IMAP / bogofilter

Chris Fortune cfortune at telus.net
Fri Sep 24 10:11:12 CEST 2004 

----- Original Message -----
From: "Tom Allison" <tallison at tacocat.net>

> qmail/vpopmail/maildrop/bincimap.  These are but one set of applications.
> There are many, but the only real element here for spam filtering is
> bogofilter plus some form of MDA (procmail, maildrop, Mail::Audit)
>

I propose putting bayesian filtering at the MTA instead, before the Delivery Agent sees it.  In fact, I use a small perl daemon
script that runs as an SMTP proxy server, and bogofilter is called from within it via the command line.  The proxy then relays to
the MTA after scanning (or rejects at smtp time - le raison de etre).  Requires a quick db lookup to determine if there is a
per-user wordlist for the recipient, or if not, then a global wordlist can be used instead.  This could get resource heavy for very
busy servers, but it is almost a necessity these days to have a dedicated anti-spam box anyway.



> per user wordlists, while taking up more disk space are the most accurate.
> Rejecting mail at the SMTP level is not the job of bogofilter.  However,
> you can utilize some of the information captured in spam mail to set up
> blocks at the SMTP communication level, provided you use a database for
> running spam checks.
>

This is a more efficient SMTP conversation, but takes more steps.  Perhaps I am misusing bogofilter, but the results are very good.



> For instance, the set up I have on my mail server here effectively
> blocks 90% of the spam at the SMTP level and the rest is captured by
> bogofilter.  Admittedly my controls are a little too strict than most
> companies would prefer (potential for lost email?), but there are a lot
> of adjustments that could be made to mitigate the potential.
>

I am curious what do you use?  RBLs?  Greylisting?  IPTables?  SPF?  Reverse lookups?  Razor?  DCC?


> > ....  Do you find that users drop e-mail into the wrong box?
>
> Frequently.  Some don't even bother with the process.  They just delete
> the spam and move along.
>

Same here with my web quarantine.  That's a major reason I want to develop an IMAP system, but you are telling me that some users
can't even drag and drop, and not even into the right box???  It wouldn't surprise me.  The biggest source of misclassification are
users.  I am near to giving up on user-directed filtering.  The only way I can make use of user data is to apply a reputation system
to each of my users!


> As a means of eliminating disk full problems, I move all the detected
> spam into the trash after 30 days.  This gives the user 30 days to
> realize they might have missed something.
>

I delete quarantined mail according to time / bogosity.  (>90 bogosity deleted after 3 days, >70 after 7 days, >50 after 2 wks,
etc...).  I don't give a lot of importance to this because a well-tuned filter will remove most of the spam, and so these unsures
amount to a small percent, composed of newsletters mostly.




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.762 / Virus Database: 510 - Release Date: 9/14/2004

More information about the Bogofilter mailing list