Slashdot Mirror
SpamAssassin 3.0 Released
davemabe writes "At long last, SpamAssassin 3.0.0 has been released. I've been using the release candidates for a month or so, and the results have been far improved over previous versions. Its use of SURBL along with Bayes auto learning make it seem like this solution is the one to beat. It looks like they've introduced a new logo as well. Snazzy!"
For those not in the know, SURBL is really cool. It actually lets you scan the message(well, SA does that) and then look for urls that it links to. It compares this to a realtime BL of other people getting spam like you and if it is a known spam TARGET url then it blocks the message based on that.
It makes it really hard for them unless they just register countless domains.
Excellent technology, and I will be upgrading to the newest stable.
Chris
Comment removed based on user account deletion
Filtering spam.
The real news here is not Bayes filtering or SURBL, but the totally rebuilt plug-in architecture of SA 3.0. Plug-ins for the 2.x version were quite a bit harder to write.
Version 3.0 will result in a proliferation of good third party plug-ins that are going to put SA into more direct competition with some of the commercial vendors out there.
You know, *assassins* are the type to take out single, lone, "high value" targets, right?
Sneaking into fortresses/castles, creeping up and then offing the bad guy, or else maybe using some nice long-distance sniper rifle to take out the bad guy, or maybe choice application of poisons at the right bottle of wine, etc.
This is not appropriate for *spam*, where we're talking about waves upon waves upon unending waves in what we would call a "target rich environment". Assassination? No, more like machine-gunning, or artillery, or, I dunno, nukes.
Assassination would take too long.
Ive been playing with DSPAM which seems very good. They claim a 99.991% accuracy. Apparently this is 10 times more accurate then a human. But Ive heard that most anti-spam solutions are very good.
Anybody have a link to the changes compared to the last stable version?
Thank you for your coordination,
the Buzzword Police.
I use SA and like it. I only get about 75% reduction because SA-Learn doesn't seem to work very well. I've been told it takes a lot of mail to get it to learn. Though I would think, "If you see this again kill it" wouldn't take but once. hehe
This is a great news! (a bad for spammers)
:)
And now, Spam assassin is under Apache Licence
And will SpamAssassin's effectiveness erode as spammers adopt smarter methods in response? Escalation is not a long-term solution to any arms race or conflict. We can continue to fight spam, but the only way we will decisively defeat it is by acknowledging it as a social problem and legislating against it, with an common sense certainty and determination no one in Western goverments seems to be providing.
I've been using RC1 for over a month now, and I'll tell you confidently that
-- Performance is MUCH better than it used to be. It scans messages much faster than I've ever seen SA 2.x do, and doesn't hog my server's resources anymore.
-- THIS THING ROCKS. For almost two weeks after I installed it I kept instinctively sending myself test emails to make sure I hadn't broken my mail system, because my volume of incoming mail had reduced so drastically. I was used to getting at least a new spam every 2 minutes. After installing SA 3.0 I got one false negative in a 72 hour period. It is *that* good. To date I still have not recorded a single false positive. I really had to convince myself that this thing was real.
This spamfilter rocks. I'd award it product of the year if I could.
Am I a hipster-doofus?
Didja notice the Apache feathers on the arrow in the new logo? Nice touch!
I feel like that new logo should be subtitled "Message for you, sir!"
Perhaps a good "thwooop!" sound effect would go well with it too.
~Warning!~ The above is encrypted using rot676!
Does anybody know if version 3.0
works with sa-exim??
What I would like to know, how does SA scale? About a year ago a talked to my ISP about it and they said they could not use it as it did not scale well and could not handle big loads.
It would be nice if it could be implemented now as I personally receive about 1000 spam messages a week.
- In Memoriam: Jeroen de Bruin (1972-2004), bye bro
From the SURBL site: "parse URIs in message bodies, extract their domains, and check those against a SURBL...."
I would rather extract the domain, look up the IP, and check the IP.
That way the server will have to move to a new IP - not just get a new bogus domain name.
Yes, I know that servers many host many domains:
This will only increase pressure on the spamheaven server admins to get rid of the people who use spam to spamvertize their sites.
-- From Denmark
Major feature list:
/etc/mail/spamassassin/local.cf file. This is strongly recommended if
- SpamAssassin is now part of the Apache Software Foundation and has an
improved software license, the 2.0 version of the Apache License.
- SpamAssassin now includes support for SPF (the Sender Policy
Framework, http://spf.pobox.com/).
