[H-GEN] On SpamAssassin and email

Robert Brockway robert at timetraveller.org
Fri Nov 22 04:26:27 EST 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

As many will probably know I've been using SA (SpamAssassin) for quite
some time and overall I'm pleased with the tool (Greg Black's
figures on spam hits, misses and processing speed agreed with my
experiences).

It concerns me that as spam changes over time (which it does) it is
necessary to periodically upgrade SA.

I've been looking around at a few alternatives to trial.  There are some
creative solutions out there...

* Bogofilter (http://bogofilter.sourceforge.net)

This is a Baynesian filter - previously discussed on this list.

It rates all incoming spam vs a source of known spam & a source of known
clean email.  This necessitates having a source of each to use to teach
bogofilter what spam is.  I call this the ramjet effect[1].  SA will
happily provide you with a pretty good source of spam if left running for
long enough.

Allow Bogofilter to feed new spam back into the spam folder and you can
keep up with spam as it changes over time.

Apparently SA will act as a Baynesian filter in a future release.

* TMDA (http://www.tmda.net)

I only found this today.  The idea of making users authenticate to end up
on my white list doesn't sit well with me.

* Home Grown

It occured to me while reading about TMDA that most spam would be stopped
dead in its tracks just by accepting mail only from people already in your
address book[2] or another home grown whitelist.  I wondered why this had
never occured to me before.

I went on to consider that a site wide "whitelist" could be interesting.
This would be useful in a situation where users sometimes receive mail
from the same people.  A company exchanging email with business partners
might qualify.  Indeed, my wife and I often receive mail from the same
friends.  If anyone could add to the whitelist then the users would need
to trust each other.  I could envison a sitewide whitelist with the
following characteristics:

	- users can add to but not read
	- sysadmins can read & delete from
	- MTAs (such as sendmail & qmail) can access
          for purposes of mail delivery.

The whitelist would consist of valid email address only - no wild cards
would be allowed.

A sitewide whitelist might lessen the impact of the authentication emails
TMDA seems to want to send.

Mailing list addresses would need to be whitelisted of course.

I'm not sure if this would be amazingly useful but it seemed like an
interesting idea.

In all of the above cases (_especially_ the last one) I would filter
suspected spam into a folder for periodic review rather than dropping it
in /dev/null.  Right now I review my spam folder every week or two.  Only
takes a minute.

Overall, I'm tending towards giving Bogofilter a go and will shortly
install it and see how it compares to my old stand by SA.

[1] A ramjet is a theoretical space craft design that will take in charged
particles to provide thrust to the craft.  Problem is you need to be
moving at speed before the ramjet is useful.  Hence a ramjet would need to
be kick started by chemical engines.  See also scramjet if you want to do
this in an atmosphere.

[2] One problem here is that they may write the envelope so the mail
appears to come from you or at least from your domain.

Cheers,
	-Rob

-- Robert Brockway B.Sc. email: robert at timetraveller.org  ICQ: 104781119
   Linux counter project ID #16440 (http://counter.li.org)
   "The earth is but one country and mankind its citizens" -Baha'u'llah


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list