Slashdot Mirror
SpamAssassin 3.0 Released
davemabe writes "At long last, SpamAssassin 3.0.0 has been released. I've been using the release candidates for a month or so, and the results have been far improved over previous versions. Its use of SURBL along with Bayes auto learning make it seem like this solution is the one to beat. It looks like they've introduced a new logo as well. Snazzy!"
Comment removed based on user account deletion
Filtering spam.
The real news here is not Bayes filtering or SURBL, but the totally rebuilt plug-in architecture of SA 3.0. Plug-ins for the 2.x version were quite a bit harder to write.
Version 3.0 will result in a proliferation of good third party plug-ins that are going to put SA into more direct competition with some of the commercial vendors out there.
this sounds nice, but what if the url is put together with javascript?
Only morons moderate based on a sig.
Anybody have a link to the changes compared to the last stable version?
I use SA and like it. I only get about 75% reduction because SA-Learn doesn't seem to work very well. I've been told it takes a lot of mail to get it to learn. Though I would think, "If you see this again kill it" wouldn't take but once. hehe
I've been using RC1 for over a month now, and I'll tell you confidently that
-- Performance is MUCH better than it used to be. It scans messages much faster than I've ever seen SA 2.x do, and doesn't hog my server's resources anymore.
-- THIS THING ROCKS. For almost two weeks after I installed it I kept instinctively sending myself test emails to make sure I hadn't broken my mail system, because my volume of incoming mail had reduced so drastically. I was used to getting at least a new spam every 2 minutes. After installing SA 3.0 I got one false negative in a 72 hour period. It is *that* good. To date I still have not recorded a single false positive. I really had to convince myself that this thing was real.
This spamfilter rocks. I'd award it product of the year if I could.
Am I a hipster-doofus?
Didja notice the Apache feathers on the arrow in the new logo? Nice touch!
There was a good scientific test linked on slashdot a while ago, comparing spamfilters and including DSPAM and SpamAssassin.
Contrary to DSPAM author's claims, both it and and CRM-114 (another package which likes to self-hype) performed quite a bit worse than SpamAssassin.
Then again, I've heard people being happy with DSPAM that were not happy with SA.
Guess it depends on the mailfeed you get.
What I would like to know, how does SA scale? About a year ago a talked to my ISP about it and they said they could not use it as it did not scale well and could not handle big loads.
It would be nice if it could be implemented now as I personally receive about 1000 spam messages a week.
- In Memoriam: Jeroen de Bruin (1972-2004), bye bro
Well, I'm using spamassassin on my server (and have been for the past 2 years). Unfiltered, I get around 200 spam per day. 1 or 2 get through.
It's been that way since the day I installed it. and it doesn't appear that the spammers are using any substantially "smarter methods"
Maybe it really is easier to write a filter than it is to write filter-proof spam.
I would hope that it would use IPs also. Our site is currently receiving mortgage spam that slips past our current amavisd-new + spamassasin setup, as well as client-side Apple Mail.app baysean filtering. But one thing is consistent between all of em -- the hostnames in the single link within each of the mails resolve to the same IP address.
So, would either SA 3.0 take care of this naturally, or allow me to easily write a plugin to resolve the addresses in links and apply my own IP address based blacklist?
[...] and doesn't hog my server's resources anymore.
Got any numbers on memory use? I would love to run SA on my home server, but it has "only" got 80MB of RAM. I tried running 2.x, but it seriously brought the system to its knees (swapping)
I must say, Python might be a nice language and all, but as it's making inroads everywhere it's also wrecking havoc on ones ability to convert older hardware into a competent server. YMMV (mailman + bittorrent + (apache + exim + samba) and you're pretty much down to the last few megabytes )
Belief is the currency of delusion.
Am I the only one that loved those cheesy little plastic ninja dudes in the old logo?
In fact, I thought their logo contest rules suggested that they would prefer the new one to contain those guys still, in some way or another.
I suppose this will driver spam-advertizers to obviscate their URLs in the spam mails. Eg use javaScript to build the URL so the real URL can't be detected -- like we do with our mail addresses on webpages so they won't be harvested by spammers!
Email was designed to trust everyone, making it hard to reject email from people you don't want it from. We must get everyone to move to a better architecture which can force sender authentication if desired by the receiver. My own personal preference would be to have the sending MTA sign outgoing mails with a public key. Any scheme be much easier than getting 100% of governments to outlaw spam, which is what is needed to be effective. Legislation is not the answer to a technical problem.
Do you already use an RBL on the server and is it not catching this IP? Have you tried reporting the IP to spamcop?
One of the problems with using IPs is the massive amount of Virtual Hosting being used. Say I'm a 1&1 customer, and there are 400 other domains going to the same IP as one of my domains, and I send you an email with a link to something on my site, but one spammer has managed to get an account with 1&1 for now. If they're on the same box as me, you just blacklisted 399 other domains that shouldn't have been blacklisted.
And the muscular cyborg German dudes dance with sexy French Canadians
SpamAssassin 2.x with well trained (>1 year of spam @ 100+ spams/day) Bayes:
~5% false negative (~95% spam filtering accuracy, 1 in 20 spams let through).
DSPAM with large training corpus (~10k spams from a honeypot) plus 6 weeks of real mail at same spam rate:
0.45% false negative (99.55% spam filtering accuracy, 1 in 222 spams let through).
I now publicise an inoculation honeypot address: yumyum@easyweb.co.uk for spammers to harvest, which adds super-strength training.
I'm very happy with my move to DSPAM.
Further, I don't believe heuristic filtering works any more, particularly if you're using published heuristics/shared rules. Spammers adapt too quickly, and test their spam against known rulebases. The solution is I believe to go entirely statistical, allowing each user to have their own definition of spam that is untestable by spammers.
