Loading ...
Sorry, an error occurred while loading the content.
 

Re: Another SPAM doubt

Expand Messages
  • Chris St. Pierre
    We use Sophos PureMessage (not free), currently with Sun s JMS. We ll be moving to Postfix this summer, and taking PureMessage with us, as it integrates with
    Message 1 of 19 , Dec 1, 2005
      We use Sophos PureMessage (not free), currently with Sun's JMS. We'll
      be moving to Postfix this summer, and taking PureMessage with us, as
      it integrates with Postfix. PureMessage is a joy to administer -- it
      includes both an easy web interface and a powerful CLI, very un*x-like
      behavior (i.e., well-documented, plain-text config files), and it's
      written mostly in Perl -- a plus for us, as we're pretty proficient in
      Perl here.

      The downside is cost, which is not inconsiderable. However, we looked
      at SpamAssassin and then at PureMessage and the decision was pretty
      easy.

      Chris St. Pierre
      Unix Systems Administrator
      Nebraska Wesleyan University

      On Thu, 1 Dec 2005, Kelly Sauke wrote:

      >Michael Katz wrote:
      >
      >> SA/Amavis is clearly the most widely deployed solution on this mailing
      >> list, but there is another world that exists outside of the mailing
      >> list and there are many options that integrate with Postfix that are
      >> more accurate, require less administration and will perform better.
      >
      >
      >How about some examples of these other options?
      >
    • Sergio Ferreira
      Hi Mouss, ... I was thinking about to use Spamassassin. It worth or just is the mostly used? ... This one I doesn´t heard about It, but when I see problems
      Message 2 of 19 , Dec 1, 2005
        Hi Mouss,

        >>>>>> I still setting SPAM stuffs at my setup, now I have one
        >>>>>doubt about
        >>>>>> some third parts tools. I have known about integration
        >>>>>of Postfix and
        >>>>>> Clamav, Spamassassim too, instead of Postfix + Clamav +
        >>>>>Amavis + Spamassassin.
        >>>>>> Anyone had experienced boths cases for help me with the
        >>>>>advantages and
        >>>>>> the disadvantages between them?
        >>>>>> Without Amavis my server will be trustworth too? My
        >>>>>question is about
        >>>>>> should I use Amavis or not? Some people says It is more
        >>>>>easy to manage
        >>>>>> these things with Amavis, It is true?
        >>>>>>
        >>>>>> Any conserning will be very wellcome to make things more clear.
        >>>>>>
        >>>>>>
        >>>>>>
        >>>>>>
        >>>>>
        >>>>>The first question is which filtering engine you want to
        >>>>>use. some choices:
        >>>>>
        >>>>>- spamassassin. widely used. resource intensive. maintenance burden

        I was thinking about to use Spamassassin. It worth or just is the mostly
        used?




        >>>>>- dspam. bayesian (with some variants). doc is not very clear.

        This one I doesn´t heard about It, but when I see problems with
        documentation then I´d rather not even try. :-/



        >>>>>- crm114, bogofilter, ....

        Bogofilter... I read a little bit about, but I wasn´t able to choose for It.
        It´s similar to spamassassin? It is easy to setup and manage?

        >>>>>
        >>>>>so there are a lot of choices. some people daisy chain
        >>>>>multiple engines.

        Unless It is very recommended, I prefer only one engine. I belive It is easy
        to fix problems and administering :-)



        >>>>>
        >>>>>
        >>>>>amavisd-new:
        >>>>>- good interface to spamassassin. no more fork per mail +
        >>>>>works in gateway mode (so can filter relayed mail if you want)
        >>>>>- can block bad attachments
        >>>>>- compatible with many anti-virus solutions
        >>>>>- support for policies ("policy banks")

        It is well documented and easy to setup? I intending to adopt It.

        Bye,

        Sergio
      • Sergio Ferreira
        Hi, Chris, ... I read about It too, seems to be a good one really. But, the Boss wants 100% free software solution. Therefore, if I propose It He gonna starts
        Message 3 of 19 , Dec 1, 2005
          Hi, Chris,

