Using bogofilter with local Maildirs (and offlineimap)
Bob Vincent
bobvin at pillars.net
Wed Oct 6 22:18:16 CEST 2004
On Wed, Oct 06, 2004 at 04:10:10PM +0200, Gaizka wrote:
> So, what are you doing right now to filter your spam?
As a first layer of defense, all my email is forwarded to a Barracuda
spam firewall, with preferences as follows:
Quarantine score: 0.2
Block score: 2
SMTP HELO Required
Require fully qualified domain names
Reject fake "From:" domains
Max messages per session: 15
Max messages per client in a 30-minute time interval: 40
Blacklists used:
Barracuda Blacklist Service
sbl.spamhaus.org
xbl.spamhaus.org
relays.ordb.org
bl.spamcop.net
dnsbl.njabl.org
list.dsbl.org
multihop.dsbl.org
relays.osirusoft.com
spews.relays.osirusoft.com
unconfirmed.dsbl.org
IP Addresses blocked:
207.218.165.0/255.255.255.0
211.212.0.0/255.255.0.0
211.213.0.0/255.255.0.0
218.0.0.0/255.0.0.0
220.160.197.0/255.255.255.0
66.28.139.224/255.255.255.0
67.84.128.0/255.255.255.0
Domains blocked:
AmericanSingle
dialuol.com.br
inveniosales.com
miva.com
Attachments blocked:
bat
chm
cmd
com
cpl
crt
dll
exe
hlp
hta
inf
ins
isp
js
jse
lnk
mdb
mde
msc
msi
msp
mst
pcd
pif
reg
scr
sct
shb
shs
vb
vbe
vbs
wsc
wsf
wsh
The Barracuda box runs SpamAssassin, and the scores are on a scale of 0-10.
Mail that doesn't get blocked by the Barracuda gets filtered by
Bogofilter, with thresholds as follows:
ham_cutoff: 0.2
spam_cutoff: 0.6
With these settings, I've never seen a false positive (ham marked as
spam), but I get anywhere from 0.1% to 1% false negatives (spam marked
as unsure). With my mail load, this means 10-100 spams get delivered
to my inbox each day.
> Have you stopped using offlineimap?
Yes.
> Do you recommend and alternative, or another way of facing it?
If your ISP uses Maildirs, perhaps maildirsync would work for you.
http://hacks.dlux.hu/maildirsync/
Personally, I use fetchmail, maildrop, and bogofilter as follows:
1. Fetchmail forwards to maildrop
2. Maildrop calls bogofilter on each message.
3. Bogofilter tags spam/ham/unsure with the "x-label" header.
4. Maildrop delivers spam to my spam folder.
5. Maildrop copies ham to my ham folder.
6. Maildrop delivers non-spam to my inbox.
I use mutt to read mail. Mutt can show the contents of the "x-label"
header in the summary index, but can't do the same for other arbitrary
headers, such as "X-Bogosity".
When I read my mail, I manually classify the "unsure" messages either
by moving them to my spam folder or copying them to my ham folder.
A cron job runs every hour to re-train my database from the updated
contents of my spam and ham folders.
I've got my thresholds set as low as I dare, but I still get anywhere
from ten to a hundred spams per day that slip through the filter.
--
Robert August Vincent, II
(pronounced "Bob" or "Bob-Vee")
The Web is like Usenet, but
the elephants are untrained.
More information about the Bogofilter
mailing list