bogofilter setup in multi-user

.rp printer at moveupdate.com
Wed Jun 30 21:25:10 CEST 2004 

> What rp has shown us is _one_ way to use bogofilter in a multi-user
> environment, and I thank him for sharing that info with us.  We all know
> there are other people handling similar environments in their own ways. 
>  After all, it's the responsibility of each site's admin to determine
> policy.
> 

A few points I want to (re-)mention. 
	The rule that checks to see if a ( occurs after the email server's ip address in 
the Received line filters out a great deal of spam as it shows that a sender was trying 
to fake out the system that the email originated from the server itself. Examples:
Received: from 276.999.1.0 ([211.191.195.100])
Received: from 276.999.1.0 (cyipwz@[211.200.236.64])

	There were a bunch of rules that look at the subject line for "dirty" words I did 
not mention that cull a lot of email before BF.

	We have a customized SpamAssassin setup that we use for filtering. The 
SpamAssassin is not used for any Baysian filtering, just the "look & feel" of spam.

	ClamAV is run with a milter to further cut down on email flowing through.

	I never did any real BF training. Back when version .07 came I simply took 
spam that was captured with procmail rules and fed them as spam and took 2 of our 
users Outbox "folders" and fed them as ham from the command line.

	The BF databases are not continually updated. I turn on the "-u" switch for a 
few days each month (usually over a weekend).  Only the standard linux user 
accounts (adm, gopher, and the like) acting as honeypots to update the spam 
database is done all the time. Therefore our databases are not huge.

	Hardly any spam gets through unmarked as such even with the smallish 
databases and not doing continous updating. Our false positives is less than .0001

	I am using bogofilter version 0.15.7 . Updating has turned out to be quite a 
hassle due to dependencies and I can't really make an argument on how updating 
would improve anything.


My basic point is that it does not take a great deal of resources , time or effort to get 
BF to work for you in a mulituser environment. I am continually annoyed to read in 
computer magazines about the other "solutions" out there to combat spam that costs 
thousands of dollars and that have no easy mechanism for dealing with retrieving 
(and repairing) false results. It really gets my goat that I have yet to read in any article 
about the BF solution. Maybe if BF wasn't free it would be looked at by the so called 
email experts.

More information about the Bogofilter mailing list