- Web site links contained in the message are checked against SURBL and
SBL. SURBL and SBL track sites that advertise with spam, known spam
sources, and spam services.
- The new 3.0 architecture allows third-parties to easily add plugin
modules.
- There is now SQL database support for both the Bayes and
auto-whitelist modules, allowing more large sites to easily deploy
SpamAssassin.
- A more accurate simulation of email client handling of MIME and HTML
improves our accuracy. In addition, there is better detection and
handling of spammer techniques that try to trick anti-spam software.
Important installation notes:
- The SpamAssassin 2.6x release series was the last set of releases to
officially support perl versions earlier than perl 5.6.1. If you are
using an earlier version of perl, you will need to upgrade before you
can use the 3.0.0 version of SpamAssassin.
- SpamAssassin 3.0.0 has a significantly different API (Application
Program Interface) from the 2.x series of code. This means that if
you use SpamAssassin through a third-party utility (milter, etc,) you
need to make sure you have an updated version which supports 3.0.0.
- The --auto-whitelist and -a options for "spamd" and "spamassassin" to
turn on the auto-whitelist have been removed and replaced by the
"use_auto_whitelist" configuration option which is also now turned on
by default.
- The "rewrite_subject" and "subject_tag" configuration options were
deprecated and are now removed. Instead, using "rewrite_header Subject
[your desired setting]". e.g.
rewrite_subject 1
subject_tag ****SPAM(_SCORE_)****
becomes
rewrite_header Subject ****SPAM(_SCORE_)****
- The Bayesian storage modules have been completely re-written and now
include Berkeley DB (DBM) storage as well as SQL based storage (see
sql/README.bayes for more information). In addition, a new format has
been introduced for the bayes database that stores tokens in fixed
length hashes. All DBM databases should be automatically converted to
this new format the first time they are opened for write. You can
manually perform the upgrade by running "sa-learn --sync" from the
command line.
The "sa-learn --rebuild" command has been deprecated; please use
"sa-learn --sync" instead. The --rebuild option will remain
temporarily for backwards compatibility.
- "spamd" now has a default max-children setting of 5; no more than 5
child scanner processes will be run in parallel. Previously, there
was no default limit unless you specified the "-m" switch when
starting spamd.
- If you are using a UNIX machine with all database files on local
disks, and no sharing of those databases across NFS filesystems, you
can use a more efficient, but non-NFS-safe, locking mechanism. Do
this by adding the line "lock_method flock" to the
you're not using NFS, as it is much faster than the NFS-safe locker.
- Please note that the use of the following command line parameters for
spamassassin and spamd have been deprecated and are now removed. If
you currently use these flags, please remove them:
in the 2.6x series: --add-from, --pipe, -F, -P, --stop-at-threshold, -S
in the 3.0.x series: --auto-whitelist, -a
- The following flags are de
Hopefully mailscanner will upgrade to use this. Mailscanner is really awesome and combined with SA makes a great mail delivery option.
How about SpamDribeBy(tm) ?
does anyone know of any GPL win32 anti-spam utilities capable of working with exchange?
Sigh. Now I have to fight with my ISP to get a semimodern version of Perl installed.
Whoever designed it gets a gold star.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
I'm building the latest on all of my clients' mail exchangers and our primary boxen. ;)
:) Keep up the good work.
Here's the command to install/upgrade 3.0 via CPAN:
# perl -MCPAN -e shell;
cpan > install Mail::SpamAssassin
(many lines, type in the administrator's e-mail address, say no to network tests)
exit
#
Very difficult stuff.
Oh! Some link whoring as well:
SpamAssassin Milter for Sendmail - Filters everyone without procmail
SpamAssassin Milter Quarantine - Quarantines spam messages and sends summaries in digest for 1 or more times daily rather than simply delivering to the end user.
Karma: Chameleon (mostly due to the fact that you come and go).
This is a point I'd like to carry out a bit. I hate to be a whiner though, so I'll do it AC. But why isn't there a simpler install for Linux users. I resorted to using SpamPal on Windows boxes and just getting my mail on them and it works great. In fact, it's one of the last things I keep a Windows machine around for. I mean how twisted can it get, I use Linux desktops for almost everything but mail? That's totally bass ackwards, but the fact is I can install almost everything I want from Synaptic. I guess that's the other question, what about .deb that has all the dependencies or something.
