I’ve been running Spamassassin and Postgrey on my mail server for the past few months. It was only since the server was upgraded that I had enough juice to run the very intensive SA processes (even using spamd), but still on occasion the server would grind to a stop when a particularly nasty Rumpelstiltskin attack was underway.
So, last week I met Mark for a coffee and he showed me his Nokia N90 (or N80, I can’t remember) and the gmail app that was installed on it. He collects his gmail email on his phone, after it’s filtered for spam, and what with the cost of GPRS data, that’s quite a saving. I don’t intend reading my email on my phone (I hate my W810i anyway), but he did give me the idea of sending my email through Google and then popping it off into Thunderbird!
Now, I have a simple .forward to send on my email. I was able to shut down Postgrey and Spamassassin and email is delivered quickly and with few false positives or spams getting through. When I think of it, I can use the web interface to check what’s due to come down the line. You also get the added bonus of encrypted pop3 data, useful when you’re at a conference or simply on public wifi.
I’m sure everyone else has been doing this for ages and ages but hopefully this will inspire at least one person to follow suit and rid themselves of spam once and for all!
It has been a long time since I used and configured Sendmail, and I don’t miss it one bit now that Postfix is on the scene, but the amount of spam I receive does bother me. My Junk folder had reached 160MB, mostly due to some idiots sending huge spam attachments, but also because spam still works and a majority of the email circulating is spam and not legitimate.
Spamassassin is how we fight back. Unfortunately it needs a reasonably powerful server, gobs of memory and CPU when there’s a lot of incoming email and time to configure. Using spamd/spamc makes things easier on your server but it’s still a hefty price to pay for being spam free.
Here are a few pages I found useful this morning when getting things up and running on my Ubuntu server:
I also recommend running Postgrey to stop some junk mail before it gets into your system at all.
Now, if only there was a Spamassassin for the junk mail and clothes collection leaflets we get to the front door. How’s about a Defense Tower that would fire pellets when it noticed someone with leaflets calling to the door?
Edit: Justin talks about one of Spamassassin’s honeypot traps and about goings on at Blacklist.ie
Every Monday morning it’s the same. There’s a pile of spam and it numbers in the hundreds of emails. Thankfully almost all of it was caught by SpamAssassin.
So, for those of you interested:
- Regular email: 1.3MB
- Spam email: 4.2MB
- Total spam: 507 emails.
- Spam that auto-trained: 400.
- Spam to my inbox: 3
Gives one a good feeling when you’re winning the battle on a daily basis. The war is another matter unfortunately.
Since upgrading to Spamassassin 2.60 yesterday I’ve noticed a (small) increase in false positives. There were only 4 out of 132 spams caught overnight, but almost all were from dsl or dynamic IP addresses. The default score for this test is 2.5, but if you add the following to /etc/mail/spamassassin/local.cf you can change the score:
score RCVD_IN_DYNABLOCK 0 1 0 1
That’ll give it a ‘1’ instead of 2.5 which is probably more reasonable. (Ironically, most of the emails caught were from “Karsten M. Self”, a critic of TMDA, who posts directly from his dial-up machine!)
Just noticed the Spam Assassin auto learn rules. Look up
perldoc Mail::SpamAssassin::Conf and search for
auto_learn, auto_learn_threshold_nonspam, auto_learn_threshold_spam.
I’ve changed the auto_spam threshold down, as 15 is probably a bit high considering the small number of false positives I usually get.
Version 2.55 of SA is out. The release notes are a bit terse, but the notes for 2.54 indicate this is a release worth installing. It adjusts some spam rules spammers were using to get past SA!
spammers have been targeting our nice rules to get themselves negative overall scores, so those rules are now much less strongly-scored. also added a “TOO_MANY_MUA” rule that will catch multiple user agent headers.
Go download it now!
Yet another release of SpamAssassin is out. Spam is definetly getting harder to track. I got one this afternoon that simply asked me to click on a url. How can you defend against that? Maybe the tmda folks have a point..
Note to self, install this at work on Monday: SpamAssassin 2.51 (via Dangerous Meta)
Over the last few days a lot more spam has got through to my inbox, and it seems to be after I installed version 2.50 of SA. This could be because I was still training the Bayesian filters. I also blacklisted *@artist-server.com as they were very persistent in spamming me. That helped, and putting the threshold down to 4.5 caught 2-3 spams. Today was better. Perhaps the Bayesian filters are working now!
On another related matter, I configured Goldmine to filter out spam, but it’s unusable. Goldmine has to create a new identity for each new email address so it’s easier to delete the email “online” before it’s downloaded. (If you knew Goldmine you’d know what I mean, it sucks!)
The latest release of SpamAssassin has support for Bayesian analysis. You have to train it and it gets better.
The only problem is SpamAssassin uses a command line app, sa-learn, to learn about your mail. Who’ll volunteer to create a web-based form to copy and paste spam/legitimate mail to train it? Adding an “upload file” button would be great too to for those mass-mail learning situations when you come into work in the morning..
It should be easy enough, although you’ll have to use su-exec or something to add rules to different user’s accounts. So, who’s up for it then?
I love Spam Assassin too, it’s a great tool and catches 99.999% of the spam I’m sent!