Slashdot Mirror

← Back to Stories (view on slashdot.org)

SpamAssassin 3.0 Released

Posted by timothy on from the great-day-for-mankind dept.

davemabe writes "At long last, SpamAssassin 3.0.0 has been released. I've been using the release candidates for a month or so, and the results have been far improved over previous versions. Its use of SURBL along with Bayes auto learning make it seem like this solution is the one to beat. It looks like they've introduced a new logo as well. Snazzy!"

5 of 335 comments (clear)

  1. A spam arms race? by zaxios · · Score: 4, Insightful

    And will SpamAssassin's effectiveness erode as spammers adopt smarter methods in response? Escalation is not a long-term solution to any arms race or conflict. We can continue to fight spam, but the only way we will decisively defeat it is by acknowledging it as a social problem and legislating against it, with an common sense certainty and determination no one in Western goverments seems to be providing.

  2. Does it use IP's or URI's ? by NKJensen · · Score: 4, Insightful

    From the SURBL site: "parse URIs in message bodies, extract their domains, and check those against a SURBL...."

    I would rather extract the domain, look up the IP, and check the IP.

    That way the server will have to move to a new IP - not just get a new bogus domain name.

    Yes, I know that servers many host many domains:

    This will only increase pressure on the spamheaven server admins to get rid of the people who use spam to spamvertize their sites.

    --
    -- From Denmark
    1. Re:Does it use IP's or URI's ? by ChaosDiscord · · Score: 4, Insightful
      If they're on the same box as me, you just blacklisted 399 other domains that shouldn't have been blacklisted.

      You're not blacklisting; you're marking as "more likely spam". In practice the damage will be minimal. First, legit email from the other 399 domains will in general be non-spam-like. The positive hit on the IP address won't be enough to push them over the edge. The penalties for being found in the SURBL at the moment are all relatively small, all less than 1 (5 points are needed in the default configuration to mark a message as spam). The only exception is data from the Spam Cop database, which is fairly small and more carefully vetted. If they broaden from hostnames to IPs, you might have to tweak the scores down, but that's it. Second, what's the realistic chance of your getting email containing a URL linking to that IP? There are millions of web sites. The Big Important Web Sites aren't on the sort of massive shared server you describe. The chances that you'll get an email mentioning one of those smaller sites is pretty small. There is a risk, but it's small enought that I won't lose any sleep over it.

      --
      Search 2010 Gen Con events
  3. fillters vs. stallers by Anonymous Coward · · Score: 4, Insightful

    When do people learn that
    what we need is not spam filters but spam stallers.

    With spam filters your just precipitating in a arms race.

    The spammers will send more and more spam
    and your spam filters will use more and more
    of your processor time to filter the spam.
    It is a uphill battle against the spammer.

    With spam stallers like sa-exim and tarproxy
    your are stalling the spammers smtp connection
    and the effect is that the spammer can't send
    as much spam or that they drop you email from there email database.

  4. Installing on Windows....you're kidding, right? by Chris+Carollo · · Score: 4, Insightful

    So I've heard good things about SpamAssassin and headed over the webpage to figure out what I needed to do to install, and I found this.

    I'm probably going to flamed for this, but that install process is ridiculous. I'm not even close to being a newbie, but there's no way I'd go through that much hassle to install a spamblocker compared to something like SpamBayes that does a standard windows install and hooks right into Outlook. Does anyone thing that these things are reasonable?

    1. I'm supposed to extract it to the root of my drive. Sorry, my root is sacrosanct. If the /. crowd is going to complain about RealPlayer dumping shortcuts in my desktop, quickstart bar, and main start menu, how is SpamAssassin making directories in my root any better? At least I can delete the stuff RealPlayer litters around.

    2. I've got to install Perl modules? And it doesn't work with certain versions of Perl? The install should include whatever it needs to run. Don't make me track down some particular version of outside software.

    3. I've got to generate a batch file and run it to generate the documentation? Why not just include the generated documentation?

    4. Step 10 of the install FAQ mentions a D drive. I don't have a D drive. Does SpamAssassin really require TWO drives to run/test properly?

    5. The whole install process includes 13 steps, some of which are fairly complicated.

    This is one of the reasons why the whole open-source initiative has such a bad, pointy-headed reputation. Where is the focus on usability and user-friendliness? I often get the impression that it's "not cool" to actually put time and energy into making your software anything other that esoteric in its usage. I realy would like to try SpamAssassin, but dealing with the minor annoyances of SpamBayes for the next six months is clearly less work than installing SpamAssassin today. Why doesn't that bother anyone?

    I'm probably going get either flamed or ignored for this post, but I would appreciate a reasonable response if there is one. We'll see I guess.