Steve at fivetrees wrote:
> This might be a very lame/n00b question, but I'll risk it .
>
> I run a webhosting company, currently on a pair of (3.7) OBSD boxen. MTA is
> sendmail; we forward mail (no mailboxes) only, and we're using the access.db
> feature to block a (lengthy) list of domains from sending mail to our users.
> PF is enabled (of course).
>
> Up until now I've resisted putting Bayesian spam-filtering systems on the
> web hosts - I'm wary of false positives and yet another admin overhead.
> However, the sheer volume of spam we see is forcing me to reconsider. So
> spamd seems appropriate.
>
> I've checked the FAQs and the newsgroup archives; I'm still a little
> confused. Could some kind soul point me at a how-to for installing and
> maintaining a spam filter?

I don't have a howto, but you might want to consider the difference
between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
binary named spamd.

spamd(8) is not Bayesian, but I've heard good things about it. Notably,
no sane RFC-compliant setup should be blocked, which cuts down on false
positives.

Joachim

wrote in message
news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
> Steve at fivetrees wrote:
>>
>> I've checked the FAQs and the newsgroup archives; I'm still a little
>> confused. Could some kind soul point me at a how-to for installing and
>> maintaining a spam filter?
>
> I don't have a howto, but you might want to consider the difference
> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
> binary named spamd.
>
> spamd(8) is not Bayesian, but I've heard good things about it. Notably,
> no sane RFC-compliant setup should be blocked, which cuts down on false
> positives.

Aha! That's already helped - one of my various sources of confusion was
whether spamd == spamassassin. Thanks.

I think I maybe should look at both. Meanwhile, spamd(8) is probably my
priority. However, "no sane RFC-compliant setup should be blocked" worries
me a bit - not sure I'd like to bet on all the major ISPs being fully
RFC-compliant (AOL etc). If even one of my users gets legitimate mail
blocked, it's not going to work for me. Perhaps I'm too cynical?

Thanks,

Steve
http://www.fivetrees.com

Steve at fivetrees wrote:
> wrote in message
> news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
>> Steve at fivetrees wrote:
>>>
>>> I've checked the FAQs and the newsgroup archives; I'm still a little
>>> confused. Could some kind soul point me at a how-to for installing and
>>> maintaining a spam filter?
>>
>> I don't have a howto, but you might want to consider the difference
>> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
>> binary named spamd.
>>
>> spamd(8) is not Bayesian, but I've heard good things about it. Notably,
>> no sane RFC-compliant setup should be blocked, which cuts down on false
>> positives.
>
> Aha! That's already helped - one of my various sources of confusion was
> whether spamd == spamassassin. Thanks.
>
> I think I maybe should look at both. Meanwhile, spamd(8) is probably my
> priority. However, "no sane RFC-compliant setup should be blocked" worries
> me a bit - not sure I'd like to bet on all the major ISPs being fully
> RFC-compliant (AOL etc). If even one of my users gets legitimate mail
> blocked, it's not going to work for me. Perhaps I'm too cynical?

Well, they only need to be 'sane' and 'RFC-compliant' to the point that
they'll try to redeliver mail at least three times, while receiving 4xx
errors the first two times.

I don't think any sane mailer doesn't do that. There is always *some*
idiot, but...

Joachim

>> I don't have a howto, but you might want to consider the difference
>> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
>> binary named spamd.
>>
>> spamd(8) is not Bayesian, but I've heard good things about it. Notably,
>> no sane RFC-compliant setup should be blocked, which cuts down on false
>> positives.
>
> Aha! That's already helped - one of my various sources of confusion was
> whether spamd == spamassassin. Thanks.
>
> I think I maybe should look at both. Meanwhile, spamd(8) is probably my
> priority. However, "no sane RFC-compliant setup should be blocked" worries
> me a bit - not sure I'd like to bet on all the major ISPs being fully
> RFC-compliant (AOL etc). If even one of my users gets legitimate mail
> blocked, it's not going to work for me. Perhaps I'm too cynical?

