Extending SpamAssassin and Amavis

An anonymous reader writes "Spam filtering solutions are a necessary evil in today's e-mail climate. There are many different tools and systems available for the filtering and removal of spam e-mail. Tools like SpamAssassin and more detailed agents, such as Amavis use a variety of different methods to identify and capture spam. An IBM article shows how you can extend SpamAssassin and Amavis, providing additional filtering facilities to lower the amount of spam hitting e-mail boxes."

Our just use GMail...

[daveisfera]

Or you could just use an email provider like GMail that has good spam filtering and let them worry about it.

Re:

[lattyware]

Yeah, unless you happen to like IMAP like me.

Re:

[Anonymous Coward]

GMail supports IMAP.

Re:

[Tacvek]

GMail supports IMAP.

Indeed. But when I last looked, it used IMAP in a very strange way, that no mail client had good support for.

Here is a list that a client needs to be able to support for the best Gmail/IMAP experience:

• Regular IMAP features
• Support for flagging an unflagging a message. Ideal if the message flagging is shown as a star, as it translates to starring and un-starring a GMail message)
• The client should have propper message threading support
• The client should be able to deal well with a message being in more

Re:

[Doug Neal]

Yep, Gmail's IMAP implementation is basic, to say the least.

* IMAP folders work, but for some reason on the web interface it calls them "labels" and lists them all in a tiny little side panel in a flat list, not as a hierarchy of folders.
* Occasionally the folders fail to synchronise for an hour or so at a time then mysteriously start working again.
* Only this morning I had a message that I just couldn't mark as read - kept popping up as an unread message on the next sync (argh!)
* The whole IMAP service is

I said it once, and I'll say it again...

[siyavash]

I know this solution isn't fit for "average user" but I use white list aliases, when I write my email in some website or whereever, I do @domain.com , as soon as I start to get SPAM, two things happen :

1. I know WHERE the SPAM is comming from and who rat my email out.
2. I can close that specific alias and no more SPAM.

Using the above technique, I see ZERO SPAM... like good old days of emailing.

Nice

[Gazzonyx]

So what about public boards where a spider can pick up your email address? That being said, this is a really good idea; do you have it automated at all? For instance, do you have a catch all that is white listed so long as the incoming email address isn't black listed? Or do you manually add a white list entry for each new email?

Re:

[siyavash]

I open up groups of aliases, for example forum.*@domain.com and when needing to use one, I just give away forum.@domain.com since forum.* is already open I don't have to open them up every time I need an "email", in the start spammers guess a couple of them, like sales@ info@ billing@ but those are easily closed.

So all open until I get spam from one of them and then I close it. As long as you have a fairly unique grouping forum.*@ news.*@ etc, no problem at all.

You see, in my opinion having ONE email and gi

Re:

[siyavash]

I also forgot, I use Outlook so when sending out emails I use a dead pop3 which can send but not receive like noreply@ or something, and then you just set the "Send replies to" option of the email to correct alias for that person.

Another thing, to automate the above, I found this tool called "Outlook bells & whistles" ( http://www.emailaddressmanager.com/outlook-bells.html [emailaddressmanager.com] ) pretty cheap too, it's an add-on you can install on top of Outlook and you can set rules like "If emailing to a specific person, t

Re:

[Bert64]

"pretty cheap" ? You pay extra for such simple features as that?

Re:

[siyavash]

Yes ofcourse. If you do not have enough money to buy stuff at $30 and consider that "expensive", perhaps it is time to change your life or line of work. I eat double that amount every day ;)

Re:

[Bert64]

It's not about being able to afford it...
It's about spending money on something that should be a standard default feature.
Paying an extra $20 for a car door isn't gonna break the bank, but you wouldn't expect a car to arrive without it's doors.

And it soon adds up, seems stupid to keep wasting small amounts of money.

Re:

[karmatic]

TMDA [tmda.net] does everything one needs. It can do whitelisting, blacklisting, time-based email addresses, challenge-response, and even includes a proxy you can use to automatically tag outgoing email for you.

Re:

[Bert64]

I do something similar, but by creating a subdomain too, so for example:
mail@slashdot.org.mydomain.com
That way, not only do i know who ratted me out, but i can also change the MX records to point back at their own servers.

As for public boards, they should not really be posting plain email addresses. Tho it's fairly easy to identify when this has happened rather than someone ratting out my address.

On the other hand, slashdot's mail obfuscation has some interesting results, i quite often get mails to things l

What a useless article.

[Vellmont]

Anyone that's done much exploration of spam filtering already knows the basic architecture of self-learning filters. This article has nothing new.

Recently I've implemented greylisting [wikipedia.org] on my mail server. The drop in spam has been enormous, though there have been a couple cases where email didn't go through on the first try.

Essentially it's a step inserted into the SMTP transfer. The first time a given email+ip address attempt to send you mail, the server responds "try again later". If it tries again afte

Re:

[falzbro]

Anyone that's done much exploration of spam filtering already knows the basic architecture of self-learning filters. This article has nothing new.

Well, since Amavis/Spam Assassin don't do what the article addresses out of the box, much of what's listed in it is useful. However, anyone interested in this article should probably check out Maia Mailguard [maiamailguard.com], which does most of what the article talks about and much more, with a web interface.

Recently I've implemented greylisting on my mail server. The drop in s

Re:

[Vellmont]

Yes, greylisting is nice. However, this has nothing to do with Amavis/SA.

Nothing except that it's another spam fighting technique, which is the ultimate goal here.

Re:

[g_adams27]

Anyone that's done much exploration of spam filtering already knows the basic architecture of self-learning filters. This article has nothing new.

Which might be why the article is completely different than your one-sentence summary of it.

Bayesian filtering is briefly mentioned as a solution in the introduction of the article, before the author gets into the real meat of his suggestions on improving that baseline - spam-reporting mailboxes that are automatically processed and passed to SpamAssassin and Razor, improving the implementation of whitelists and blacklists, mail filtering for easier manual processing, and generating reports to determine

Re:

[Degrees]

To extend that a little further, something that is very effective is to set up a spamtrap email address. If you have a web site, you put a hidden email address on it that is solely used as a source of spam. If people cannot read it, but web-crawlers can, then you have your bad guys.

Using that Perl script to dredge the spamtrap mailbox via IMAP makes an easy source to train against.

Re:

[Vellmont]

Seriously, go read the article.

I did read the article. It had nothing useful in it for me.

Flexible smtp daemon?

[r0.ini]

If you need a real flexible smtp daemon, and can program in perl, I would recommend qpsmtd [develooper.com]. Give it a try, you can create your own plugins (to handle spam or whatever you need) so easily you won't believe it.

Since I implemented filtering.

[Z00L00K]

Since I implemented filtering using several different services I haven't seen any junk mails.

I have the following config in my sendmail.mc:

FEATURE(`require_rdns')dnl
FEATURE(`block_bad_helo')dnl
FEATURE(`enhdnsbl', `zen.spamhaus.org', `"Message from $&{client_addr} rejected - see http://www.spamhaus.org/query/bl?ip="$&{client_addr}', `t')dnl
FEATURE(`enhdnsbl', `bl.spamcop.net', `"Message from $&{client_addr} rejected - see http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl
FEATURE(`dnsbl