Re: SpamAssassin

In article <erif9h$fqv$1@xxxxxxxxx>, helbig@xxxxxxxxxxxxxxxxxxxxxxxx (Phillip Helbig---remove CLOTHES to reply) writes:
Does anyone here have experience with SpamAssassin? Do you recommend
it?

Rather than refining anti-spam measures at my end, I am considering
having my dynamic-DNS provider scan incoming mail for spam. I can let
it all through, with spam tagged as such, or cause it to be dropped if
the spam-score exceeds a certain threshold (which I can set to whatever
I want).

What is the lowest threshold to make sure that all legitimate (i.e.
non-spam) email gets through, even at the cost of letting some spam
through? (I would assume that in this case most of the spam would still
be filtered out.)

Since noone else has responded I'll have a go.
Basically the answer is there is no such threshold.
No content scanning anti-spam product is 100% accurate. The best will only
claim 98% accuracy. Which at first sight sounds a lot but really means it gets
it wrong for 2 out of every 100 mail messages. Those mistakes will either be
false positives (mail which is mistakenly considered to be spam but isn't) or
false negatives (mail which is spam but is missed). The threshold just changes
the ratio of false positives to false negatives. The only way you can guarantee
that all legitimate mail gets through is to set the threshold to a ridiculously
high level in which case all mail (including spam) will get through.

(In fact 98% accuracy is probably an over estimate for lots of people since
certain types of mail (mail from mailing lists, newsletters etc) tends to look
very similar to spam. Hence it is usually best, if the product allows it, to
whitelist mail from such addresses so that the anti-spam product always allows
them through. Similarly it is a good idea to whitelist the addresses of all
those you regularly receive legitimate mail from. This whitelisting obviously
needs to be done on a per user (on your system) basis. )

I've never used Spamassassin and hence can't comment on it's usual threshold
levels. I do use PreciseMail Anti-Spam from process on my VMS systems which
uses very similar rules but with it's own scoring system.
With PMAS the default recommended values for thresholds are :-

Tagging as Spam : 3.000
Quarantining : 5.000
Discarding : 50.000

On my systems I just have tagging turned on and allow users to turn on
quarantining and discarding if they wish. Users can turn all three options or
any combination and can alter the threshold values from their defaults.
(quarantined mail is held on the central mailhubs and may be
viewed and released by the user through a GUI interface. If it isn't released
then it is automatically deleted after 14 days).
Even with a threshold of 50.000 we strongly recommend people not to turn on
Discarding since this leads to silent loss of messages which might still
occasionally include legitimate mail.

Quarantining or tagging is much to be preferred. Many mail clients can use the
tagging to move the mail into a spam folder so that the user only looks at it
occasionally to check for mistagged mail.


The main advantage for me is: if I choose to drop the spam, then I don't
have to have an ALPHA always have the cluster alias, but a VAX (with
TCPIP 5.3) would be OK. (A lot of spam is email to non-existent users.
These generate bounces which, because the sender is often faked, bounce
back. With 5.4, I can reject email to non-existent usernames (at least
if they are valid VMS usernames, which most of them are), but that runs
only on ALPHA.)


Unless your Dynamic-DNS provider has a list of all your valid email addresses
then no anti-spam product it runs can determine that a message is for a
non-existent account on your systems.

If these are hobbyist systems then I would consider getting PMAS (and probably
also PMDF) which are free to hobbyists from Process and run on both VAX and
Alpha (and now Itanium).



David Webb
Security team leader
CCSS
Middlesex University

.

Relevant Pages

  • Re: Junk Email Question
    ... Richard K> What would you set for Gateway threshold number and action as well as "Store Junk Email" threshold number? ... Thing is though, the good e-mail might pass the external solution, but NOT the Exchange filter thingy. ... set up your external filter solution to add a spam score or so to the subject line of each e-mail. ...
    (microsoft.public.windows.server.sbs)
  • Re: SpamAssassin
    ... Basically the answer is there is no such threshold. ... false negatives (mail which is spam but is missed). ... the ratio of false positives to false negatives. ... non-existent address in my domain) as the forged sender. ...
    (comp.os.vms)
  • Re: Spam with IMFv2 filter Exchange 2003
    ... With both thresholds set to nine you will filter little spam. ... the Store Threshold or raise the Gateway threshold. ... or my IMFv2 may not be configured correctly. ...
    (microsoft.public.exchange.admin)
  • Re: SpamAssassin
    ... Basically the answer is there is no such threshold. ... false negatives (mail which is spam but is missed). ... legitimate email was flagged as spam. ... non-existent address in my domain) as the forged sender. ...
    (comp.os.vms)
  • RE: MX logic vs edge transport server role
    ... crazy about it as an anti-spam device. ... a new wave of spam hits that makes you go right back to ... What do you think about MS edge transport server role? ... Of the outsourced services I've used, ...
    (microsoft.public.exchange.admin)