Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Eye on SpamAssassin

Posted by CmdrTaco on from the not-totally-surprising dept.

ErrorBase writes "In this Infoworld article, Logan G. Harbaugh makes a great deal about an ancient (2.44) version of SpamAssassin comparing it with newer comercial variants. Quote : You get what you pay for. [...] However, it took more than 10 times as long to install and configure SpamAssassin as it did any of the other products. " Why did he not ask Kevin Railsback who had the whole thing working some while ago?)"

12 of 324 comments (clear)

  1. SpamAssassin by hookedup · · Score: 5, Interesting

    All my incomming mail comes through SpamAssassin (cant remember which version off the top of my head), and once in a blue moon a single piece of spam will manage to find it's way through. When it does, I guess i should just applaud the spammer for being so devious.

    TrollAssasin would be nice, imagine seeing posts subjects as *****TROLL***** heh

    1. Re:SpamAssassin by Cygnus78 · · Score: 5, Funny

      Why not create SlashAssassin ? All incoming mail gets moderated.. Let's see ... aah a +5 Interesting. What about this one. Oh a mail from dad.. moderated Offtopic! How typically. Ah one from my brother.. Flamebait.. !

  2. a problem with reviewers by Taranis-BSD · · Score: 5, Insightful

    This was just a setup to make commercial software look better or just a incompetent reviewer. Next.

  3. Logan You Better Run by Anonymous Coward · · Score: 5, Informative

    Great - compare generation or more older open source to fresh shrinkwrap. Who's zooming (or shilling) for who.

    My ISP (souther NH) runs SpamAssassin 2.6 - and I can tell you that at the default settings it catches 90-95% with .01% (yes Bucko, less than 1/1000) false positives. When they implemented it several versions ago it was just as good.

    I've got one client where the run NO filter - some folks (the names GOTTA be on the web site) get up to 100 spams a day. IT are basically monkeys with hands. I have no idea what the CEO thinks. They wouldn't even think OS as they're a total MS shop.

  4. Works for me by perlionex · · Score: 5, Informative

    I run a mail server at home on a Linux box, with Postfix and Spamassassin 2.60. I have it configured to label mail as spam once it hits 8 points, and to automatically chuck it into /dev/null once it hits 12 (using Postfix's header_checks).

    It works pretty well for me -- the mail server's only for my personal use so I don't really have to worry about irate subscribers sueing me for dropping them legit mail =p and the 8-12 point range in the spam marking gives me a chance to vet through those suspicious mails briefly before deleting them.

    I've never tried any other spam filters on the server-side, so I can't really compare. I guess I'm also a bit of a Linux hacker so I don't mind tweaking all those config files along the lines of the FAQ and other hints on forums to get it to work the way I want it to.

    --
    Gan Family Homepage
    1. Re:Works for me by perlionex · · Score: 5, Informative
      Inside /etc/postfix/main.cf:
      # The header_checks parameter specifies an optional table with patterns
      header_checks = regexp:/etc/postfix/header_checks
      Inside /etc/postfix/header_checks (note: replace "*" with "[backslash]*"):
      /^X-Spam-Level: ************/ REJECT
      Inside /etc/mail/spamassassin/local.cf:
      rewrite_subject 1
      report_header 1
      ok_languages en
      ok_locales en
      required_hits 8
      subject_tag [SUSPECTED SPAM]
      --
      Gan Family Homepage
  5. Re:What is a good client-side spam filter for Outl by uradu · · Score: 5, Funny

    ==> Start|Settings|Control Panel|Microsoft Office XP Professional with FrontPage|Remove

    Best one yet!

  6. He already sent an open letter to SAtalk by damian · · Score: 5, Informative

    He sent a long open letter to SAtalk. You can find it in the mailing list archive

  7. no wonder... by theonlyholle · · Score: 5, Insightful

    well, on the first page the author already makes it pretty obvious why SpamAssassin had to come out at the bottom of the list. He is comparing version 2.44, which was included in RH9 and is thus at least 8 months old, to the latest antispam software that is regularly updated. How on earth is that an unbiased comparison? In a world where spam patters change every week, if not every day, 8 months is a generation... he even says so in his article. I'd be interested to see the results of a similar test, but with SpamAssassin 2.60 and of course with bayesian filtering and some of the other optional features enabled...

  8. The review isn't as bad as slashdotters make it by greppling · · Score: 5, Insightful
    I am sure he was as disappointed as me that the installation didn't follow the ./configure && make && make install standard procedure, and that it defaulted to /usr instead of /usr/local as installation directory.