          >>>>>-----Original Message-----
          >>>>>From: owner-postfix-users@...
          >>>>>[mailto:owner-postfix-users@...] On Behalf Of
          >>>>>Chris St. Pierre
          >>>>>Sent: Thursday, December 01, 2005 2:47 PM
          >>>>>To: Kelly Sauke
          >>>>>Cc: postfix-users@...
          >>>>>Subject: Re: Another SPAM doubt
          >>>>>
          >>>>>We use Sophos PureMessage (not free), currently with Sun's
          >>>>>JMS. We'll be moving to Postfix this summer, and taking
          >>>>>PureMessage with us, as it integrates with Postfix.
          >>>>>PureMessage is a joy to administer -- it includes both an
          >>>>>easy web interface and a powerful CLI, very un*x-like
          >>>>>behavior (i.e., well-documented, plain-text config files),
          >>>>>and it's written mostly in Perl -- a plus for us, as we're
          >>>>>pretty proficient in Perl here.
          >>>>>
          >>>>>The downside is cost, which is not inconsiderable.
          >>>>>However, we looked at SpamAssassin and then at PureMessage
          >>>>>and the decision was pretty easy.
          >>>>>
          >>>>>Chris St. Pierre
          >>>>>Unix Systems Administrator
          >>>>>Nebraska Wesleyan University
          >>>>>

          I read about It too, seems to be a good one really. But, the Boss wants 100%
          free software solution. Therefore, if I propose It He gonna starts to kill
          me very slowly. :-)



          >>>>>On Thu, 1 Dec 2005, Kelly Sauke wrote:
          >>>>>
          >>>>>>Michael Katz wrote:
          >>>>>>
          >>>>>>> SA/Amavis is clearly the most widely deployed solution on this
          >>>>>>> mailing list, but there is another world that exists
          >>>>>outside of the
          >>>>>>> mailing list and there are many options that integrate
          >>>>>with Postfix
          >>>>>>> that are more accurate, require less administration and
          >>>>>will perform better.
          >>>>>>
          >>>>>>
          >>>>>>How about some examples of these other options?
          >>>>>>

          Thanks,

          Sergio
        • Jure Pečar
          On Thu, 01 Dec 2005 09:11:10 -0600 ... I m currently playing with dspam, which can now in version 3.6 communicate with clamAV too. It s a bit of a black magic
          Message 4 of 19 , Dec 1, 2005
            On Thu, 01 Dec 2005 09:11:10 -0600
            Kelly Sauke <ksauke@...> wrote:

            > How about some examples of these other options?

            I'm currently playing with dspam, which can now in version 3.6 communicate
            with clamAV too. It's a bit of a black magic and undeterministic
            (statistics and all that ...), but can get very reliable for users'
            specific mail patterns. Also 10x faster than Amavis/SA and once configured,
            requires almost no administration.


            --

            Jure Pečar
            http://jure.pecar.org/
          • Covington, Chris
            ... I d like to weigh in here. We used SpamAssassin/amavisd-new for about 2 or 3 years and the results were acceptable, the setup was fairly straightforward
            Message 5 of 19 , Dec 1, 2005
              On Thu, Dec 01, 2005 at 10:45:54AM -0200, Sergio Ferreira wrote:
              > Hi List,
              >
              > I still setting SPAM stuffs at my setup, now I have one doubt about some
              > third parts tools. I have known about integration of Postfix and Clamav,
              > Spamassassim too, instead of Postfix + Clamav + Amavis + Spamassassin.
              > Anyone had experienced boths cases for help me with the advantages and the
              > disadvantages between them?
              > Without Amavis my server will be trustworth too? My question is about should
              > I use Amavis or not? Some people says It is more easy to manage these things
              > with Amavis, It is true?
              >
              > Any conserning will be very wellcome to make things more clear.

              I'd like to weigh in here. We used SpamAssassin/amavisd-new for about 2
              or 3 years and the results were acceptable, the setup was fairly
              straightforward and the overhead was low. It's a good beginner's setup
              that will take care of 90-95% of your spam problems. The problem with SA
              (and most commercial products, but I digress) is primarily that it's a
              one-size-fits-all solution, and secondarily: it assumes English as the
              primary language of all spam, it has a lot network test latency, it
              primarily adapts through new versions containing new rulesets, etc.
              (For instance, with our population medicine, nutrition & health
              enhancement are integral parts of every day business, not spam!)
              Network tests help SA a little in this regard, but in many ways it's a
              static system that waits for the next release to be more effective, and
              its efficacy drops over time until the next version, etc.

              In the last few months we've preserved amavisd-new to do virus scanning /
              attachment blocking, removed SpamAssassin, and we've added DSPAM which
              does the anti-spam. DSPAM is fairly difficult to setup and understand
              (the documentation is sparse) but it's very effective and adaptive.
              DSPAM is also more of a resource hog: we have a 400MB or so global MySQL
              database compared to SA's small-footprint client installation. This
              database contains 30,000 or so messages in the spam corpus and 40,000
              or so in the ham corpus. The message scanning times are faster, but
              the resources required are much higher. With all that said, it's an
              excellent solution. It's highly accurate (we're at 98.87% right now,
              this constantly gets better): The database is specially-tailored to
              our users' email patterns, and our users continually update it themselves
              by forwarding false positives and negatives to training addresses.
              So if you have the patience, skills and hardware required to use
              DSPAM, go for it!

