| View previous topic :: View next topic |
| Author |
Message |
bisho
n00b
Joined: 02 May 2003
Posts: 69
Location: Madrid (Spain)
|
 Posted: Tue Sep 02, 2003 11:20 pm Post subject: |
 |
|
For a multiuser system the best one is DSPAM. It uses bayesian filter improved (not only analizes word statistics but sentences as well), each user has its own data, the data is cleaned with unused words to keep the databases clean, provides a reply to an address based training, etc.
For one person I use bogofilter, because its really fast and I have a bunch of mail & spam samples to teach the filter and get it working well fast.
Spamassasain could be a good option to start, to catch emails with the rules until the bayesian filter is trained. At first it would be slow, but at the end you could disable all the rules but bayesian when is trained enought.
_________________
-=[ bisho [=- |
|
| Back to top |
|
 |
Regor
Guru
Joined: 06 Aug 2002
Posts: 545
Location: 39° 2' 48" N, 120° 59' 2" W
|
| Posted: Wed Sep 03, 2003 5:59 am Post subject: |
|
|
| eyevee99 wrote: | I've just decided to install spambayes... How do I set it up to run when I log in? Does it have to run as root etc?
Wouldn't each user have to run their own version?
Cheers,
ryan |
How you run it depends on what your needs are. Personally, I invoke it via procmail since I'm already using it to parse mail into different inboxes.
There are examples for different situations on the Spambayes webpage, use them as a guide.
And although I imagine you could set it up to run system-wide with one spam database, it would be difficult to train since what one user might consider legitimate email might well look like spam to another so it's unlikely that one ruleset would fit all.
_________________
Sometimes the appropriate response to reality is to go insane.
-Philip K. Dick, Valis |
|
| Back to top |
|
|
neenee
Veteran
Joined: 20 Jul 2003
Posts: 1786
|
| Posted: Wed Sep 03, 2003 11:18 am Post subject: |
|
|
i run spamassassin in combination with razor,
which seems to ctach 100% over a persiod
of a week so far (30+ mails per day, about
10% is spam).
my only problem with it is, is that it takes
10+ seconds to verify one email. |
|
| Back to top |
|
|
gOA-pSY
n00b
Joined: 20 Jun 2003
Posts: 6
|
| Posted: Wed Sep 03, 2003 12:26 pm Post subject: problem with 30sec solved! |
|
|
| simply add "skip_rbl_checks 1" to your /etc/mail/spamassassin/local.cf and it only needs ~1sec for each mail! |
|
| Back to top |
|
|
neenee
Veteran
Joined: 20 Jul 2003
Posts: 1786
|
| Posted: Wed Sep 03, 2003 1:46 pm Post subject: |
|
|
thank you for the suggestion 
(i will first check what that setting
does though).
*update*
ok. that skips the real time black-
list. |
|
| Back to top |
|
|
pfft
n00b
Joined: 04 Sep 2003
Posts: 22
Location: nowhere
|
| Posted: Thu Sep 04, 2003 12:38 am Post subject: rblsmtpd |
|
|
/var/qmail/supervise/qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec /usr/bin/softlimit -m 8000000 \
/usr/bin/tcpserver -v -p -R -x /etc/tcp.smtp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp \
/usr/bin/rblsmtpd -b -r relays.ordb.org \
-r dev.null.dk \
-r dnsbl.njabl.org \
-r qmail.bondedsender.org \
-r cbl.abuseat.org \
-r dnsbl.delink.net \
-r blackholes.easynet.nl \
-r dnsbl.sorbs.net \
-r bl.technovision.dk \
-r vox.schpider.com \
/var/qmail/bin/qmail-smtpd \
/bin/checkpasword /bin/true 2>&1
;=) |
|
| Back to top |
|
|
Mirrorball
Apprentice
Joined: 25 Apr 2003
Posts: 235
Location: Brazil
|
| Posted: Mon Oct 27, 2003 8:31 pm Post subject: |
|
|
| I used to use spamassassin but the program wasn't able to detect some spam I was receiving a lot of lately, about viagra and other drugs, because the spammers were using bad HTML and wrong spelling to avoid detection. I now use POPFile and it's doing a very good job. It's the program I recommend at the moment. |
|
| Back to top |
|
|
nsahoo
l33t
Joined: 17 Jul 2003
Posts: 618
|
| Posted: Mon Dec 01, 2003 6:00 am Post subject: |
|
|
| what's wrong with using thunderbird or mozilla-mail instead? it has a bayesian filter. |
|
| Back to top |
|
|
Chris W
l33t
Joined: 25 Jun 2002
Posts: 972
Location: Brisbane, Australia
|
| Posted: Mon Dec 01, 2003 10:48 am Post subject: |
|
|
Just for those wondering why SpamAssassin (SA) misses quite a few. After install SA uses only the rules to determine spam-ness. The Bayesian filter in SA doesn't kick in until it has seen enough spam. It trains itself based on the spammiest stuff it sees (based only on the rules) and deliberately avoids anything that could be a false positive (i.e. low scoring spam). You can accelerate the process by using the sa-learn utility on stuff you deliberately categorise as spam or ham. Once the Bayesian stuff kicks in the false negatives largely dry up. I get one or two false negatives, and no false positives, from every week (approx 200 spams).