(Incidentally, ever seen the SpamAssassin header forgery spam now being used?
The only thing you can accurately describe as "Scotch" is a sticky tape made by 3M. And it's
Any word of a .deb for this? I am so tired of v2.64.
Extreme spamfighters don't care though. You're guilty by association in their eyes and deserve to feel the same wrath that the spammers do. It's so that you'll bitch to your provider and in turn your provider will shut down the spam site because all their other customers are complaining vs. some random guys on the Internet complaining they're receiving that URL in spam.
I recently read an excellent book on SpamAssassin by Alan Schwartz, published by O'Reilly and Associates, Inc. My views might be biased since he's my first cousin, but if you're a mail server admin, it's probably a must-have. I don't think it covers desktop usage as well, but then again, Evolution's getting that integrated anyways.
The sections on rules are extremely nice, and I found them pretty informative as to how the software works underneath. It covers version 3, too, so it's damned timely.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
Earthlink Spaminator(TM)
Seems like they're kind of wasting a name that would work pretty well in the market.
This may seem a tid bit lazy but... ... something that would install and configure postfix, spam assassin, etc to receive mail and forward it to another server after filtering it.
It seems like there are linux distributions for just about anything you might want: routers, pvrs, etc. Are there any linux distributions designed to be a mail anti-spam/anti-virus (or just anti=spam) gateway?
The reason I think this would be cool is because configuring mail apps on linux can be hard and because this would be a great linux foot-in-the-door distribution for Exchange admins who didn't want to pay thousands of dollars for antispam gateways.
I've been using a form of SURD for over a year.
o rs .net%2F&safe=vss
It works good, but they are already defeating this by using things such as RD.YAHOO.COM which redirects to their spam site. This defeats the SURD I use.
Granted, RD.Yahoo is secure now, but there are many others.
Once folks really start using SURD, how hard will it be for the spammers to link to:
http://64.233.167.104/search?q=cache%3Agetvisit
Which is a Google copy of a spam site.
I've been using the 2.63 version of Spamassassin for a few months now, and it's surprising how well it works, especially when you use the "spam/ham" folder saving feedback system. I've noticed a lot fewer miscategorizations, which gives me a better feeling about using the app site-wide (I'm just using it for three users right now). I'm really excited about the potential for a major release like this having significant and noticable improvements in key features like heuristics and integration. The logic improvements will help end-users feel better about setting things up a certain way, then forgetting about it. Integration (it's great that it's under the Apache S.F. umbrella now) means that more people will get behind supporting it, which follows with increased feature richness, improved algorythms and rapid filter development. In the end, though, myself and my users just love seeing the spam marked out in an increasingly accurate way...so it becomes second-nature to just rapidly press the delete key without much thought....
Someone in the place I used to work at had an e-mail of someone else which had a signature which scrolled in from the right of the page and flashed and stuff and from there in around 2 months more than 90% of everyone else in the office had the same thing. I believe this relied on Javascript and Outlook was more than happy to comply.
And so what happens if I decide to send out spam that links to URL http://www.dina.kvl.dk? It looks up the IP address, and blocks it. Then everything that you ever send will be blacklisted. Go get a new host.
Your suggested technique would be exploited by script kiddies everywhere (who already have access to large zombie networks) to basically ban someone from the internet. What a fantastic idea.
I submitted this story last night, and it didn't get posted.
SpamAssassin, when properly configured, has spectacular spam detection accuracy. For your account or for a small domain, you should be able to see SA yield "near perfect" filtering (i.e., probably as good as a human could pull off).
That's the point at which we become interested in SpamAssassin users joining WPBL, an automated spam reporting system. Powered by scripts living in procmail and cron, participating systems send WPBL lists of IP addresses sending spam and ham. The central server crunches this data hourly to produce a list [rsync://rsync.pc9.org/wpbl/wpbl-blocks.cidr] of blocked IP addresses that are spam sources.
If your site uses SA and you have verified your spam detection accuracy as nearly-perfect, you might be interested in contributing your spam/ham sighting stats to WPBL. The resulting block list can be used by anyone (and is used by some ISPs for spam scoring). The way I think of it is, after you've taken care of the spam problem at your site why not help tell the rest of the world where spam is coming from.
May fvorite was a Washington DC news company that had implemented extreme spamfighting measures. Since our outgoing mail server doesn't receive incoming mail, its not in the MX records. This guy was bouncing our mail because of that. God hopes that the next Deep throught doesn't try to contact his news organization...
You are in a maze of twisted little posts, all alike.
I think the point you're missing is that these instructions are very complete and fills in every step of the process. Far different from doubleclicking a big fat executable and watching the pretty progress bar.
I for one prefer this kind of install when loading up geeky type things like this. You learn more about your machine and the application, what its doing, and where it is in case you want to modify or otherwise play with it. And really, how can you NOT want to konw this? Your computer is a tool. The more you konw about it the more powerful it becomes.
If you don't want to do all of that, then suffer with what is probably an inferior product. Not all freeware is entirely "free".
On the flip side: when I'm installing games, I'm more than happy to just sit back, drink my beer, and watch the pretty little installation graphics twirl and dance for me. I just wanna get to the killin'.
s'wut i sed.
And ... dont forget this ... http://wiki.apache.org/spamassassin/SaProxy
...
...
...
...
or how to have a pop3 proxy integrated with SA just in case you are a poor windoze like me and your mails are in the ISP server
Description is mine. I did myself have to learn some perl just to be able to install saproxy
But it works so nicely
There is even a perl -> exe thingy that works marvelous, so perl installation can be skipped!
Should there be any perl monk wishing to help