Using bogofilter with local Maildirs (and offlineimap)

Bob Vincent bobvin at pillars.net
Wed Oct 6 22:18:16 CEST 2004 

On Wed, Oct 06, 2004 at 04:10:10PM +0200, Gaizka wrote:
> So, what are you doing right now to filter your spam?

As a first layer of defense, all my email is forwarded to a Barracuda
spam firewall, with preferences as follows:

	Quarantine score: 0.2
	     Block score: 2
	SMTP HELO Required
	Require fully qualified domain names
	Reject fake "From:" domains
	Max messages per session: 15
	Max messages per client in a 30-minute time interval: 40
	Blacklists used:
		Barracuda Blacklist Service
		sbl.spamhaus.org
		xbl.spamhaus.org
		relays.ordb.org
		bl.spamcop.net
		dnsbl.njabl.org
		list.dsbl.org
		multihop.dsbl.org
		relays.osirusoft.com
		spews.relays.osirusoft.com
		unconfirmed.dsbl.org
	IP Addresses blocked:
		207.218.165.0/255.255.255.0
		211.212.0.0/255.255.0.0
		211.213.0.0/255.255.0.0
		218.0.0.0/255.0.0.0
		220.160.197.0/255.255.255.0
		66.28.139.224/255.255.255.0
		67.84.128.0/255.255.255.0
	Domains blocked:
		AmericanSingle
		dialuol.com.br
		inveniosales.com
		miva.com
	Attachments blocked:
		bat
		chm
		cmd
		com
		cpl
		crt
		dll
		exe
		hlp
		hta
		inf
		ins
		isp
		js
		jse
		lnk
		mdb
		mde
		msc
		msi
		msp
		mst
		pcd
		pif
		reg
		scr
		sct
		shb
		shs
		vb
		vbe
		vbs
		wsc
		wsf
		wsh


The Barracuda box runs SpamAssassin, and the scores are on a scale of 0-10.

Mail that doesn't get blocked by the Barracuda gets filtered by
Bogofilter, with thresholds as follows:

	ham_cutoff:  0.2
	spam_cutoff: 0.6 

With these settings, I've never seen a false positive (ham marked as
spam), but I get anywhere from 0.1% to 1% false negatives (spam marked
as unsure).  With my mail load, this means 10-100 spams get delivered
to my inbox each day.

> Have you stopped using offlineimap?

Yes.

> Do you recommend and alternative, or another way of facing it?

If your ISP uses Maildirs, perhaps maildirsync would work for you.

	http://hacks.dlux.hu/maildirsync/

Personally, I use fetchmail, maildrop, and bogofilter as follows:

1. Fetchmail forwards to maildrop
2. Maildrop calls bogofilter on each message.
3. Bogofilter tags spam/ham/unsure with the "x-label" header.
4. Maildrop delivers spam to my spam folder.
5. Maildrop copies ham to my ham folder.
6. Maildrop delivers non-spam to my inbox.

I use mutt to read mail.  Mutt can show the contents of the "x-label"
header in the summary index, but can't do the same for other arbitrary
headers, such as "X-Bogosity".

When I read my mail, I manually classify the "unsure" messages either
by moving them to my spam folder or copying them to my ham folder.

A cron job runs every hour to re-train my database from the updated
contents of my spam and ham folders.

I've got my thresholds set as low as I dare, but I still get anywhere
from ten to a hundred spams per day that slip through the filter.

-- 
Robert August Vincent, II
(pronounced "Bob" or "Bob-Vee")
The Web is like Usenet, but
the elephants are untrained.

More information about the Bogofilter mailing list