Better spam filter for postfix
in [Postfix]
|
From: "Steve" on 16 Jul 2010 07:10 -------- Original-Nachricht -------- > Datum: Fri, 16 Jul 2010 11:03:27 +0200 > Von: Robert Schetterer <robert(a)schetterer.org> > An: postfix-users(a)postfix.org > Betreff: Re: Better spam filter for postfix > Am 16.07.2010 10:15, schrieb lst_hoe02(a)kwsoft.de: > > Zitat von Robert Schetterer <robert(a)schetterer.org>: > > > >> Am 16.07.2010 09:27, schrieb lst_hoe02(a)kwsoft.de: > >>> Zitat von Henrik K <hege(a)hege.li>: > >>> > >>>> On Thu, Jul 15, 2010 at 11:06:44PM -0500, Stan Hoeppner wrote: > >>>>> > >>>>> I will say generically that for an OP who has the time, avoiding > >>>>> content > >>>>> filters and using SMTP time blocking methods is probably more > >>>>> effective in the > >>>>> long run and makes more efficient use of network and server > resources. > >>>> > >>>> You always have time to advertise content filters being "bad", so I > >>>> just > >>>> have to make a pointless rebuttal.. > >>>> > >>>> Can you tell me any big public service (not a one man server) that > >>>> doesn't > >>>> use content filtering at all? By public I don't mean a site that has > >>>> the > >>>> ability to block freemailers, universities, etc hacked accounts.. > >>> > >>> In Germany many companies have given up on content filtering because > it > >>> is not allowed to drop mail after accepting, if there is a chance that > >>> private mail *could* be involved. So with content filter your only > >>> choice would be to tag spam and let the user sort out, which lead to > no > >>> advantage for using content filter at all. > >>> So content filter are mostly a selling point and not a favorable > >>> "solution". > >>> > >>> Regards > >>> > >>> Andreas > >>> > >>> > >> why not use spamass-milter drops spam during smtp income stage > >> this is allowed anyway, also clamav-milter with sanesecurity works nice > >> this way, bouncing mail after recieve by whatever reason may produce > >> backscatter, so it isnt a good idea in every case or country, > >> normally you only flag spam and pass it and/or hold it ( for human > >> postmaster inspection ) i. if use amavis with after queue filter , mail > >> always needs daily support, and companies who stopped filtering in > >> germany ( i dont know one ) have mostly a problem with helpless admins > >> ignorant managers/users etc, not with law or existing antispam > solutions > >> so its mostly a human problem > > > > The point is > > > > - Before-Queue content filter is expansive and must be combined with > > "cheap" reject techologies anyway > > sorry explain "cheap" > Content filtering where you process the WHOLE message is considered as expensive. Just processing a bunch of headers or checking the client against DNSBL/RHWL/DNSWL/etc or checking the client IP reputation or checking things like proper HELO/EHLO or or or is considered as cheep. > if you have non negliable load > > - Tagging spam is nearly useless because no user like to poke through > > the dustbin to search for potential lost mail > > i dont understand, as you always need support mail, > its no problem to solve user questions, only the rate of questions > should be handable by the corosponding number of postmaster and/or > supporters > > > - Spam-Bouncing is no option at all > > why ?, a bounce is no thing of evil, there will be bounces by several > reasons ever > > > - In general the false positive rate is a higher and more difficult to > > find out with content filter compared to a sane set of reputation based > > filters > > i have false postive under 0,1 promille > no problem here > > > > > So the most reasonable approch is to ditch content filter at all and use > > a sane set of reputation based decisions and maybe greylisting to reject > > spam at earliest possible stage. > > you should always use all usefull antispam technics which make sense > anyway ( specially that ones that are native in postfix ) > greylisting is one of them , > Greylisting is NOT native to Postfix! > but in a few cases on my site > simply does not work anymore defending bots > so antispam is always a filter chain, the real antispam filter such as > spamassassin should always be one of the last > > > > I don't speak about or even recommend to not use spam filtering, but > > content filter is sometimes the bigger problem compared to some slipping > > through spams. > > maybe, thats individual, like spam always is, > competent postmaster should choose the right way in the right case > > > > > Regards > > > > Andreas > > no need to flame, i have no problem with supporting ca 10 mailservers > with antispam enabled up to 10000 mail addresses > some spam always slipping trough,always some false positives , thats the > nature of the beast, the goal is keeping that rate low > in my case spam filtering is no such problem , as mailservers that have > buggy dns setups are in rbls etc, > after all, one of the biggest problems are false tagging to antispam > filters in mail clients i.e outlook > which produces more questions then server side filters, as most users > dont understand their mail client settings > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria -- GMX DSL: Internet-, Telefon- und Handy-Flat ab 19,99 EUR/mtl. Bis zu 150 EUR Startguthaben inklusive! http://portal.gmx.net/de/go/dsl
