[svlug] Spam IS up !

[Kevin Smathers]

Hi Don,

Yeah, I just finished an overhaul of my mail server about a week ago 
also.  My old server that I used to run off of my DSL line I finally had 
to give up due to the extreme discounts that PacBell is offering on 
dynamic IP service these days; SMTP and DHCP make poor companions.

Luckily I had just set up two new machines at work running CentOS 4.4 
(which is basically a recompilation of RHES 4), but found that Redhat, 
and thus CentOS have inexplicably chosen to replace WU imapd with 
cyrus-imapd.  Cyrus was created in hell just to torture system 
administrators.  I ran Cyrus for three weeks, and it was down for about 
five days in that time, lost its entire database of messages twice (once 
was a hardware fault though), experienced daily lock-ups (I ended up 
adding a cron job to restart it every night), spews constant errors into 
the maillog, and has very poor integration features with tools like 
spamassassin (here I had to roll my own mix of procmail and perl).  
About the only thing in its favor is that it is fast, but at the cost of 
an obscure mailbox format that can only be controlled through an admin 
console, and is impervious to backup.

So last weekend I finally got so fed up with it that 'rpm -e'd the 
entire suite, sendmail and all, and hand built and installed qpsmtpd + 
postfix + WU imapd.  Qpsmtpd is rough around the edges, but serves the 
very important purpose of keeping spam out of my mail queue while still 
allowing bounces to return to sender for people who should be able to 
reach me but for some reason can't.  It needs some custom coding to 
write hooks for handling mail the way you want it to be handled, but the 
coding process was surprisingly easy and the code is pretty stable 
considering it is only in beta and all in Perl.  Yet for my admixture of 
filtering, whitelisting, other experimental techniques that I use to 
catch spam, Qpsmptd is a godsend. 

I'm still running the software with full debugging turned on so that 
when I get a lost message I can track down what happened, but I'm much 
happier than I was a week ago.

Cheers,
-kls

Don Marti wrote:
> I just redid my spam filters.  Now running a
> procmail-based chain: SpamAssassin first, then CRM114.
> No greylisting or DNSBLs at SMTP time (although I am
> letting SA use DNSBLs).
>
> Relevant SA config:
>
> use_bayes 0
> bayes_auto_learn 0
> report_safe 0
> remove_header all Report
> remove_header all Level
> remove_header all Flag
>
> This just adds the SA "X-Spam-Status:" header, which
> is full of tasty info -- so the next tool in the
> chain, CRM114, gets to train on both the actual text
> of the message and on any matches that SA picked up.
> Since CRM114 is a trainable filter, I'm not using SA's
> Bayesian feature.
>
> I'm starting CRM114 off knowing nothing, which
> is supposed to get it better results in the long
> run but means that a lot of stuff is ending up
> misclassified for now.  Will post more on how
> this goes.  In the meantime, everyone please post
> some really well-written messages on this list so my
> CRM114 install will know what I'm looking for.
>
> With all the spam out there now, people are
> tightening their rules, so it's best not to write any
> marketey-sounding prose or send any GIF attachments
> for a while.   (Yes, three different newsletters
> from three different IT publishers started getting
> classified as spam for me.  One because of a DNSBL,
> one because of sloppily written listware that didn't
> apply Message-Id, and one because, as far as I can
> tell, CRM114 just thought it was too spammy-sounding,
> which, if you add in all the sponsor text, it was.)
>
>