bogofilter -u let's spam come through

Adrian Urquhart adrian at devnet-uk.net
Sat Feb 21 03:43:25 CET 2004 

On Fri, 20 Feb 2004, David Relson wrote:

> On Fri, 20 Feb 2004 17:29:40 -0800
> Greg McCann wrote:
> 
> > On 2/20/2004 at 7:16 PM David Relson <relson at osagesoftware.com> wrote:
> > 
> > >I'm with Tom - lock it down.
> > >
> > >My 5 user domain shares a wordlist that's permitted 640, which works
> > >fine with "-u".
> > 
> > Hi David,
> > 
> > Would you please explain how you get that to work correctly?  When I
> > set up bogofilter on my system, I found (if I recall correctly) that
> > sendmail was running processes called from ~/.procmailrc with the
> > permissions of the user receiving the mail.  Since bogofilter -u was,
> > in effect, being run by all users I thought I had to chmod 666 the
> > wordlists.  In fact, I couldn't get it to work until I did.
> > 
> > 
> > Greg McCann
> 
> Greg,
> 
> I wish I could explain it, but I can't -- someone else is going to have
> to answer it for you.
> 
> I'm using postfix and procmail (cause that's what Mandrake defaults to)
> and it's working just fine for me.
> 
> The permissions are:
> 
>    drwxr-xr-x   2 root     root         4096 Jan 26 08:00
> /var/lib/bogofilter
>   -rw-r-----    1 relson   relson   71651328 Feb 20 19:06
> /var/lib/bogofilter/wordlist.db
>                                                                         
>             
> Whether this is a sendmail/procmail difference or something else, I
> can't say.
> 
> David
> 

Just to add my twopennyworth - we use qmail on FreeBSD, where all users 
are POP3 or IMAP. All incoming mail uses a single account, and each user 
has their own wordlist. This has permissions set to 600. Training is 
done by assigning the user a user-ham@ and user-spam@ address which 
delivers the message to bogofilter in -n or -s mode. Again, the single 
user account is used for this.

We had originally tried global filtering but there was quite a large
number of false positives, although this may well have been because our
wordlist wasn't large enough for the user base (3600+ on multiple
domains). However, users weren't willing (or able) to submit mails for
training and this was also the reason we decided not to use the -u
switch. Now, filtering is available to those who ask for it, and by
implication they're probably more willing to feed and take care of their
wordlist. I've found that a personal list of 3.5MB can produce excellent
results, with no false positives so far.

At least with my own wordlist I'm at a stage where I'm now going to 
employ SoS (Shoot on Sight) mode for spams, with a very high degree of 
confidence.

-Adrian

More information about the Bogofilter mailing list