From owner-freebsd-questions@FreeBSD.ORG Sun Dec 16 19:44:13 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D94E516A420 for ; Sun, 16 Dec 2007 19:44:13 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from smtp3.utdallas.edu (smtp3.utdallas.edu [129.110.10.49]) by mx1.freebsd.org (Postfix) with ESMTP id AC77C13C468 for ; Sun, 16 Dec 2007 19:44:13 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from [192.168.2.102] (cpe-24-175-90-48.tx.res.rr.com [24.175.90.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp3.utdallas.edu (Postfix) with ESMTP id 30368654D7 for ; Sun, 16 Dec 2007 13:44:13 -0600 (CST) Date: Sun, 16 Dec 2007 13:44:16 -0600 From: Paul Schmehl To: freebsd-questions@freebsd.org Message-ID: <1FF26CB2FADCE73521D6D1F9@paul-schmehls-powerbook59.local> In-Reply-To: <200712162013.34937.wundram@beenic.net> References: <476086E2.5030402@gmail.com> <200712130859.09396.wundram@beenic.net> <4763DB33.6080908@wcborstel.com> <200712162013.34937.wundram@beenic.net> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: (postfix) SPAM filter? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Dec 2007 19:44:13 -0000 --On December 16, 2007 8:13:34 PM +0100 "Heiko Wundram (Beenic)" wrote: > > Neither of the two packages I recommended are anything close to bayesian > filtering, as they don't actually take measure on the content of the > mail (which isn't available anyway when the corresponding rules are > effective in the Postfix restriction mechanism), but rather on the > conditions the mail is received under. This is what makes them (much > more) lightweight (than for example a full statistical or bayesian > filter) in the first place. > > I've not had a single false positive which wasn't explained with > incorrect or plain invalid mailserver configuration on the sender side > so far with these two packages, and the possibility of a false negative > in our current environment is something close to 1%, at least according > to my mailbox (which gets publicized enough by posting to @freebsd.org > addresses). I've been using policyd-weight for more than a year now, and I've had exactly one problem with it. It rejected legitimate mail because that particular ISP didn't have a clue about DNS. I tweaked the rules very slightly to cause a score for legitimate mail to fail just below the threshold for rejection, and I've not had a single false positive since. Policyd-weight rejects between 50% and 80% of the incoming mail (it varies by the day) before the mail server ever even processes it. I also use spamassassin, and I have set it up so that borderline mail that's rejected gets copied to a folder (/var/spool/spam) so I can review it. Occasionally I have to recover an email from that folder because it was "falsely" labeled as spam. Usually it's someone using incredimail or a similar service that loads up an email with all sorts of extra junk. Policyd-weight is the perfect complement to a tool like spamassassin. It gets rid of all the "obvious" spam (fake MXes, dailup "mail servers", servers listed in multiple RBLs, etc.) before spamassassin has to make a decision about it. Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/