Looking at my logs for today: the longest spam processing took 11 seconds, with all the others (50 odd) under 4 seconds. This runs on a Pentium II 300MHz with all thr RBL and other checks.
KMail hanging during the filtering process is not SA's fault. If the program were suitably multithreaded the UI responsiveness would remain.[/quote]
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein |
|
| Back to top |
|
|
neenee
Veteran
Joined: 20 Jul 2003
Posts: 1786
|
| Posted: Mon Dec 01, 2003 11:01 am Post subject: |
|
|
that's good info 
i would like to add to that by giving the tip of creating
a cronjob for sa-learn, such as this for evolution:
0 0 * * * sa-learn --mbox --spam /home/neenee/evolution/local/Spam
which will learn spam from your evolution Spam
folder in mbox format every day at midnight.
i used to do this manually from my window-managers'
popup window, but this works just fine as well.
perhaps a more space-efficient way would be to
have sa-learn learn spam once every week and
then cleaning out the spam folder since it has al-
ready learnt that spam.
good luck |
|
| Back to top |
|
|
asimon
l33t
Joined: 27 Jun 2002
Posts: 979
Location: Germany, Old Europe
|
| Posted: Thu Mar 18, 2004 4:34 pm Post subject: |
|
|
I too like SpamAssassin very much. It was easy to setup (much more easier than for example dspam or crm114) and works very good here. I don't use the online tests, only local stuff and Bayesian filter. With the Bayesian filter SpamAssassin is very efficient (most comparisions I found on the web are based on rather old SA versions which did'nt had the bayesian filter, thus it's no wonder why in those tests bogofilter, dspam, etc. are much better than SA). Looking at the report header I see that every spam mail I get gets alone from the BAYES_99 rule alone enough points to be classified as spam.
But as with every Bayesian filter it's very important to constantly train SA with your spam and ham mails. From what I see autolearning (with the default parameters) alone is not enough because I at least don't get much spam with very high scores, thus for most spam the autolearner actually doesn't learn. But with a cron job doing sa-learn this is no problem. Sometimes some spam mails get's through (like lately some spam mails with many misspelled words or some fake mail from MS with some securiy update for Windows) but after feeding them to sa-learn the next ones will not get through.
What I appreciate especially is that SA after around 6000 (I use it since January) spam mails it never classified a ham mail as spam (at least as far as I can tell ). This is very important.
The future of SA also looks very bright. Version 3 will include an API for plugins. Thus we will have plugins for other filters like dspam (already exists), crm114, bofofilter, etc.
On the SA mailing list there is a post where someone did some small benchmark to compare the speed of SA's bayesian filter and dspam (it's usually said that SA is very slow because it's in Perl and dspam very fast). In this test SA was only 10% slower than dspam. |
|
| Back to top |
|
|
mallchin
l33t
Joined: 21 Jan 2003
Posts: 655
Location: United Kingdom
|
| Posted: Sun Aug 08, 2004 4:28 pm Post subject: |
|
|
Well, I'm in a quandry.