I don't know about spamd not being Spamassassin but:
I've been working with Spamassassin for years now.
I had only a few false-positives ,one being a host which sent logwatch
reports with a blacklisted URL. But that was easy to fix. Most of them
are easy to fix :]
Spamassassin has bayes rules but they only help to a limited extent.

$ perldoc Mail::SpamAssassin::Conf


ML

"Martin Latos" wrote in message
news:dvop1c$s0r$1@nemesis.news.tpi.pl...
>
>> Aha! That's already helped - one of my various sources of confusion was
>> whether spamd == spamassassin. Thanks.
>>
>> I think I maybe should look at both. Meanwhile, spamd(8) is probably my
>> priority. However, "no sane RFC-compliant setup should be blocked"
>> worries
>> me a bit - not sure I'd like to bet on all the major ISPs being fully
>> RFC-compliant (AOL etc). If even one of my users gets legitimate mail
>> blocked, it's not going to work for me. Perhaps I'm too cynical?
>
> I don't know about spamd not being Spamassassin but:
> I've been working with Spamassassin for years now.
> I had only a few false-positives ,one being a host which sent logwatch
> reports with a blacklisted URL. But that was easy to fix. Most of them
> are easy to fix :]
> Spamassassin has bayes rules but they only help to a limited extent.
>
> $ perldoc Mail::SpamAssassin::Conf

Thanks for that.

I note 2 possible packages in the 3.7 repository:
- milter-spamd-0.3p0.tgz
- p5-Mail-SpamAssassin-3.0.2.tgz

I presume it's the latter I need? And will contain the Perl docs?

Steve
http://www.fivetrees.com

> I note 2 possible packages in the 3.7 repository:
> - milter-spamd-0.3p0.tgz
I guess this one is to intergrate spamassassin with sendmail thru milter
interface. They have somehting like spamass-milter for linuxes. If
you're using postfix why not use amavis? (some ppl have had some
successes with integrating sendmail,amavis, clamav and spamassassin)

> - p5-Mail-SpamAssassin-3.0.2.tgz
This is what you need. As far as spamassasin goes.

> I presume it's the latter I need? And will contain the Perl docs?
I have really no idea. Not being a bsd expert in any way (or a good user
for this matter) I always installed spamassassin thru CPAN.
But I guess it will contain the necessary documentation :]


Hope that helps in any way

ML

"Martin Latos" wrote in message
news:dvotdu$sv2$1@atlantis.news.tpi.pl...
>
>> I note 2 possible packages in the 3.7 repository:
>> - milter-spamd-0.3p0.tgz
> I guess this one is to intergrate spamassassin with sendmail thru milter
> interface. They have somehting like spamass-milter for linuxes. If
> you're using postfix why not use amavis? (some ppl have had some
> successes with integrating sendmail,amavis, clamav and spamassassin)
>
>> - p5-Mail-SpamAssassin-3.0.2.tgz
> This is what you need. As far as spamassasin goes.
>
>> I presume it's the latter I need? And will contain the Perl docs?
> I have really no idea. Not being a bsd expert in any way (or a good user
> for this matter) I always installed spamassassin thru CPAN.
> But I guess it will contain the necessary documentation :]
>
> Hope that helps in any way

It does. Thanks.

Steve
http://www.fivetrees.com

On 21 Mar 2006 10:59:16 GMT in <441fdc83$0$79705$dbd41001@news.wanadoo.nl> jKILLSPAM.schipper@math.uu.nl wrote:
> spamd(8) is not Bayesian, but I've heard good things about it. Notably,
> no sane RFC-compliant setup should be blocked, which cuts down on false
> positives.

Fortunately, it tends to choke on normal exchange configs
and companies that have their mail handled by message-labs
when in grey-listing mode.

I think the change from 450 to 451 also decreased the amount of
time for valid mail from places like yahoo to get through.