You can get SpamAssassin to work with it, I've never had to but their are tutorials. You may just be better off using two machines and have SA filter it before it sends it to the exchange server.Steve
Maybe they have picked the right metaphor... you ever watched what happens to a box that gets a few copies of SA running in parallel? It takes a long time!
[...] and doesn't hog my server's resources anymore.
Got any numbers on memory use? I would love to run SA on my home server, but it has "only" got 80MB of RAM. I tried running 2.x, but it seriously brought the system to its knees (swapping)
I must say, Python might be a nice language and all, but as it's making inroads everywhere it's also wrecking havoc on ones ability to convert older hardware into a competent server. YMMV (mailman + bittorrent + (apache + exim + samba) and you're pretty much down to the last few megabytes )
Belief is the currency of delusion.
I could use some help. I've been trying to get Vipul's Razor working with SpamAssassin on FreeBSD 5.2.1, and I keep running into problems. Anyone out there have a working config and like to share?
Karma: Chameleon (mostly due to the fact that you come and go).
Assassination also implies a considerable level of skill in choosing your target. Nukes are pretty indiscriminate. Weapons are typically low-volume high-percision or vice versa. In that sense, I don't think a "nuke" describes it better.
Live today, because you never know what tomorrow brings
Am I the only one that loved those cheesy little plastic ninja dudes in the old logo?
In fact, I thought their logo contest rules suggested that they would prefer the new one to contain those guys still, in some way or another.
I absolutely don't want to troll, but has anybody here managed to moved an existing SpamAssassin setup to a CRM114 setup? While I don't plan to move away from SpamAssassin, I want to evaluate both how effective CRM114 is and how easy it would (theoretically) be to eventually move some or all of our customer's existing SA installations to CRM114.
A monkey is doing the real work for me.
Well, since it's capable of removing a certain caste of emails entirely how about SpamGenocide or SpamacialCleansing?
Perhaps we should identify it with (im)famous person(s) to drive up hits like SpamHitler, SpamNazi, or SpamlobodanMilosevic?
Maybe something that has an associated coolness factor, instead of being (almost) universaly hated, like Dr. Spamibal Lecter?
Well, there's still the problem of overwhelming evil there. It's not really evil, just heartless and calculating. Hmm, heartless, calculating, killer... I got it! How about SpamAssassin? Oh, wait...
Email was designed to trust everyone, making it hard to reject email from people you don't want it from. We must get everyone to move to a better architecture which can force sender authentication if desired by the receiver. My own personal preference would be to have the sending MTA sign outgoing mails with a public key. Any scheme be much easier than getting 100% of governments to outlaw spam, which is what is needed to be effective. Legislation is not the answer to a technical problem.
Well, though there may be a large amount of spam, doesn't like 90% of it get sent by the top 10% of spammers, or something to the same effect? If you could whack off a couple of the top guys ...
When do people learn that
what we need is not spam filters but spam stallers.
With spam filters your just precipitating in a arms race.
The spammers will send more and more spam
and your spam filters will use more and more
of your processor time to filter the spam.
It is a uphill battle against the spammer.
With spam stallers like sa-exim and tarproxy
your are stalling the spammers smtp connection
and the effect is that the spammer can't send
as much spam or that they drop you email from there email database.
The new logo is nice, but I was kinda partial to the nunchaku wielding ninjas knocking the crap out of spam.
Think of it like the scene from Alien vs. Predator.
SA is a Predator on top of this pyramid and all the Aliens are spam.
The Predators fight a fierce battle against the Aliens. If everything fails and the Aliens win the Predators destroy everything!
Like in real world.
Spamassassin kills/marks every mail with a $score > $spamscore. If the server crashes/explodes, you have other problems than Spam
Grundgesetz * 23. Mai 1949 - 30. November 2007 - http://www.vorratsdatenspeicherung.de/
Disclaimer: I work for a company, but I don't speak for them.
The Monty Python clip is included, and will play upon delivery of your email..
Maybe you already knew that..
Paul Gillingwater
MBA, CISSP, CISM
i guess that would be too much to ask, i would love this technology for personal use, but alas us in corporate hell will have to stick to whatever [insert multi million $ synergistic leveraging VFM solution] our massers give us
http://shit.slashdot.org/article.pl?sid=04/09/22/1 30254
SpamMassacre? SpamAbbatoir? WeaponOfSpamDestruction?
Any word of a .deb for this? I am so tired of v2.64.
A lot of closed source software has open source counterparts, (i.e. MS and Open Office) but its always interesting to see closed source commercial software based on an open source project.
