On 14 Jun 2003 at 1:44, Michael Edwards wrote:
> [Jari Williamsson:]
>
> >Brad Beyenhof writes:
> >
> >>SpamAssassin works very well, actually...
> ...
> >>I got a ton of spam... and it was all but eliminated after I installed the
> >>SpamAssassin POP3 proxy....
> >
> >Thanks for the tip! I installed SAproxy yesterday, and only one single
> >spam mail wasn't caught (got a score of 3.4) and something like 120
> >spam mails was caught - and no false catches yet.
>
> False catches - do you mean flagging a legitimate message as spam?
Yep, a false positive.
> If I could continue this off-topic thread (which we all seem to be
> interested in again and again), may I ask a question about this, please?
>
> I am getting more and more spam, and would like to do something about it if
> I can do so safely - but I am concerned that any automated filters could catch
> and throw out legitimate mail that I want to read. It may not happen often if
> the program is very good at detecting spam; but I would feel that, until
> programs can understand words and sentences in a human-like way, it *could*
> occasionally throw out something I want to receive.
Well, the way SpamAssassin works is that it appends its own custom
headers to incoming messages. If you then never filter your incoming
mail based on those headers, nothing at all will happen -- it will
just come into the same mailbox it came into before. But, and here's
one good thing, it will be marked as SPAM with an explanation of why
SpamAssassin thought it was spam.
> It appears this scoring system in SpamAssassin is designed to look for
> features characteristic of spam generally, and I suppose a message is thrown out
> if it gets over a certain score.
Yes, and you can choose the level. The default level for the SAProxy
is 5.0 and the documentation suggests a level of 8-10 for ISPs. The
SHSU configuration uses 9.0 as the threshold.
> I wonder if someone could please point me to a web site that explains the
> scoring system in more detail. If a message scores high enough to count as
> spam, is it just deleted automatically, or just put in a subdirectory for spam
> for you to review at will? Or can you set it either way?
You do with it what you want. You can do nothing, just let the
messages marked as SPAM come into your regular mailboxes. Or you can
filter them and move them to a SPAM mailbox for review by you later
to see if there were any false positives (i.e., legitimate messages
that got marked spam). Or you can direct them straight to the
trashcan.
The whole point is that all SpamAssassin does is mark the messages in
the headers according to how it scored the message. It's up to you
what to do with that information.
> Also, my service provider already scans incoming mail for spam and viruses,
> and the system lets the e-mail through (but removes virus-infected attachments),
> and flags them by inserting "{SPAM?}" or "{VIRUS?}" at the start of the subject
> heading.
Then SpamAssassin will not be any different for you than what you
already have, if you're already filtering on those flags in the
subject heading.
> In that case, would a spam filter of my own that merely marks things or
> moves them to a subdirectory really add anything to what my service provider
> already does? And I have occasionally received legitimate mail that they
> flagged as spam - so false positives in detecting spam are of concern to me if I
> use a filter.
It all depends on how good your ISPs filtering is. You might want to
check to see if the headers are being put there by SpamAssassin
already. If so, then you don't need to run SAProxy or something
similar on your own system.
> In the end, it seems you have to either trust some software to detect and
> *throw out* spam without your okay, and take the risk it could be a legitimate
> message; . . .
It doesn't do that -- it only marks it so that you can use the markup
for filtering purposes.
> . . . or else, however you filter or sort things, you have to put
> the spam somewhere and inspect it visually, and press "Del" as appropriate. But I
> can
> already do the latter without a filtering program - and it takes a bit of time,
> though.
Yes, but SpamAssassin improves the chances. I already have a suite of
filters, and they send mail that matches to a folder called GARBAGE.
They look something like this:
Content-Type: text/html*
Subject: dfenton, dfassoc, UCE:, ADV:
Headers: *.tw*
From: [empty]
To: [empty]
Those are the main filters. The ones with "dfenton" and "dfassoc" in
the subject are for those automated spamming programs that insert the
email username into the header. Those are a dead giveaway that it's
spam, since no human being would ever address me by my email username
(nor would anyone I know put my *real* name in the subject heading!).
Now that I've started using SAProxy, I've added:
Expression: X-Spam-Flag: YES
as the first rule in my rule set. Immediately after it is the set of
rules that filters incoming email to inboxes. Using SAProxy adds one
important feature: I no longer will see spam that has valid
addresses, such as the spam that came through the Finale list. That
spam will now be marked and will be filtered out by the X-Spam-Flag:
YES filter, whereas before it would have ended up in my Finale
mailbox.
> I seem to be suggesting that the filtering program is not really much use
> unless you set it to delete spam automatically. Is it as simple as this?
I disagree. It allows you to apportion your time. If none of the spam
lands in your real inboxes, you can concentrate on what's in those
inboxes first and, when you have time, check the spam mailbox to see
if there are any false positives and act accordingly.
> If anyone can shed light on this, or at least point me to a site that
> explains all this further, I would be grateful.
The best spam filter I found was to junk all HTML-encoded email,
after having sorted through for mail from mailing lists and the like.
Now, one of my clients uses AOL and can't send anything but AOL mail
(without jumping through hoops), so I've set up a special rule just
for his address to make sure his email doesn't get junked.
That's what you have to do -- check the results of the filtering and
create new filters that override mistakes like that.
The result is that I have to spend very little time at all dealing
with the spam, and can put if off as long as I like.
If you don't want to spend that time, then, no, you're out of luck.
But to me, that's *far* less time than it takes to deal with spam
when you're doing *nothing* about it!
--
David W. Fenton http://www.bway.net/~dfenton
David Fenton Associates http://www.bway.net/~dfassoc
_______________________________________________
Finale mailing list
[EMAIL PROTECTED]
http://mail.shsu.edu/mailman/listinfo/finale