--
Chris Dukes
Suspicion breeds confidence -- Brazil

On Tue, 21 Mar 2006 11:31:53 -0000 in Steve at fivetrees wrote:
> wrote in message
> news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
>> Steve at fivetrees wrote:
>>>
>>> I've checked the FAQs and the newsgroup archives; I'm still a little
>>> confused. Could some kind soul point me at a how-to for installing and
>>> maintaining a spam filter?
>>
>> I don't have a howto, but you might want to consider the difference
>> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
>> binary named spamd.
>>
>> spamd(8) is not Bayesian, but I've heard good things about it. Notably,
>> no sane RFC-compliant setup should be blocked, which cuts down on false
>> positives.
>
> Aha! That's already helped - one of my various sources of confusion was
> whether spamd == spamassassin. Thanks.
>
> I think I maybe should look at both. Meanwhile, spamd(8) is probably my
> priority. However, "no sane RFC-compliant setup should be blocked" worries
> me a bit - not sure I'd like to bet on all the major ISPs being fully
> RFC-compliant (AOL etc). If even one of my users gets legitimate mail
> blocked, it's not going to work for me. Perhaps I'm too cynical?

AOL seems to get through fine. As does yahoo. Hotmail gets through,
although all I get from hotmail is spam.
message-labs has issues (The folks at cdicorp.com use that).
Bell South's corporate email relays used to have issues.


--
Chris Dukes
Suspicion breeds confidence -- Brazil

"?" wrote in message
news:slrne20isc.j18.pakrat@mouse.private.neotoma.o rg...
>>
>> I think I maybe should look at both. Meanwhile, spamd(8) is probably my
>> priority. However, "no sane RFC-compliant setup should be blocked"
>> worries
>> me a bit - not sure I'd like to bet on all the major ISPs being fully
>> RFC-compliant (AOL etc). If even one of my users gets legitimate mail
>> blocked, it's not going to work for me. Perhaps I'm too cynical?
>
> AOL seems to get through fine. As does yahoo. Hotmail gets through,
> although all I get from hotmail is spam.
> message-labs has issues (The folks at cdicorp.com use that).
> Bell South's corporate email relays used to have issues.

Noted; thanks. I'm in the UK, but of course we should handle *everything*.

Trouble is, for this kind of thing I can't really do off-line experiments -
it's all or nothing. Is it clear from the logs which messages/ISPs are
rejected?

I shall ponder.

Steve
http://www.fivetrees.com

On Tue, 21 Mar 2006 19:47:01 -0000 in <2_CdnfD1_seuxb3ZRVnysA@pipex.net> Steve at fivetrees wrote:
> "?" wrote in message
> news:slrne20isc.j18.pakrat@mouse.private.neotoma.o rg...
>>>
>>> I think I maybe should look at both. Meanwhile, spamd(8) is probably my
>>> priority. However, "no sane RFC-compliant setup should be blocked"
>>> worries
>>> me a bit - not sure I'd like to bet on all the major ISPs being fully
>>> RFC-compliant (AOL etc). If even one of my users gets legitimate mail
>>> blocked, it's not going to work for me. Perhaps I'm too cynical?
>>
>> AOL seems to get through fine. As does yahoo. Hotmail gets through,
>> although all I get from hotmail is spam.
>> message-labs has issues (The folks at cdicorp.com use that).
>> Bell South's corporate email relays used to have issues.
>
> Noted; thanks. I'm in the UK, but of course we should handle *everything*.
>
> Trouble is, for this kind of thing I can't really do off-line experiments -
> it's all or nothing. Is it clear from the logs which messages/ISPs are
> rejected?
>
> I shall ponder.

You'll need to remember to add lines for spamd and spamlogd
in your syslog.conf.

Here's a portion of a flat out blacklist
Mar 21 12:43:37 lagoon spamd[15798]: 124.42.3.44: connected (1/1), lists: china
Mar 21 12:47:32 lagoon spamd[15798]: (BLACK) 124.42.3.44:
->

Here's a grey
Mar 21 13:34:55 lagoon spamd[15798]: 201.22.206.182: connected (1/0)
Mar 21 13:35:11 lagoon spamd[15798]: (GREY) 201.22.206.182: comics.com> ->
Mar 21 13:35:11 lagoon spamd[15798]: 201.22.206.182: disconnected after 16 seco
nds.