McAfee has a product for Exchange servers that is based on Spam Assassin called Spam Killer. I found out about it from the Spam Assassin site when I was looking for a windows version. Spam Killer isnt free yet its not as expensive as some of the other solutions out there.
The major problem I've been having with it is it creating zero byte emails which cannot be downloaded via pop3. When a user gets 30 messages, and message 10 is a zero byte email the client will constantly download the first 10 over and over, creating duplicates, until the user logs into outlook web access (webmail) and deletes the zero byte message. This doesnt happen to the MAPI users but we have quite a few POP3 users.
The support people are useless, I'm about to try out Microsoft Intelligent Message Filter for exchange, and hopefully with some good RBLs it should be ok.
Im dreaming ofa big bndwdth, That can resist the
It describes what many people, myself included, would like to do to spammers. Although it might be a bit too quick and painless...
---
"I did nothing. I did absolutely nothing and it was everything that I thought it could be."
actually assasinate the spammer? That would put an end to most spam I would think.
Just spray on some Spamicide...
Please go and look up
their, there
and
your, you're
in a dictionary and stop spreading these errors.
Also you precipitate something, not in something.
A precipitate may appear in a solution in the literal sense. Perhaps you meant participating?
PS I like your poetic formatting,
but given that nothing rhymes,
I feel cheated somehow.
The solution is extremely simple if you use OpenBSD.
rdr on $ext_if from any os "Windows" to any port smtp -> 127.0.0.1 port 8025
99.9% of all spam comes from compromised Windows boxen, and nobody with a clue would run a mail server on windows.
Turbo Smorgreff
I recently read an excellent book on SpamAssassin by Alan Schwartz, published by O'Reilly and Associates, Inc. My views might be biased since he's my first cousin, but if you're a mail server admin, it's probably a must-have. I don't think it covers desktop usage as well, but then again, Evolution's getting that integrated anyways.
The sections on rules are extremely nice, and I found them pretty informative as to how the software works underneath. It covers version 3, too, so it's damned timely.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
Earthlink Spaminator(TM)
Seems like they're kind of wasting a name that would work pretty well in the market.
This may seem a tid bit lazy but... ... something that would install and configure postfix, spam assassin, etc to receive mail and forward it to another server after filtering it.
It seems like there are linux distributions for just about anything you might want: routers, pvrs, etc. Are there any linux distributions designed to be a mail anti-spam/anti-virus (or just anti=spam) gateway?
The reason I think this would be cool is because configuring mail apps on linux can be hard and because this would be a great linux foot-in-the-door distribution for Exchange admins who didn't want to pay thousands of dollars for antispam gateways.
Heh that reminds me of The Fifth Element. In the beginning of the movie a mugger fools the main character into thinking the coast is clear by wearing a special hat that had painted onto the top of it what the main character would normally see when looking on his surveillance screen so when the mugger pressed the hat up against the surveillance camera, the main character couldn't tell there was actually a mugger waiting for him on the other side of his door:
..you know these things are VERY illegal..you could get in a shit load of trouble..I better hang onto it for you..
46A INT. KORBEN'S APARTMENT - DAY
A thermo nuclear explosion fills a T.V. screen..Which Korben's cat watches with interest.
Korben is about to exit the apartment.
KORBEN
Don't watch it all day, it'll rot your mind. Bye sweetie..
In response, the cat meows. Korben opens the door to..A huge gun, brandished by a nervous MUGGER, pointing right in his face.
MUGGER
The cash man!
KORBEN
Been here long?
MUGGER
Don't fuck with me man or I'll blow you into tomorrow!
Unperterbed, Korben looks at the mugger's fearsome weapon.
KORBEN
Isn't that a Z140? Alleviated titanium. Neuro charged assault model?
MUGGER
(off balance)
Uh..
KORBEN
You know you could hurt someone with this puppy..good thing it's not loaded..
The mugger is lost. He looks at his weapon.
MUGGER
It's not?
KORBEN
You gotta push the little yellow button...
Korben points to the button on the side of the gun. The mugger takes his advice.
MUGGER
Thanks..
KORBEN
You're welcome..
And with lightning speed, Korben blasts the mugger with a straight right hand, sending him down for the count. Korben retrieves the gun.
KORBEN
As the mugger clears his head, Korben opens a drawer next to him which is full of similar guns! The mugger's eyes pop out of his head. He scampers to his feet and runs off.