From: Robert Schetterer on 16 Jul 2010 07:17 Am 16.07.2010 13:10, schrieb Steve: > > -------- Original-Nachricht -------- >> Datum: Fri, 16 Jul 2010 11:03:27 +0200 >> Von: Robert Schetterer <robert(a)schetterer.org> >> An: postfix-users(a)postfix.org >> Betreff: Re: Better spam filter for postfix > >> Am 16.07.2010 10:15, schrieb lst_hoe02(a)kwsoft.de: >>> Zitat von Robert Schetterer <robert(a)schetterer.org>: >>> >>>> Am 16.07.2010 09:27, schrieb lst_hoe02(a)kwsoft.de: >>>>> Zitat von Henrik K <hege(a)hege.li>: >>>>> >>>>>> On Thu, Jul 15, 2010 at 11:06:44PM -0500, Stan Hoeppner wrote: >>>>>>> >>>>>>> I will say generically that for an OP who has the time, avoiding >>>>>>> content >>>>>>> filters and using SMTP time blocking methods is probably more >>>>>>> effective in the >>>>>>> long run and makes more efficient use of network and server >> resources. >>>>>> >>>>>> You always have time to advertise content filters being "bad", so I >>>>>> just >>>>>> have to make a pointless rebuttal.. >>>>>> >>>>>> Can you tell me any big public service (not a one man server) that >>>>>> doesn't >>>>>> use content filtering at all? By public I don't mean a site that has >>>>>> the >>>>>> ability to block freemailers, universities, etc hacked accounts.. >>>>> >>>>> In Germany many companies have given up on content filtering because >> it >>>>> is not allowed to drop mail after accepting, if there is a chance that >>>>> private mail *could* be involved. So with content filter your only >>>>> choice would be to tag spam and let the user sort out, which lead to >> no >>>>> advantage for using content filter at all. >>>>> So content filter are mostly a selling point and not a favorable >>>>> "solution". >>>>> >>>>> Regards >>>>> >>>>> Andreas >>>>> >>>>> >>>> why not use spamass-milter drops spam during smtp income stage >>>> this is allowed anyway, also clamav-milter with sanesecurity works nice >>>> this way, bouncing mail after recieve by whatever reason may produce >>>> backscatter, so it isnt a good idea in every case or country, >>>> normally you only flag spam and pass it and/or hold it ( for human >>>> postmaster inspection ) i. if use amavis with after queue filter , mail >>>> always needs daily support, and companies who stopped filtering in >>>> germany ( i dont know one ) have mostly a problem with helpless admins >>>> ignorant managers/users etc, not with law or existing antispam >> solutions >>>> so its mostly a human problem >>> >>> The point is >>> >>> - Before-Queue content filter is expansive and must be combined with >>> "cheap" reject techologies anyway >> >> sorry explain "cheap" >> > Content filtering where you process the WHOLE message is considered as expensive. Just processing a bunch of headers or checking the client against DNSBL/RHWL/DNSWL/etc or checking the client IP reputation or checking things like proper HELO/EHLO or or or is considered as cheep. > > >> if you have non negliable load >>> - Tagging spam is nearly useless because no user like to poke through >>> the dustbin to search for potential lost mail >> >> i dont understand, as you always need support mail, >> its no problem to solve user questions, only the rate of questions >> should be handable by the corosponding number of postmaster and/or >> supporters >> >>> - Spam-Bouncing is no option at all >> >> why ?, a bounce is no thing of evil, there will be bounces by several >> reasons ever >> >>> - In general the false positive rate is a higher and more difficult to >>> find out with content filter compared to a sane set of reputation based >>> filters >> >> i have false postive under 0,1 promille >> no problem here >> >>> >>> So the most reasonable approch is to ditch content filter at all and use >>> a sane set of reputation based decisions and maybe greylisting to reject >>> spam at earliest possible stage. >> >> you should always use all usefull antispam technics which make sense >> anyway ( specially that ones that are native in postfix ) >> greylisting is one of them , >> > Greylisting is NOT native to Postfix! i dont meant that, sorry for eventual missunderstoods whatever i think its all said happy sunny weekend > > >> but in a few cases on my site >> simply does not work anymore defending bots >> so antispam is always a filter chain, the real antispam filter such as >> spamassassin should always be one of the last >>> >>> I don't speak about or even recommend to not use spam filtering, but >>> content filter is sometimes the bigger problem compared to some slipping >>> through spams. >> >> maybe, thats individual, like spam always is, >> competent postmaster should choose the right way in the right case >> >>> >>> Regards >>> >>> Andreas >> >> no need to flame, i have no problem with supporting ca 10 mailservers >> with antispam enabled up to 10000 mail addresses >> some spam always slipping trough,always some false positives , thats the >> nature of the beast, the goal is keeping that rate low >> in my case spam filtering is no such problem , as mailservers that have >> buggy dns setups are in rbls etc, >> after all, one of the biggest problems are false tagging to antispam >> filters in mail clients i.e outlook >> which produces more questions then server side filters, as most users >> dont understand their mail client settings >> >> -- >> Best Regards >> >> MfG Robert Schetterer >> >> Germany/Munich/Bavaria > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