              ---
              Chris Covington
              IT
              Plus One Health Management
              75 Maiden Lane Suite 801
              NY, NY 10038
              646-312-6269
              http://www.plusoneactive.com

              !DSPAM:1,438f6162289285153766755!
            • Jorey Bump
              ... Maybe I m missing something, but a system that requires users to continue to handle spam (if not actually read it) *and* to learn another interface to
              Message 6 of 19 , Dec 1, 2005
                Covington, Chris wrote:

                > this constantly gets better): The database is specially-tailored to
                > our users' email patterns, and our users continually update it themselves
                > by forwarding false positives and negatives to training addresses.
                > So if you have the patience, skills and hardware required to use
                > DSPAM, go for it!

                Maybe I'm missing something, but a system that requires users to
                continue to handle spam (if not actually read it) *and* to learn another
                interface to train the application seems like little more than a mail
                sorting program to me.

                I want to reject spam immediately, during the SMTP conversation. I'm
                doing that now on a low-volume site, running SA in a before-queue
                content filter using spampd. While it may be possible to do the same
                with dspam, SA bootstraps its bayesian filter with a multitude of rules,
                so no user intervention is required. For the little bit of spam that
                gets through, I can run sa-learn, or, even better, add a local rule that
                will improve the bayesian filter after a few rejections.
              • Covington, Chris
                ... You don t have to use DSPAM s quarantine interface. We use Exchange s Junk E-mail folder which is built-in: X-DSPAM-Result: Spam will move a message to
                Message 7 of 19 , Dec 1, 2005
                  On Thu, Dec 01, 2005 at 04:07:04PM -0500, Jorey Bump wrote:
                  > Covington, Chris wrote:
                  >
                  > >this constantly gets better): The database is specially-tailored to
                  > >our users' email patterns, and our users continually update it themselves
                  > >by forwarding false positives and negatives to training addresses.
                  > >So if you have the patience, skills and hardware required to use
                  > >DSPAM, go for it!
                  >
                  > Maybe I'm missing something, but a system that requires users to
                  > continue to handle spam (if not actually read it) *and* to learn another
                  > interface to train the application seems like little more than a mail
                  > sorting program to me.

                  You don't have to use DSPAM's quarantine interface. We use Exchange's
                  "Junk E-mail" folder which is built-in: X-DSPAM-Result: Spam will move
                  a message to this folder (and all X-DSPAM* headers are removed before
                  they hit the DSPAM servers so this can't be spoofed). The "Junk E-mail"
                  folder's contents are automatically expired after 30 days. This
                  requires Exchange event sinks, BTW. Users need to forward mistakes
                  to training addresses.

                  > I want to reject spam immediately, during the SMTP conversation. I'm
                  > doing that now on a low-volume site, running SA in a before-queue
                  > content filter using spampd. While it may be possible to do the same
                  > with dspam, SA bootstraps its bayesian filter with a multitude of rules,
                  > so no user intervention is required. For the little bit of spam that
                  > gets through, I can run sa-learn, or, even better, add a local rule that
                  > will improve the bayesian filter after a few rejections.

                  That might work for a smaller site, but it doesn't scale well and it
                  places the administrative burden on you.

                  ---
                  Chris Covington
                  IT
                  Plus One Health Management
                  75 Maiden Lane Suite 801
                  NY, NY 10038
                  646-312-6269
                  http://www.plusoneactive.com

                  !DSPAM:1,438f69b3289288246520239!
                • Robert Felber
                  ... Out of curiousity, how does dspam handle multirecipient mail? ...
                  Message 8 of 19 , Dec 1, 2005
                    On Thu, Dec 01, 2005 at 04:07:04PM -0500, Jorey Bump wrote:
                    > now on a low-volume site, running SA in a before-queue content filter using
                    > spampd.

                    Out of curiousity, how does dspam handle multirecipient mail?

                    > RCPT TO:<foo@...>
                    > RCPT TO:<foo2@...>
                    < OK
                    > DATA
                    < OK
                    > headers:
                    >
                    > body
                    > .
                    < 4xx|5xx

                    What, if foo2 doesn't want to use dspam? In that case, he would lose the mail
                    still. Or am I wrong?


