Date: Sun, 16 Dec 2007 13:44:16 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: freebsd-questions@freebsd.org Subject: Re: (postfix) SPAM filter? Message-ID: <1FF26CB2FADCE73521D6D1F9@paul-schmehls-powerbook59.local> In-Reply-To: <200712162013.34937.wundram@beenic.net> References: <476086E2.5030402@gmail.com> <200712130859.09396.wundram@beenic.net> <4763DB33.6080908@wcborstel.com> <200712162013.34937.wundram@beenic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--On December 16, 2007 8:13:34 PM +0100 "Heiko Wundram (Beenic)" <wundram@beenic.net> wrote: > > Neither of the two packages I recommended are anything close to bayesian > filtering, as they don't actually take measure on the content of the > mail (which isn't available anyway when the corresponding rules are > effective in the Postfix restriction mechanism), but rather on the > conditions the mail is received under. This is what makes them (much > more) lightweight (than for example a full statistical or bayesian > filter) in the first place. > > I've not had a single false positive which wasn't explained with > incorrect or plain invalid mailserver configuration on the sender side > so far with these two packages, and the possibility of a false negative > in our current environment is something close to 1%, at least according > to my mailbox (which gets publicized enough by posting to @freebsd.org > addresses). I've been using policyd-weight for more than a year now, and I've had exactly one problem with it. It rejected legitimate mail because that particular ISP didn't have a clue about DNS. I tweaked the rules very slightly to cause a score for legitimate mail to fail just below the threshold for rejection, and I've not had a single false positive since. Policyd-weight rejects between 50% and 80% of the incoming mail (it varies by the day) before the mail server ever even processes it. I also use spamassassin, and I have set it up so that borderline mail that's rejected gets copied to a folder (/var/spool/spam) so I can review it. Occasionally I have to recover an email from that folder because it was "falsely" labeled as spam. Usually it's someone using incredimail or a similar service that loads up an email with all sorts of extra junk. Policyd-weight is the perfect complement to a tool like spamassassin. It gets rid of all the "obvious" spam (fake MXes, dailup "mail servers", servers listed in multiple RBLs, etc.) before spamassassin has to make a decision about it. Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1FF26CB2FADCE73521D6D1F9>