'spamdb' provides information on whites, greys, spamtrap addresses, and
hosts zapped by spamtrap addresses in a format that's a bit easier to parse.

And you could always setup the logging for spamlogd without having the
filtering for spamd setup. Let it run for a week and muck through the
"whitelist" and expunge anything questionable. That way when you turn
on grey-listing the bulk of the email isn't even delayed.

--
Chris Dukes
Suspicion breeds confidence -- Brazil

"?" wrote in message
news:slrne20org.j18.pakrat@mouse.private.neotoma.o rg...
>
> 'spamdb' provides information on whites, greys, spamtrap addresses, and
> hosts zapped by spamtrap addresses in a format that's a bit easier to
> parse.
>
> And you could always setup the logging for spamlogd without having the
> filtering for spamd setup. Let it run for a week and muck through the
> "whitelist" and expunge anything questionable. That way when you turn
> on grey-listing the bulk of the email isn't even delayed.

Ooh. Sounds like good advice - all noted. Thanks.

Steve
http://www.fivetrees.com

wrote in message
news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
> Steve at fivetrees wrote:
>> I've checked the FAQs and the newsgroup archives; I'm still a little
>> confused. Could some kind soul point me at a how-to for installing and
>> maintaining a spam filter?
>
> I don't have a howto, but you might want to consider the difference
> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
> binary named spamd.

I'm sorta getting there. I understand the differences between the 2 spamds
now, and I'm working through both. (The first works on connection behaviour,
while the second works on message content. Hopefully that's right.)

Ok. I'd like both, of course. One thing, though - am I right in
understanding that SpamAssassin requires procmail? This worried me a bit:
http://davespicks.com/writing/progra...inopenbsd.html

procmail scares me. It's just a preprocessor, right? Not a replacement for
sendmail? I've looked at so many "you really should be running this MTA"s
that my head is spinning a bit, and I've stuck with sendmail. Not because
it's good, or tractable, but mainly because I've been able to adapt and keep
things running with it since OBSD 2.6.

Also: I've used CPAN in the past (e.g. for radio fivetrees), but I've often
been unlucky with it. These two failed tonight:
> install File::Path
> install IPC::Open2

Reason:
>> The most recent version "1.08" of the module "File::Path" comes with the
>> current version of perl (5.8.8). <<

There's probably some voodoo I'm missing there; CPAN seems very fragile.
Never did get Ogg-Vorbis to work.

Have pity on me. I'm an embedded electronics/firmware guy venturing gingerly
into scary places. I have a clue, but not necessarily *this* clue.

Steve
http://www.sfdesign.co.uk <- with my other hat on

Steve at fivetrees wrote:
> wrote in message
> news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
>> Steve at fivetrees wrote:
>>> I've checked the FAQs and the newsgroup archives; I'm still a little
>>> confused. Could some kind soul point me at a how-to for installing and
>>> maintaining a spam filter?
>>
>> I don't have a howto, but you might want to consider the difference
>> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
>> binary named spamd.
>
> I'm sorta getting there. I understand the differences between the 2 spamds
> now, and I'm working through both. (The first works on connection behaviour,
> while the second works on message content. Hopefully that's right.)
>
> Ok. I'd like both, of course. One thing, though - am I right in
> understanding that SpamAssassin requires procmail? This worried me a bit:
> http://davespicks.com/writing/progra...inopenbsd.html

SpamAssassin requires *some* way to pass the message to it. Procmail is
one such way, but it is rather inefficient. Amavisd is another, and I
gather there are some milters for Sendmail that will offer a more
efficient interface.