Korben shrugs, exits his apartment, and closes the door. The cat watches a nuclear holocaust on T.V., uninterrupted.
==
Damn I love that movie
...unfortunately no one can be told what The Mat^H^H^HGoatse is...they must experience it for themselves...
I'm getting errors that seem to indicate that DBD::MySQL is just plain borked. "Database version 0 is different than we understand"... Tried to upgrade (found one hit on Google that said I might need to DOWNgrade instead)... either way, DBD::MySQL thinks the root MySQL user doesn't need a password. :rolleyes:
"Ain't no right way to do a wrong thing."
I've been using a form of SURD for over a year.
o rs .net%2F&safe=vss
It works good, but they are already defeating this by using things such as RD.YAHOO.COM which redirects to their spam site. This defeats the SURD I use.
Granted, RD.Yahoo is secure now, but there are many others.
Once folks really start using SURD, how hard will it be for the spammers to link to:
http://64.233.167.104/search?q=cache%3Agetvisit
Which is a Google copy of a spam site.
If you could whack off a couple of the top guys ...
No thanks. I want no part of giving sexual satisfaction to spammers.
Oh wait...you want to whack them, or knock them off...go for it, then!
We can believe in you for 3 minutes, but beyond that, even the King of All Cosmos can't be expected to wait.
Great stuff. My hosting company uses it and it works extremely well. Filters out tons of crap for me. Nice to see a new version out.
Jim Lynch
Tech Analyst and Community Manager
I've been using the 2.63 version of Spamassassin for a few months now, and it's surprising how well it works, especially when you use the "spam/ham" folder saving feedback system. I've noticed a lot fewer miscategorizations, which gives me a better feeling about using the app site-wide (I'm just using it for three users right now). I'm really excited about the potential for a major release like this having significant and noticable improvements in key features like heuristics and integration. The logic improvements will help end-users feel better about setting things up a certain way, then forgetting about it. Integration (it's great that it's under the Apache S.F. umbrella now) means that more people will get behind supporting it, which follows with increased feature richness, improved algorythms and rapid filter development. In the end, though, myself and my users just love seeing the spam marked out in an increasingly accurate way...so it becomes second-nature to just rapidly press the delete key without much thought....
-----
Free P2P Backup, Windows & Linux
Someone in the place I used to work at had an e-mail of someone else which had a signature which scrolled in from the right of the page and flashed and stuff and from there in around 2 months more than 90% of everyone else in the office had the same thing. I believe this relied on Javascript and Outlook was more than happy to comply.
if you use spamass-milter, you should check this thread if you use the '-r' option to reject high-scoring mail.
l is t/2004-08/msg00009.html
http://lists.gnu.org/archive/html/spamass-milt-
SpamSlaughter
Then perhaps someone should release a product called "SpammerAssassin". It might be a nice tie-in with the article on humanoid robots from a few days ago.
How about SpamGeneticallyTargettedBioPlagueWeapon ? Not quite as catchy but probably more accurate.
If you consider my reply off topic you either don't like The Fifth Element :P or I need to make the analogy clearer. My explanation of the analogy is what makes THIS post even more on topic then the parent:
;)
The Mugger was the spammer
The main character was the user
The video camera was "the spam filter" and
The Mugger's special hat was the mechanism used to defeat the spam filter.
If you don't see that mugging and spamming are essentially the same then thats your problem
...unfortunately no one can be told what The Mat^H^H^HGoatse is...they must experience it for themselves...
For other OSS anti-spam projects to beat? I have to ask, because in every bake-off of contest with the leading commercial tools, SA has been thurougly beaten and plagued with both high false negative and high false positive rates. The dependence on PERL also makes it significantly slower than other solutions, except of course those built on PERL as well (like Sophos').
SA is no where near the class of accuracy of CipherTrust, Proofpoint, Tumbleweed, or any of the other major anti-spam vendors.
Someone is WRONG on the Internet!
Except that, doing so, you're deliberately screwing up the email system, which may also include legitimate emails in the same queue, and that spammers don't care, since they just own more windows boxes to increase capacity.
SA 3 is a good step in keeping things under control until a technological solution to email authentication is combined with good law enforcement.
SpamAssassin, when properly configured, has spectacular spam detection accuracy. For your account or for a small domain, you should be able to see SA yield "near perfect" filtering (i.e., probably as good as a human could pull off).
