support for multiple wordlists

Tom Anderson tanderso at oac-design.com
Tue May 18 15:02:34 CEST 2004 

From: "David Relson" <relson at osagesoftware.com>
> Introducing a client/server architecture is non-trivial.  Making it
> secure is an additional problem.  It may well be of value.  I don't
> know.

Certainly it is not trivial, but nothing worth doing is easy ;)  I'd imagine
that the actual client/server code should be independent of bogofilter, but
called as a helper application.  I could see it handled this way: on the
client side, when bogofilter sees a remote wordlist at the appropriate
precedence level for a given token, invoke the client program which sends
the token to a server; the server program then runs bogofilter on that token
with the appropriate list, and returns the result in the same manner; the
client bogofilter then uses that score in its calculation.  Alternatively,
instead of opening up a new remote connection for each token, send the
entire email and let the server return something like bogofilter -vvv output
to create a mini wordlist on the fly which can be used client-side for the
entire email.

As to security, most people send email unencrypted over the internet (and
often their passwords too).  Bogofilter doing this is no less secure, and is
the equivalent of an extra hop in the email's original path.  However, for
those interested in security, the connection could be made via an SSH tunnel
(with the server program running as the shell under an unprivileged user in
a chroot jail), or using PGP (probably preferable) where the server
advertises its public key and invokes GPG (or equivalent) to handle the
encryption/unencryption.  The only issue would be whether you could trust
the administrator of the server hosting the list not to collect and analyze
your data, but only return results.  If your email is top-secret, you would
obviously only use local wordlists, or those remote ones that are within
your organization.  Most people can deal with a certain level of risk (look
how many people use Hotmail, et al), and the vast majority don't take any
precautions to secure their email at all.

Tom

More information about the Bogofilter mailing list