file and only run 1 instance of SpamAssassin at a time. Otherwise, if you get 30 messages, you'll get 30 instances of SpamAssassin, which is 30 instances of Perl, etc. Large load spike.
Two things, first, it is probably more proper to match the X-Spam: YES header than the number of asterisks in the X-Spam-Level header. Then you configure you can tweak your cutoff level for X-Spam: Yes in the SA config.
Also, rather than running SA from procmail or other means, it is much more efficient and clean to run it from a seperate daemon like amavisd-new and then configure postfix to use amavisd-new as a content_filter. There are several advantages of this approach, the greatest one being that you do not have process startup penalties for incoming mails to be scanned since amavisd-new is written in perl, references the SA engine through the perl module rather than the commandline, and has a similar scalable child process architecture to apache and many other network server daemons. Other nice things about amavisd-new is that you can integrate many different virus scanners with it as well as SA and it will handle all the subject rewriting, mail deleting, etc for you.
As for maintainence, there isn't any. I set up exim two or three years ago and have hardly touched it since.
I wrote an article about the open source tools that I use to keep Spam out of my inbox here:
http://www.involution.com/spamstats.php
... "I installed the software on Red Hat Linux 9, with help from one of Proofpoint's systems engineers. She talked me through getting the Linux system configured properly, getting sendmail set up, and installing and configuring the Protection Server, which includes the MySQL database server for storing quarantined e-mail."
... ]
Ok, which one of you helped him with the book?[
IT consultant Logan Harbaugh is the author of two books on networking. Contact him at [snipped]
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
This guy's article was a joke. Not only did he use an ancient version (in the spam world) of SpamAssassin but he either flat out lied in his article or was too lazy to seek out the truth. Hard to configure? Can't find docs? Doesn't support A B C D or E? If this guy had spent 5 minutes of his precious time doing to research on SA he wouldn't have made these flagrant lies. I don't get these people. I really don't. I CCd the Editor-in-Chief at InfoWorld, Mr. Steve Fox, as well.
Mr. Harbaugh,
This letter is in response to your InfoWorld article titled "Commercial solutions win, spam loses." In that article you portray all commercial spam solutions as winners and you portray the only open-source spam solution you reviewed as a dismal failure. I must say that as a professional in the anti-spam field I'm am truly disappointed by your incomplete and inaccurate assessment.
You start the article off quite well. Your introduction regarding two of the possible types of spam filtering is in terms that the average reader can understand. The introduction is also technically accurate, although it doesn't mention the other ways to filter spam.
You quickly take an opportunity to kick dirt on SpamAssassin by claiming it filters a fraction of the amount of spam all the commercial solutions filter. You hint at something during that statement when you said that SpamAssassin's "age showed in my tests," yet you fail to actually make it apparent to the user what the real truth is. I must ask, why did you choose to compare such an ancient version of SpamAssassin to the current versions of the four commercial products? Version 2.44 is over 9 months old. Spam filtering techniques are constantly evolving to filter a continually changing target. Comparing a 9.5 month old copy of SpamAssassin to the current version of BrightMail is like comparing a 1990 Chevy Silverado to a brand-new 2004 model. As an author and professional in the IT industry writing a column for InfoWorld, one of your goals is accuracy and fairness in reporting, is it not?
You make numerous false statements regarding SpamAssassin in your article:
1) "All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves... SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users."
This is simply not true. SpamAssassin allows its users to add whitelist or blacklist entries to the personal preferences. It also allows its users to control the scoring for each individual ruleset with SpamAssassin's arsenal. Even the ancient version of SpamAssassin you chose to use had that simple feature. SpamAssassin also has the ability to automatically whitelist senders.
2) "Delegation of specific administrative functions is possible with all the products except SpamAssassin..."
This too is not true. As I said in response to number 1, SpamAssassin allows its users to control the scoring for each individual ruleset. This gives them the ability to disable certain rules, lessen the scores of others, and increase the scores of rules they wish had more weight. For example a user could disable the MAPS RBL DNS blacklist checks, whitelist joe@mydomain.tld, blacklist annoying-spammer@spamdomain.biz, and increase the score of the rule ALL_CAP_PORN to 2. The users can also create their own rulesets. SpamAssassin gives its users a high level of control over their spam filtering.
3) "Finally, in addition to stopping spam, all four commercial products provide content-filtering features, allowing the administrator to block incoming or outgoing e-mail that contains proprietary data, audio or video files, executables, sexually explicit words, or racial slurs. They also provide protection against DoS attacks and directory harvesting attacks."
This one baffled me at first. I'm honestly not sure why you want to compare features that have nothing to do with filtering spam. Filtering racial slurs from an email is
Here's how I catch false positives. But basically you should just learn to live with either false positives or spam. Take your pick.
:0 H :0 H
I turned subject rewriting on:
rewrite_subject 1
Then I set the subject tag to include the hit number:
# Text to prepend to subject if rewrite_subject is used
subject_tag *****SPAM****:*_HITS_*
then in your email client you can sort your JUNK messages based on subject. This will put the tagged spam messages with the fewest hits at the top. That way you can easily look at messages with the fewest hits.
I added another level of filtering to avoid looking at totally bogus spam messages. I setup two folders in my email client. "SPAM" and "EVILSPAM". I have a procmail filter that pipes spam messages with hits greater than 10 to EVILSPAM, that way I don't even look at them. All other spam goes to SPAM:
* ^X-Spam-Status: Yes, hits=[0-9][0-9]
mail/EVILSPAM
* ^X-Spam-Status: Yes
mail/SPAM
Your email client can probably do this for you, instead of a procmail filter. But this way I can use webmail and all my rules are on my server, not on my client.
joe.
Thank you to Mr. Harbaugh for replying. His second paragraph still indicates that he doesn't realize that the current release of SA has all the features he said were missing. I look forward to this being corrected in a future article. I didn't go into much of a free vs commercial debate in my reply; however it seems that some folks did. I also didn't touch on the support issue. Frankly I find that support really isn't needed as long as the admin is compotent. I was involved in a discussion yesterday with a company I consult with. The topic of the discussion was which Linux distro we should use in the future now that RH is going towards an entreprise distribution and support contracts. Many seemed to believe that we should have technical support for whatever distro we chos