That's the point at which we become interested in SpamAssassin users joining WPBL, an automated spam reporting system. Powered by scripts living in procmail and cron, participating systems send WPBL lists of IP addresses sending spam and ham. The central server crunches this data hourly to produce a list [rsync://rsync.pc9.org/wpbl/wpbl-blocks.cidr] of blocked IP addresses that are spam sources.
If your site uses SA and you have verified your spam detection accuracy as nearly-perfect, you might be interested in contributing your spam/ham sighting stats to WPBL. The resulting block list can be used by anyone (and is used by some ISPs for spam scoring). The way I think of it is, after you've taken care of the spam problem at your site why not help tell the rest of the world where spam is coming from.
There is a problem, though its not with the second word of the name 'Spam Assassin'. The problem is the first word needs to have an 'mer' on the end of it. Then we're talking about the most effective solution for spam that I can think of.
It's called Barracuda, and they practically give it away for free. That's not to say that the quality is any good, but it's exactly what you're asking for.
Someone is WRONG on the Internet!
.... Huh huh huh, like Dude, SpamAssassin has "ass" in it, like TWICE! huh huh huhuhuhuhuhuhuh.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
What I use now (alongside SpamAssassin) is TMDA. This is basically an "approval queue" for messages. If someone not in your approved list send you mail, they get a reply telling them they need to send mail to a specificly generated address in order to allow the mail to pass through to me. Eventually mails that don't get approved time-out and get added to a blacklist for the future. I also quickly review the queued items every morning in case someone didn't see the approval mail (it has a tool that allows you to easily peruse the list with just subject and sender info). So far I've gotten NO spam through this method -- NONE. I used to get hundreds a day, and now I have a spam-free INBOX because of TMDA.
While I highly recommend using TMDA, it may not be for people running businesses or waiting for mail from clients. The auto-reply message can perhaps strike some as inconvenient, even though they only have to do it once (once they've sent mail to the approval address, they're added to the whitelist for all future mails). So far spammers haven't found a way around TMDA it seems...so far.
Trolls lurk everywhere. Mod them down.
I've been successfully blocking almost all spam (except for really incredibly poisoned stuff, which is why SURBL sounds interesting) with ASSP for about a year.
http://assp.sourceforge.net
-Easy to install and uses web-based management
-Users can forward spam to it to help train the filter
-Now with SPF
-Whitelists, redlists, spam bomb prevention, antivirus built in
I have been using spamnix for filtering my Eudora mail and have had a great experience (it is spamassassin + bayes). Does anyone know if there is a project/plan to looking into a spamassassin extension for Mozilla/Thunderbird that would augment the built-in bays filtering? I am not at all impressed with the current mozilla performance. Cheers.
Of course, anyone who questions the quality of an OSS project must be "making it up", as we all know OSS projects are above reproach!
E spam_1.html?s=feature for instance? Apparently they require reg now, anonymous/anonymous seems to work. I've seen similar reviews in other (printed) IT pubs, but I haven't been able to find any of them on-line yet.
Well how 'bout http://archive.infoworld.com/article/03/11/14/45F
Someone is WRONG on the Internet!
And the other negative about dspam is it doesn't integrate well at the SMTP/MTA layer, it has a marked design preference for the delivery agent layer.
It's really layer-agnostic. Most implementations include a quarantine area and mail body markup. But, you aren't stuck with that.
I've had no problem integrating it into the MTA layer. Our mail store is on the inside of a firewall. Our external MTA is on the DMZ-- this is where DSPAM lives. I have DSPAM marking the headers of the email. I have a Sieve filter on the internal mail store checking the headers, and delivering messages marked as SPAM to a user's SPAM folder. Under the spam folder are two other folders: "Drop_Spam_Here," and "False_Positives." Users drop mail into those two folders for DSPAM training.
I have some simple Perl programs that scan the mail store and move mail out of the training folders, passing the messages on to DSPAM.
It's all much simpler than it sounds, especially for the user.
Email me at tee oh en why at searhc.org if you want the DMZ Exim config, Sieve filter, and Perl scripts.
Microsoft is to software what Budweiser is to beer.
I'm concerned about blocking by URLs/IPs in messages. What if a bad person sends lots of spam with links to my site? Wouldn't that make any email *I* send with links to my site (my .sig, for example) more spammy?
So I've heard good things about SpamAssassin and headed over the webpage to figure out what I needed to do to install, and I found this.
/. crowd is going to complain about RealPlayer dumping shortcuts in my desktop, quickstart bar, and main start menu, how is SpamAssassin making directories in my root any better? At least I can delete the stuff RealPlayer litters around.