> procmail scares me. It's just a preprocessor, right? Not a replacement for
> sendmail? I've looked at so many "you really should be running this MTA"s
> that my head is spinning a bit, and I've stuck with sendmail. Not because
> it's good, or tractable, but mainly because I've been able to adapt and keep
> things running with it since OBSD 2.6.
>
> Also: I've used CPAN in the past (e.g. for radio fivetrees), but I've often
> been unlucky with it. These two failed tonight:
>> install File::Path
>> install IPC::Open2
>
> Reason:
>>> The most recent version "1.08" of the module "File::Path" comes with the
>>> current version of perl (5.8.8). <<
>
> There's probably some voodoo I'm missing there; CPAN seems very fragile.
> Never did get Ogg-Vorbis to work.
>
> Have pity on me. I'm an embedded electronics/firmware guy venturing gingerly
> into scary places. I have a clue, but not necessarily *this* clue.

As always, the easiest way to get SpamAssassin running is via packages
(p5-Mail-SpamAssassin).

Ogg-Vorbis and CPAN are both a whole other kettle of tea, and I don't
know anything about the former. The latter is very cool, but pkg_add is
adapted for OpenBSD, and thus, preferred.

Joachim

wrote in message
news:44214777$0$10131$dbd41001@news.wanadoo.nl...
>>
>> Ok. I'd like both, of course. One thing, though - am I right in
>> understanding that SpamAssassin requires procmail? This worried me a bit:
>> http://davespicks.com/writing/progra...inopenbsd.html
>
> SpamAssassin requires *some* way to pass the message to it. Procmail is
> one such way, but it is rather inefficient. Amavisd is another, and I
> gather there are some milters for Sendmail that will offer a more
> efficient interface.

Ok, understood and reassured. I think .

>> There's probably some voodoo I'm missing there; CPAN seems very fragile.
>> Never did get Ogg-Vorbis to work.
>
> As always, the easiest way to get SpamAssassin running is via packages
> (p5-Mail-SpamAssassin).
>
> Ogg-Vorbis and CPAN are both a whole other kettle of tea, and I don't
> know anything about the former. The latter is very cool, but pkg_add is
> adapted for OpenBSD, and thus, preferred.

Also understood - and echoed. Given a choice, it's pkg_add for me [1]. (I
made some humble contributions to Lincoln Stein's Apache::MP3 project, which
I use as the basis for Radio fivetrees. [Ogg-Vorbis is a somewhat more
license-friendly alternative to MP3.] I have traditionally used CPAN in this
case simply because that was what Lincoln was familiar with - also I suspect
I've been using it longer than it's been in the ports tree. I'm revising
this, and will probably give up on CPAN.)

[1] One minor criticism of the pkg_add system - it's not always clear (to
me) what adaptations have been made, or what the ./configure equivalent was.
Some packages provide a few lines of clue at the end of the install process;
most don't. I usually go back to the application homepage and deduce the
configuration from there. Perhaps that's what everyone else does. Not sure.

Summary: I have a lot to learn. Eep.

Thanks!

Steve
http://www.fivetrees.com

On Wed, 22 Mar 2006 16:00:15 -0000 in Steve at fivetrees wrote:
> wrote in message
> news:44214777$0$10131$dbd41001@news.wanadoo.nl...
>>>
>>> Ok. I'd like both, of course. One thing, though - am I right in
>>> understanding that SpamAssassin requires procmail? This worried me a bit:
>>> http://davespicks.com/writing/progra...inopenbsd.html
>>
>> SpamAssassin requires *some* way to pass the message to it. Procmail is
>> one such way, but it is rather inefficient. Amavisd is another, and I
>> gather there are some milters for Sendmail that will offer a more
>> efficient interface.
>
> Ok, understood and reassured. I think .

You may wish to look at MailScanner as well (I know it works for
exim4 and postfix. I don't remember if it works with sendmail).

As for your CPAn/pkg_add question.
Spin off a new thread, but the short answer is "Look
through the ports tree."
--
Chris Dukes
Suspicion breeds confidence -- Brazil