                    --
                    Robert Felber (PGP: 896CF30B)
                    Munich, Germany
                  • Jorey Bump
                    ... I don t know about dspam, I m using SpamAssassin *globally* in a before-queue content filter. Yes, it rejects the entire message for all recipients, but
                    Message 9 of 19 , Dec 1, 2005
                      Robert Felber wrote:
                      > On Thu, Dec 01, 2005 at 04:07:04PM -0500, Jorey Bump wrote:
                      >
                      >>now on a low-volume site, running SA in a before-queue content filter using
                      >>spampd.
                      >
                      >
                      > Out of curiousity, how does dspam handle multirecipient mail?
                      >
                      >
                      >>RCPT TO:<foo@...>
                      >>RCPT TO:<foo2@...>
                      >
                      > < OK
                      >
                      >>DATA
                      >
                      > < OK
                      >
                      >>headers:
                      >>
                      >>body
                      >>.
                      >
                      > < 4xx|5xx
                      >
                      > What, if foo2 doesn't want to use dspam? In that case, he would lose the mail
                      > still. Or am I wrong?

                      I don't know about dspam, I'm using SpamAssassin *globally* in a
                      before-queue content filter. Yes, it rejects the entire message for all
                      recipients, but that's the point. My users don't even know their mail is
                      being filtered (and will complain about getting as many as 5-10 spam
                      messages in a week!). I use a lot of different spam-fighting techniques,
                      but *all* of them are apparent to the sender (rejections, no
                      backscatter), so I will hear about any problems that occur (rare, but it
                      does happen).

                      I used to quarantine everything, inspect it, then pass on the ham, but
                      that was a *true* administrative nightmare. This approach adds
                      complexity to configuration, and lets me enjoy my vacations a little
                      more. :)

                      Don't overlook Chris' point about scalability, which cuts both ways. I'm
                      not an ISP, and support most of my clients down to their desktops, so
                      eliminating spam and viruses can save me support calls down the line.
                      But in a large general purpose population, per-user spam categorization
                      may be mandatory.
                    • Covington, Chris
                      ... One correction - we are not using per-user databases. It s a single per-company database that people can train on mistakes. ... Chris Covington IT Plus
                      Message 10 of 19 , Dec 2, 2005
                        On Thu, Dec 01, 2005 at 05:46:38PM -0500, Jorey Bump wrote:
                        > Don't overlook Chris' point about scalability, which cuts both ways. I'm
                        > not an ISP, and support most of my clients down to their desktops, so
                        > eliminating spam and viruses can save me support calls down the line.
                        > But in a large general purpose population, per-user spam categorization
                        > may be mandatory.

                        One correction - we are not using per-user databases. It's a single
                        per-company database that people can train on mistakes.

                        ---
                        Chris Covington
                        IT
                        Plus One Health Management
                        75 Maiden Lane Suite 801
                        NY, NY 10038
                        646-312-6269
                        http://www.plusoneactive.com
                      • Covington, Chris
                        ... No, DSPAM can be used as an LMTP content-filter, which supports per-user opt-in or opt-out enrollment. If foo@bar.com is opted-in, then that message will
                        Message 11 of 19 , Dec 2, 2005
                          On Thu, Dec 01, 2005 at 11:11:06PM +0100, Robert Felber wrote:
                          > On Thu, Dec 01, 2005 at 04:07:04PM -0500, Jorey Bump wrote:
                          > > now on a low-volume site, running SA in a before-queue content filter using
                          > > spampd.
                          >
                          > Out of curiousity, how does dspam handle multirecipient mail?
                          >
                          > > RCPT TO:<foo@...>
                          > > RCPT TO:<foo2@...>
                          > < OK
                          > > DATA
                          > < OK
                          > > headers:
                          > >
                          > > body
                          > > .
                          > < 4xx|5xx
                          >
                          > What, if foo2 doesn't want to use dspam? In that case, he would lose the mail
                          > still. Or am I wrong?

                          No, DSPAM can be used as an LMTP content-filter, which supports per-user
                          opt-in or opt-out enrollment. If foo@... is opted-in, then that
                          message will be quarantined for him and sent to foo2@.... Or it can
                          be just tagged for foo@... and not for foo2@.... DSPAM is very
                          flexible in how you use it.

                          ---
                          Chris Covington
                          IT
                          Plus One Health Management
                          75 Maiden Lane Suite 801
                          NY, NY 10038
                          646-312-6269
                          http://www.plusoneactive.com
                        Your message has been successfully submitted and would be delivered to recipients shortly.