I'm probably going to flamed for this, but that install process is ridiculous. I'm not even close to being a newbie, but there's no way I'd go through that much hassle to install a spamblocker compared to something like SpamBayes that does a standard windows install and hooks right into Outlook. Does anyone thing that these things are reasonable?
1. I'm supposed to extract it to the root of my drive. Sorry, my root is sacrosanct. If the
2. I've got to install Perl modules? And it doesn't work with certain versions of Perl? The install should include whatever it needs to run. Don't make me track down some particular version of outside software.
3. I've got to generate a batch file and run it to generate the documentation? Why not just include the generated documentation?
4. Step 10 of the install FAQ mentions a D drive. I don't have a D drive. Does SpamAssassin really require TWO drives to run/test properly?
5. The whole install process includes 13 steps, some of which are fairly complicated.
This is one of the reasons why the whole open-source initiative has such a bad, pointy-headed reputation. Where is the focus on usability and user-friendliness? I often get the impression that it's "not cool" to actually put time and energy into making your software anything other that esoteric in its usage. I realy would like to try SpamAssassin, but dealing with the minor annoyances of SpamBayes for the next six months is clearly less work than installing SpamAssassin today. Why doesn't that bother anyone?
I'm probably going get either flamed or ignored for this post, but I would appreciate a reasonable response if there is one. We'll see I guess.
SpamAssassin 2 was GPL and Artistic licensed. Now SpamAssassin 3 is under the Apache Software License.
Those viagra spams were the few bright spots in my mundane life... And those XXX spams... nevermind, I won't go there...
At least I *hope* it renders better under other browsers.
The text in the top frame is halfway gone at some zoom levels under Gecko (Mozilla 1.7.2).
I hope the rest or their operation is better than their website designer.
gewg_
What will keep spammers from poisoning SURBL by including URLs to known valid companies like yahoo.com, google.com, amazon.com, etc?
This seems like it would be even more effective than bayesian poisoning.
I get roughly 100 messages a day, and i recognize spam by practically reading their subject line. If i see a spam, i hit delete and continue. This process takes the time needed to hit the delete key x number of times.
If current antispam technologies just move a message to a spam folder, which we have to check its full quantity of messages to make sure there isn't a false positive, then where is the improvement?
Open Source Java Web Forum with LDAP authentication
Sorry for the plug, but I thought may be interested. :)
Why is the parent interesting, while a comment on the old logo is offtopic? The old logo WAS those little plastic Ninjas.
Are you running spamd?
/w 32MB of RAM. Performance was OK once I started using spamd.
My old mailserver was a 233MMX
When do people learn that we do not need spam stallers.
Listen dude, you obviously have little experience with spam fighting. Tarpiting (or stalling as you refer to it) is ineffective against modern spammers.
Modern spamming software is highly multithreaded and will continue sending thousands of emails even if it's being actively tarpitted by several servers.
I'm using it on a dual 1.6ghz Xeon box with Gentoo here in the office - the box processes over 70,000 emails per day (spamassassin, amavisd-new and clamav/f-prot) and the load average barely goes above 0.02.
:)
Your ISP just didn't want to take any time to actually learn about it.
The question is:
Will it work if I just simple type (in cpan)
install Mail::SpamAssassin ?
2.6 is working very good on my production servers and certainly I don't have the time to go install a test server. I guess I'll wait until somebody else test it out.
No more spam for you!
Yup, you really should run spamd.
I ran spamassassin on a 200MHz with 32MB which got horribly beaten if I got a lot of mails at once.
Running spamd means there's no overhead for starting loads of spamassassin clients at once. Plus it's written in C.
Obligatory Family Guy:
The Don: I have asked you here tonight so that you can perform a service.
Peter: Oh, what are you gonna make me do? Whack a guy? Off a guy? Whack off a guy? Cause I'm married ya know.
You're talking about this:
And I'm talking about this:How long do you get left on the list after the problem is removed?
This is a significant part of the original problem with RBL's. Innocents slammed and slammed hard, with no access to due process.
While not commenting specifically on SpamAssassin, their methods or procedures, it as been clear for some time that many RBL maintainers need to crawl out from under their rock.
So "Extreme Spamfighters" are what we're calling immature sore penis slap nutters now?
You really need to start diagramming your sentences.
"it could, technically, be argued to be murder."
WTF is up with that!???