I use amavisd-new which supports spamassassin, dpsma and razor and don't know which to use, or if it'll let me use any or all of them together. I guess just SA would be ideal, I've been using that for a while okay.
My other wonder is how I can use neenee's sa-learn cronjob to teach SA on my mail server, but my evo mail is on my workstation. How can I use SA to learn on my workstation and port the rules it's learnt to my mail server?
/me throws stones at nasty spammers, shoo shoo
_________________
6700 @ 2.66GHz, 4Gb RAM, 2 x 500Gb, 8800 GTX, PhysX, X-Fi, 24" Widescreen, Tux mascot |
|
| Back to top |
|
|
BlinkEye
Veteran
Joined: 21 Oct 2003
Posts: 1046
Location: Gentoo Forums
|
| Posted: Fri Aug 27, 2004 11:31 am Post subject: |
|
|
as you have a mail server your mail first gets to it. so there should be no problem of filtering mails there. bad thing is if you use pop and spam gets through, though, which you might be using. hmm
_________________
Easily backup up your system? klick
Get rid of SSH Brute Force Attempts / Script Kiddies klick |
|
| Back to top |
|
|
xiangzi
n00b
Joined: 11 Mar 2004
Posts: 24
Location: San Francisco, CA
|
| Posted: Fri Sep 03, 2004 12:26 am Post subject: bogofilter performance |
|
|
Have been using bogofilter with evolution for a week or 2 now as described here:
http://www.ime.usp.br/~rsilva/bogo-and-evo/
Trained on about 1000 spam and a bit more non-spam, but the results so far are pretty disappointing -- it's only getting 1/2 to 2/3 of the spam, and doesn't seem to be improving over time (in fact today has been it's worst day ever, more like 1/4). But other people sound happy with it. Did you have to tweak it to get good results, and if so, what was your recipe? |
|
| Back to top |
|
|
BlinkEye
Veteran
Joined: 21 Oct 2003
Posts: 1046
Location: Gentoo Forums
|
| Posted: Fri Sep 03, 2004 10:29 am Post subject: |
|
|
the really important thing is that you don't put bad mails in the .Ham folder and train it with these. i made this mistake the first time and it didn't work out. i'd say: put less mails in you .Ham folder - but mails you're really sure of and you're set. btw.: what about the configs? i'm not sure at all how to set them (i'm using bogofilter only for some days now) but maybe you don't have them set correctly?!? i've looked for examples and explanation but haven't found anything.
_________________
Easily backup up your system? klick
Get rid of SSH Brute Force Attempts / Script Kiddies klick |
|
| Back to top |
|
|
xiangzi
n00b
Joined: 11 Mar 2004
Posts: 24
Location: San Francisco, CA
|
| Posted: Sat Sep 04, 2004 6:27 pm Post subject: |
|
|
| Yeah, I was careful to expunge all the spam from the ham folder first. |
|
| Back to top |
|
|
BlinkEye
Veteran
Joined: 21 Oct 2003
Posts: 1046
Location: Gentoo Forums
|
| Posted: Sat Sep 04, 2004 6:49 pm Post subject: |
|
|
well, then i guess your config file's the bug. i'm really satisfied with bogofilter yet - i had only about 20 spam mails left to train but it works flawlessly
_________________
Easily backup up your system? klick
Get rid of SSH Brute Force Attempts / Script Kiddies klick |
|
| Back to top |
|
|
Kick
n00b
Joined: 23 Jul 2003
Posts: 13
|
| Posted: Wed Oct 20, 2004 6:04 pm Post subject: |
|
|
| Chris W wrote: | | Looking at my logs for today: the longest spam processing took 11 seconds, with all the others (50 odd) under 4 seconds. This runs on a Pentium II 300MHz with all thr RBL and other checks. |
Really? How much RAM do you have?
My PII-300, take between 30s and 1mn to check any single message, with network tests *disabled*!!
Well, after further analysis, it seems that SA 3.0 is a true memory hogger. Perhaps you're talking about SA 2.60, which is indeed much more faster on my own box. |
|
| Back to top |
|
|
|
Networking & Security