    Seriously:

    • The Spamassassin installation documentation could be better written IMHO.
    • Why doesn't RedHat's update service offer constand updates to the current version of SpamAssassin?
    • Why doesn't it (as mentioned in another post) have the most important configuratoin setups included in their overall configuration GUI?
    I really wish distributions would support SA better.
  9. SA+MailScanner works for me by cyways · · Score: 5, Informative

    I've found the easiest way to implement SpamAssassin is to invoke it through MailScanner. MailScanner uses third-party virus scanners and can optionally invoke SpamAssassin as well. With the free ClamAV antivirus product, you can build a powerful open source mail scanner. Even without a virus scanner, MailScanner detects and quarantines executable attachments and other dangerous content which represent the most common types of mail-borne viruses and worms.

    RedHat installs the daemonized version of SA as well as the SA Perl scripts. Using the daemon, the easiest implementation is to invoke SA in /etc/procmailrc on the mail delivery host; for mail gateways running sendmail, you need to use the milter interface. I've found the MailScanner+SpamAssassin approach much easier to configure than either of these methods, and you get virus scanning to boot!

    I suspect if the reviewer had compared SA 2.60+ to the commercial products, rather than the older 2.44 version used in the review, SA would have shown better results.

    I'd agree with the reviewer that one of the things SA lacks is an easy method for users to interact directly with the program. (Part of the issue has to do with security; SA runs as root. As I read the review, I wondered how the other products allow users to interact directly with the scanners without sacrificing security.) It's not easy to maintain per-user Bayesian filtering, for instance, but I generally recommend having the mail client, e.g., Mozilla, handle these tasks.

  10. My letter to the author by macdaddy · · Score: 5, Insightful

    This guy's article was a joke. Not only did he use an ancient version (in the spam world) of SpamAssassin but he either flat out lied in his article or was too lazy to seek out the truth. Hard to configure? Can't find docs? Doesn't support A B C D or E? If this guy had spent 5 minutes of his precious time doing to research on SA he wouldn't have made these flagrant lies. I don't get these people. I really don't. I CCd the Editor-in-Chief at InfoWorld, Mr. Steve Fox, as well.

    Mr. Harbaugh,

    This letter is in response to your InfoWorld article titled "Commercial solutions win, spam loses." In that article you portray all commercial spam solutions as winners and you portray the only open-source spam solution you reviewed as a dismal failure. I must say that as a professional in the anti-spam field I'm am truly disappointed by your incomplete and inaccurate assessment.

    You start the article off quite well. Your introduction regarding two of the possible types of spam filtering is in terms that the average reader can understand. The introduction is also technically accurate, although it doesn't mention the other ways to filter spam.

    You quickly take an opportunity to kick dirt on SpamAssassin by claiming it filters a fraction of the amount of spam all the commercial solutions filter. You hint at something during that statement when you said that SpamAssassin's "age showed in my tests," yet you fail to actually make it apparent to the user what the real truth is. I must ask, why did you choose to compare such an ancient version of SpamAssassin to the current versions of the four commercial products? Version 2.44 is over 9 months old. Spam filtering techniques are constantly evolving to filter a continually changing target. Comparing a 9.5 month old copy of SpamAssassin to the current version of BrightMail is like comparing a 1990 Chevy Silverado to a brand-new 2004 model. As an author and professional in the IT industry writing a column for InfoWorld, one of your goals is accuracy and fairness in reporting, is it not?

    You make numerous false statements regarding SpamAssassin in your article:

    1) "All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves... SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users."

    This is simply not true. SpamAssassin allows its users to add whitelist or blacklist entries to the personal preferences. It also allows its users to control the scoring for each individual ruleset with SpamAssassin's arsenal. Even the ancient version of SpamAssassin you chose to use had that simple feature. SpamAssassin also has the ability to automatically whitelist senders.

    2) "Delegation of specific administrative functions is possible with all the products except SpamAssassin..."

    This too is not true. As I said in response to number 1, SpamAssassin allows its users to control the scoring for each individual ruleset. This gives them the ability to disable certain rules, lessen the scores of others, and increase the scores of rules they wish had more weight. For example a user could disable the MAPS RBL DNS blacklist checks, whitelist joe@mydomain.tld, blacklist annoying-spammer@spamdomain.biz, and increase the score of the rule ALL_CAP_PORN to 2. The users can also create their own rulesets. SpamAssassin gives its users a high level of control over their spam filtering.

    3) "Finally, in addition to stopping spam, all four commercial products provide content-filtering features, allowing the administrator to block incoming or outgoing e-mail that contains proprietary data, audio or video files, executables, sexually explicit words, or racial slurs. They also provide protection against DoS attacks and directory harvesting attacks."

    This one baffled me at first. I'm honestly not sure why you want to compare features that have nothing to do with filtering spam. Filtering racial slurs from an email is