From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Kk48t-0003M1-6T for garchives@archives.gentoo.org; Sun, 28 Sep 2008 21:49:27 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 26498E0327; Sun, 28 Sep 2008 21:49:26 +0000 (UTC) Received: from powerman.name (powerman.name [85.90.198.1]) by pigeon.gentoo.org (Postfix) with ESMTP id 609FAE0327 for ; Sun, 28 Sep 2008 21:49:25 +0000 (UTC) Received: (qmail 15640 invoked by uid 1000); 28 Sep 2008 21:49:23 -0000 Date: Mon, 29 Sep 2008 00:49:23 +0300 From: Alex Efros To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] SPAM protection by requesting confirmation Message-ID: <20080928214923.GF11402@home.power> Mail-Followup-To: gentoo-server@lists.gentoo.org References: <000201c91cc6$e3ef8f80$9700000a@dbshzbmemjzd2d> <48D7B8F9.8090009@gentoo.org> <200809221953.59988.bangert@gentoo.org> <20080923192534.GF1757@home.power> <48D96385.2070305@vanalteren.nl> <20080924154050.GI28730@aldous> <20080928132122.GB11402@home.power> <1222630919.7403.24.camel@laptop> <20080928200213.GD11402@home.power> <1222636069.7403.41.camel@laptop> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1222636069.7403.41.camel@laptop> Organization: asdfGroup Inc., http://powerman.asdfGroup.com/ User-Agent: Mutt/1.5.16 (2007-06-09) X-Archives-Salt: ec47bd14-01ae-4746-9b40-83a23b3cc069 X-Archives-Hash: fa822b1c259a9e74effebaf1daeb266b Hi! On Sun, Sep 28, 2008 at 04:07:49PM -0500, Homer Parker wrote: > In my case it's a usable Inbox vs 2500-3000 spams a week clogging it > up.. Spamassassin isn't a fire and forget piece of software.. You need > to train bayes, keep rules updated, write rules, etc... I hear > bogofilter is decent as well, might look into it.. But there's no way I > could handle using email without filtering to a quarantine.. I don't really understand your point. :( I use own deliver tool http://powerman.name/soft/deliver.html to filter spam using hand-made perl regular expressions applied to any email headers and content using any logic expressions like: To(qr/powerman@/) and Cc(qr/powerman@.*powerman@/) (some time ago, after saying "fuck off" to some young spammer who registered in our IT social network and try to discuss "why sending spam is good for fun and profit" I start receiving stupid spam, with my email in To: field and twice again in Cc: field... I think his idea was to deliver 3 spam messages instead of 1 to my inbox, but it all was filtered with simple rule shown above) I carefully write and support these rules, and I'm sure they will never match normal email. So, matched emails are just dropped, without quarantine. This solved spam issue for me for years. But in last months I receive about 20-50 spam messages every day, and it isn't clear for me how to write regular expressions for that spam - every message is too different from each other and rules for filtering them have a chance to match normal mail. Probably it's because I've to public my email on several websites related to IT because I work as freelancer and should provide a way for new customers to contact me. And most spam I receive now trying to mask itself as IT-related message. Looks like greylisting will turn these 20-50 spam messages into 2-5 messages per day. This amount of spam is acceptable to have in inbox without any quarantine. So, if it isn't clean FOR ME how to filter that spam with regular expressions and full Perl power in my hands, then HOW can SpamAssassin do this? Sadly, but Bayes isn't a silver bullet and can't solve this too. IMHO, SpamAssassin and Bayes are good only for people, who choose between two bad things: either they will be unable to handle MOST of their mail because of huge amount of spam, or they will be unable to handle SOME mail (with low enough and acceptable for them probability) because it will be automatically killed as spam or lost in quarantine. Your tuning of spam weight/score which is acceptable for inbox, acceptable for quarantine and acceptable to kill immediately are just tuning of the chance you'll lose normal mail - you make it larger or smaller, but never 0%! Maybe if I will receive 3000 spam which I unable to filter with my custom rules per week, then I will install SpamAssassin and agree to have small chance to lose some mail from time to time... maybe... but I'm not sure and anyway will try to find another solution first (like greylisting). But now I can't agree with any chance to lose mail which is higher than 0%! -- WBR, Alex.