(postfix) SPAM filter?
Paul Schmehl
pauls at utdallas.edu
Sun Dec 16 11:44:13 PST 2007
--On December 16, 2007 8:13:34 PM +0100 "Heiko Wundram (Beenic)"
<wundram at beenic.net> wrote:
>
> Neither of the two packages I recommended are anything close to bayesian
> filtering, as they don't actually take measure on the content of the
> mail (which isn't available anyway when the corresponding rules are
> effective in the Postfix restriction mechanism), but rather on the
> conditions the mail is received under. This is what makes them (much
> more) lightweight (than for example a full statistical or bayesian
> filter) in the first place.
>
> I've not had a single false positive which wasn't explained with
> incorrect or plain invalid mailserver configuration on the sender side
> so far with these two packages, and the possibility of a false negative
> in our current environment is something close to 1%, at least according
> to my mailbox (which gets publicized enough by posting to @freebsd.org
> addresses).
I've been using policyd-weight for more than a year now, and I've had
exactly one problem with it. It rejected legitimate mail because that
particular ISP didn't have a clue about DNS. I tweaked the rules very
slightly to cause a score for legitimate mail to fail just below the
threshold for rejection, and I've not had a single false positive since.
Policyd-weight rejects between 50% and 80% of the incoming mail (it varies
by the day) before the mail server ever even processes it. I also use
spamassassin, and I have set it up so that borderline mail that's rejected
gets copied to a folder (/var/spool/spam) so I can review it.
Occasionally I have to recover an email from that folder because it was
"falsely" labeled as spam. Usually it's someone using incredimail or a
similar service that loads up an email with all sorts of extra junk.
Policyd-weight is the perfect complement to a tool like spamassassin. It
gets rid of all the "obvious" spam (fake MXes, dailup "mail servers",
servers listed in multiple RBLs, etc.) before spamassassin has to make a
decision about it.
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list