From: Mikael Bak on 16 Jul 2010 08:55 Steve wrote: [big snip] >> So you have made your point. You prefer (or are required) to have user in >> control. >> > Yes. The big problem is that no solution out there is 100% accurate for all users. So the only way to make the user happy is to delegate the control to him. > Can't speek for all users. But I have the impression that users don't want to go through piles of spam and take action. They just expect the damn spam filter to work by itself. At least our users expect this :-) Mikael
From: Kenneth Marshall on 16 Jul 2010 09:09 On Fri, Jul 16, 2010 at 02:55:17PM +0200, Mikael Bak wrote: > Steve wrote: > [big snip] > >> So you have made your point. You prefer (or are required) to have user in > >> control. > >> > > Yes. The big problem is that no solution out there is 100% accurate for all users. So the only way to make the user happy is to delegate the control to him. > > > > Can't speek for all users. But I have the impression that users don't > want to go through piles of spam and take action. They just expect the > damn spam filter to work by itself. > > At least our users expect this :-) > > Mikael > Hi, Speaking for our environment, we use DSPAM with a pre-trained base so that when a user starts initially, they get reasonably good spam filter/false positive rates. This means that instead of "piles of spam" they have just a few mistakes and the accuracy increases quickly from there to the point that the vast majority of users have to train perhaps a couple of messages a month. The initial pretraining is good enough relative to other systems that many never train at all. Rule based filtering, on the other hand, was very labor intensive for the users and fraught with false-positive and negatives. As a member of the support team, we have many fewer problems regarding spam E-mail since we changed to DSPAM from a purely filter-based approach. We use SpamAssassin via amavisd-new and statistical filtering such as that provided by DSPAM, CRM114, and others do a much better job with much less maintenance. Cheers, Ken
From: "Steve" on 16 Jul 2010 14:04 -------- Original-Nachricht -------- > Datum: Fri, 16 Jul 2010 14:55:17 +0200 > Von: Mikael Bak <mikael(a)t-online.hu> > An: postfix-users(a)postfix.org > Betreff: Re: Better spam filter for postfix > Steve wrote: > [big snip] > >> So you have made your point. You prefer (or are required) to have user > in > >> control. > >> > > Yes. The big problem is that no solution out there is 100% accurate for > all users. So the only way to make the user happy is to delegate the > control to him. > > > > Can't speek for all users. But I have the impression that users don't > want to go through piles of spam and take action. They just expect the > damn spam filter to work by itself. > > At least our users expect this :-) > Mine do the same. At least the bigger part of them. Learning a Anti-Spam filter is something that they consider "black magic" and anyway they have no time to do that. They want just good mails to arrive and bad to never reach their box. Often they them self don't know 100% what good and what bad is. But regardless they expect the Anti-Spam filter to know for them. So this is the reason I use something that allows me to train one dataset which is then merged at runtime with the individual user data. And since I know to code I have no problem to add additional small code that does the training automatically for them by using various techniques. So far most of my users NEVER see a spam mail in months. I have accounts that are 100% Spam free for over a year. And I have accounts that have never complained about false positive for ages. But then I have accounts that are not so easy to handle. One customer is in the steel trading business. Boy, boy, boy... some of those steel producing companies from eastern Europe or from Asia are always at least on one or more blacklists, have bad HELO/EHLO, no reverse DNS entries, failing on SPF and and and... Using something like greylisting is no option either because that damn steel price can change a bunch of cents in minutes and then multiply that with a gazillion of kilos a ship can transport and there you are: a lot of money can be lost by holding back a mail for 2 Minutes. Getting such a domain Spam free is a challenge. And so far only statistical Anti-Spam filters where capable to handle that for me. Forget SpamAssassin, forget the "cheep" tools that you can put in front of Postifx, etc. They all fail. Some more, some less. So you need to be very creative and thinking out of the normal border to get your job done when filtering such a domain. > Mikael > Steve -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Simple Hack To Get $2000 To Your PayPal Account Next: null client doc |