What is spam? (was: [bogofilter] ESF and redundancy)
Jef Poskanzer
jef at acme.com
Tue May 11 18:25:18 CEST 2004
>I concur. Bogofilter needs to be able to filter any kind of unwanted
>mail. If I register all emails from the bogofilter mailing list, then
>it should filter this list, no questions asked. Virii spam are still
>spam... they are sent en masse to unwilling recipients with a payload,
>but instead of a marketing message, the payload is a virus (read this in
>the voice of Agent Smith ;). They should be filterable.
Yeah, but. I get a lot more email worms than most people (about two per
second), and when I was using bogofilter to get rid of them what I found
is that it got real good at blocking the worms but was getting not so
good at blocking regular spam. See, the overwhelming number of worms
was skewing the statistics.
Now I'm using clamav-milter to block worms. It's working great, I highly
recommend it.
I made a list! I currently have five layers of mail filtering:
1) sendmail resource limits - the loadav ones, and limiting the child
process count to 100 (which I sometimes hit!).
2) clamav-milter.
3) procmail executable filter - any mail with the signature for a Windoze
executable or ZIP file that slips by clamav (very few) gets auto-filed
in the junk folder.
4) bogofilter egregious spam - mail with a bogofilter score of 1.000000
goes to /dev/null. A large majority of my spam qualifies.
5) bogofilter spam - mail with a score of 0.55 or more goes to my spam
folder. I scan the headers in there a few times a day looking for false
positives.
Before my recent hardware upgrade I had six layers - instead of running
clamav I had sendmail rules to block all mail with attachments, and I also
had some IP-address whitelist and blacklist entries in my firewall.
---
Jef
Jef Poskanzer jef at acme.com http://www.acme.com/jef/
More information about the Bogofilter
mailing list