Re: (postfix) SPAM filter?

--On December 16, 2007 8:13:34 PM +0100 "Heiko Wundram (Beenic)" <wundram@xxxxxxxxxx> wrote:

Neither of the two packages I recommended are anything close to bayesian
filtering, as they don't actually take measure on the content of the
mail (which isn't available anyway when the corresponding rules are
effective in the Postfix restriction mechanism), but rather on the
conditions the mail is received under. This is what makes them (much
more) lightweight (than for example a full statistical or bayesian
filter) in the first place.

I've not had a single false positive which wasn't explained with
incorrect or plain invalid mailserver configuration on the sender side
so far with these two packages, and the possibility of a false negative
in our current environment is something close to 1%, at least according
to my mailbox (which gets publicized enough by posting to @freebsd.org
addresses).

I've been using policyd-weight for more than a year now, and I've had exactly one problem with it. It rejected legitimate mail because that particular ISP didn't have a clue about DNS. I tweaked the rules very slightly to cause a score for legitimate mail to fail just below the threshold for rejection, and I've not had a single false positive since.

Policyd-weight rejects between 50% and 80% of the incoming mail (it varies by the day) before the mail server ever even processes it. I also use spamassassin, and I have set it up so that borderline mail that's rejected gets copied to a folder (/var/spool/spam) so I can review it. Occasionally I have to recover an email from that folder because it was "falsely" labeled as spam. Usually it's someone using incredimail or a similar service that loads up an email with all sorts of extra junk.

Policyd-weight is the perfect complement to a tool like spamassassin. It gets rid of all the "obvious" spam (fake MXes, dailup "mail servers", servers listed in multiple RBLs, etc.) before spamassassin has to make a decision about it.

Paul Schmehl (pauls@xxxxxxxxxxxx)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: evolution spam filtering.
    ... > looks that it is possible to pipe messages through spamassassin. ... Spam tagging / filtering is more effective and quicker if done ... on the mail server and not client side. ...
    (Fedora)
  • Re: [fw-wiz] Botnets, IRC servers and firewalls?
    ... egress filtering is basically what is being discussed here, ... powers that be and the folks that admin the defensive devises that egress ... the other direction can be fraught with either total rejection of the ...
    (Firewall-Wizards)
  • Re: Let spamassassin fetch (Intermail)
    ... > filtering and SA will start working. ... >> I have gone through the mails looking alike. ... >> What is the scansetup for local.cf in spamassassin, ... > your spam emails from your spam emails emails from ...
    (alt.linux)
  • Re: SpamAssassian with FreeBSD and Big Mail Server
    ... how you use SpamAssassin currently. ... means, that filtering an e-mail takes a certain time, no matter how fast ... becuse there's too much disk io and they get very ... So have a look at your swap space. ...
    (freebsd-isp)
  • Re: Filtering mail based on header contents
    ... I know spamassassin can be configured to drop ... bounce a spam, then you should not drop spam email. ... or just send them all to a mailbox. ... The system we use has two tiers: mail enters the filtering server running ...
    (freebsd-questions)