(postfix) SPAM filter?

Paul Schmehl pauls at utdallas.edu
Sun Dec 16 11:44:13 PST 2007 

--On December 16, 2007 8:13:34 PM +0100 "Heiko Wundram (Beenic)" 
<wundram at beenic.net> wrote:
>
> Neither of the two packages I recommended are anything close to bayesian
> filtering, as they don't actually take measure on the content of the
> mail  (which isn't available anyway when the corresponding rules are
> effective in  the Postfix restriction mechanism), but rather on the
> conditions the mail is  received under. This is what makes them (much
> more) lightweight (than for  example a full statistical or bayesian
> filter) in the first place.
>
> I've not had a single false positive which wasn't explained with
> incorrect or  plain invalid mailserver configuration on the sender side
> so far with these  two packages, and the possibility of a false negative
> in our current  environment is something close to 1%, at least according
> to my mailbox (which  gets publicized enough by posting to @freebsd.org
> addresses).

I've been using policyd-weight for more than a year now, and I've had 
exactly one problem with it.  It rejected legitimate mail because that 
particular ISP didn't have a clue about DNS.  I tweaked the rules very 
slightly to cause a score for legitimate mail to fail just below the 
threshold for rejection, and I've not had a single false positive since.

Policyd-weight rejects between 50% and 80% of the incoming mail (it varies 
by the day) before the mail server ever even processes it.  I also use 
spamassassin, and I have set it up so that borderline mail that's rejected 
gets copied to a folder (/var/spool/spam) so I can review it. 
Occasionally I have to recover an email from that folder because it was 
"falsely" labeled as spam.  Usually it's someone using incredimail or a 
similar service that loads up an email with all sorts of extra junk.

Policyd-weight is the perfect complement to a tool like spamassassin.  It 
gets rid of all the "obvious" spam (fake MXes, dailup "mail servers", 
servers listed in multiple RBLs, etc.) before spamassassin has to make a 
decision about it.

Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

More information about the freebsd-questions mailing list