n Fri, 1 Aug 2003 11:08:39 -0700
Alan Connor <alanconnor@earthlink.net> wrote:
> I get none, and I'd be willing to bet that you save that spam and have to
> examine at least the headers to make sure the program didn't make any
> mistakes. And that you have to spend time updating the filter expressions.
Well, no, I don't have to examine them in most cases. I only examine them
in marginal cases. Furthermore I don't spend any time updating any filter
expressions. I also, unlike you, don't annoy anyone who wants to send me
email by spamming them with crap in return. A bad idea that started with
vacation and has since been brought to full bloom by the likes of you.
> I only have to update my pass list, which is automated, and do NOT save
> anything but headers, if that. And this is just for testing. No regular
> C-R user has to do even that.
You also don't know, apparently, how many people don't give a rats butt
about your spamming them in return. We could do the same if we felt so
inclined to just deep-six all the marginal stuff.
> Why pay for something that a near-newbie like myself can write in Bash.
> I wouldn't either. The most basic form of C-R program is just a procmail
> recipe.
Oh, now your ignorance is really showing.
> You still have to save the stuff, some of which is potentially dangerous,
> even in Linux, and must read that header to know what it says.
Uh, no, we don't. Here's my scheme that I have *chosen* to implement.
Exim4 running sa-exim to called SA. <5, not spam, let pass. >5 but <8
marginal, mark as spam but pass it on to the user (I host several mail
accounts for friends and family) to decide. >8 but <12 temporarily reject it
(450) at SMTP. >12 but <25 permanently reject it at SMTP (550). >25, stall
the connection for 5 minutes.
In the week that I kept close tabs on messages that came through to ensure
the system was working as expected the average non-spam messages was scored at
-2. That's a full 7 points under my spam threshold. The average spam was
scored at well over 15. This multi-tier approach was designed so that users
have some control over the marginal stuff. I can review *IF I CHOOSE* higher
stuff in case one of the people I host mail for missed something. I outright
reject most spam. I slow the most blatant cases of spam down a little bit.
But, if I choose to do so, I could just set it to 550 everything over, say, 3
and be reasonably sure that I'd get <.01% false positives in any given year.
All that on a fully automatic, non-intrusive, non-spamming system you say
doesn't work. Yes, fully automatic. Anything >12 is automatically learned as
spam. Anything <2 is automatically learned as ham.
Furthermore we check not so that we update the filters endlessly. We
check because we know that false positives will happen. You, however, don't
care about false positives. It isn't that we have to check. We want to
check. We want to make sure we're not missing something important. You, on
the other hand, don't care if you miss something important. If you did... you
would check.
> Fair enough. But the program uses a LOT (comparitively) of disk space,
> CPU time and RAM.
Which is minute compared to the time lost if one false positive nixes,
say, a job offer.
> AND a lot of YOUR time (comparitively). This would include installation
> and configuration, which takes a minute or so, even with relatively
> sophisticated C-R programs like mine. (which you could WRITE in an hour,
> at most.)
I switched from Exim3 + SA to Exim4 + sa-exim + SA in under 10 minutes.
The original installation of SA was <3 minutes. It took me another 6-7
minutes to train the Bayesian filter (grabbed a corpus of spam from the net,
used my trash folder for the ham corpus) and I was done. Furthermore that
provided protection not only for myself but for all mail accounts on my
machine (site-wide install) as well as a front-line defense for the machine I
secondary for. In fact after I put in sa-exim and started refusing spam at
SMTP I noticed 1/2 my spam was destined for his machine. Spammers are sending
mail through secondary MXs. I told him about it, showed him some examples of
blocked mail and he was so happy about it he switched to Exim4 + sa-exim to
return the favor for me. I didn't have to train my users on a new method of
receiving mail. I told them how to filter on a single header.
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
PGP Key: 8B6E99C5 | main connection to the switchboard of souls.
| -- Lenny Nero - Strange Days
-------------------------------+---------------------------------------------
Attachment:
pgpkILbrJJHe2.pgp
Description: PGP signature