I've been blacklisting / whitelisting for over a year now with detail logs. >95% of spam is now comming from virus infected bots. 5% are serial spammers, or 'opt-in' idiots. - these are pretty easy to pick up and blacklist these days. Open relays, and Some idiot sending mail via their ISP's (eg. Forwarders) are such a small percentage of spam that it's not even worth the time of day blocking them. (eg. nigerian) The defer greylisting method of spam reduction, along with smart white/blacklisting, is really the only solution to the problem. - SA, Is probably more hastle than it's worth.
Taking PHP to the next level: phpmole, php codedoc, php-gtk pear installer, DataObjects for php, ldap schema viewer and
...in case you didn't notice.
I've often wondered about this - for something like SA, obviously spammer scumbags are going to be picking apart the source with a fine tooth comb looking for ways to beat the filters.
For applications like this, would closed source be a better choice?
Obviously the more people working on filters should (theoretically) lead to better filters, however this will also be true for spammer scum.
I use SA 2.63 on a Debian system. Since upgrading from 2.20 and at the same time starting to use Vipul's Razor (as well as setting up sa-learn to use the same bayes_seen and bayes_toks files as amavis, which wasn't intuitive on Debian), I have literally ZERO false negatives, while still working on a few false positives (mass-mailings from Def Jam, Roskilde Festival and one or two more).
If the difference in performance is as big as you say, though, I might look into doing an upgrade.
:wq!
(mailman + bittorrent + (apache + exim + samba)
;)
It isn't Python causing the problem there. Unless you are doing this for a very low level site, it's all of that combined causing memory use. Besides, of that list, 60% is in C.
Besides, I'd expect bittorrent given what it is to be the biggest resource drain in that list.
I'v ebeen muckign with mailman and have been testing lists with upwards of 1 to 1.5Million subscribers on a machine with 256MB RAm on an old HP 550MHz (it also runs apache, postfix, and djbdns).
Btw, SA is in Perl, not Python.
And finally, it isn't the language, it is the never ending desire to have servers do more stuff dynamically.
My Suburban burns less gasoline than your Prius.
It's like I've seen the entire spam discussion of the last year in 4 pages of slashdot comments! :)
SA 3.0 rocks.
SURBL rocks, and if you read the FAQ, you will see all your questions answered.
I remember the first time /. mentioned SURBL and all the nay sayer comments. Well, go ahead and use it now, then tell me what you think.
Rule Dejour Rocks. (Which autoupdates SA rules with 3rd party ones from www dot rulesemporium dot com)
With the combination of Bayes, SURBL, and SARE (SpamAssassin Rules Emporium) rules, spammers can't hide from SA 3.0
A thank you to ALL who made this release possible!
Take a wild guess if I go through all those messages clicking the stupid links.
Better check what email you're missing.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
My mailserver tarpits and disconnects multithreaded spamware connecting to it from the same IP address. That is to say it strictly enforces a '1 connection only' limit. Unfortunately, if it is 'attacked' by a unblacklisted zombie spamnet, it will have to use other measures available within itself to slow down these machines and ultimately 'autodelete' the spam they spew.
Sounds like a great way to block legitimate email. : \
We use some sendmail throttling to reduce our load.
ok well i tried that and it was working 100% for about 2 hours, then suddenly all my IIS and exchange settings seemed to have gone corrupt. Thank god for backups.
I'm not sure if its related to running the exchage sink script provided by microsoft though, since it doesn't change anything in the registry afaik. And im too damn scared to try it again to find out.
All you need is ONE TCP/IP connection to a remote SMTP server to transfer email. That is what my mailserver does when it sends email to remote mailservers. Sad to say, allowing more than one TCP/IP connection per remote IP address nowadays is just asking for spam!... (>_<);;;
Something I've learned as a sysadmin: developers will ignore RFCs, common sense, and best practices if they feel they can get away with it.
Non RFC compliant email servers make Greylisting a real PITA. I wouldn't be surprised to find out that there are some legitimate multithreaded systems out there.
Thank you for your comments, Burning1.
While everyone else goes gaga over SpamAssassin 3.0 and whatnot, I've gone from barely restrained outrage over spammers/computer crackers to now feeling rather sorry for them as they are wasting their time and resources sending me their garbage to me at iamcf13@hotpop.com -- I'll (effectively) never see it. It would be nice if I could use my mailserver program directly and avoid even having to download the crap as it would 'autodelete' it for me.... =/