Hello, Today I was reading about various antispam techniques, and I came across a reference to milter. Milter is a mail filter that runs at SMTP time, that's when the sending mailserver still has an open connection to the receiving mailserver, and the receiver has not yet acknowledged reception of the email. I'm wondering if it is possble to create a milter implementation of spambayes. Currently I'm so confident about spambayes that I move all spam with a score of 1.00 to /dev/null (with procmail). With a milter-based spambayes, I could reject the spam when I still have the spamming server on the line. Don't ask me why, but I have always thought that rejecting at SMTP is better than silently discarding email, which is still better than bouncing. I found a python implementation of milter with an empty base class as an example: http://code.google.com/p/ppymilter My problem is: I have zero experience with python so I really don't know where to start. My questions to the list: * Good idea or bad idea? And why? * If it's a good idea, could it be done by a humble python n00b like myself? I'm not afraid to get my hands dirty but it's not my intention to write the book on Mastering Python either. * Who can help me by sometimes throwing a cluebat in my general direction, when I get lost? -- Amedee
Amedee> I'm wondering if it is possble to create a milter implementation Amedee> of spambayes. I'm sure you can. I never understood milter though and haven't used sendmail in several years. I wouldn't know where to begin. Then again, the first google hit for "python milter" is http://bmsi.com/python/milter.html Skip
In message: <4277.81.11.192.161.1222386422.squirrel@intrepid.warp.be> "Amedee Van Gasse" <amedee@amedee.be> writes:
I'm wondering if it is possble to create a milter implementation of spambayes.
It's possible, but not particularly useful. Sure, you could tell a well-behaved sender that you're rejecting the message, but spammers are not well-behaved senders. In typical spammer setups, immediately after the entire message body has been sent, the sender closes the connection without waiting for a response. Spambayes needs the entire message body for scoring, so by the time a spambayes score is available, the spammer no longer cares, and has moved on. At most, you'd be informing well-intentioned senders of false-positives that their messages were rejected... and they could at that point try to resend through alternate means. However, in my experience, the senders who would benefit from such are the same senders who tend to resend anyway, when they don't get the expected reply to the message. Where things like milter really help is when you can reject simply based on some combination or subset of sender IP, sender's claimed from address, and recipient address. If you can form a decision just based on those three things, then you can reject before the body is sent (while the spammers are still listening). In lieu of rejection, you can also do fun things like tarpitting the connection, giving them a transient failure (ala greylisting), or similar manipulations. Unfortunately, I don't know any of the actual mechanics of milter, so I wouldn't be a good source of implementation cluebats. - Alex
T. Alexander Popiel schreef:
In message: <4277.81.11.192.161.1222386422.squirrel@intrepid.warp.be> "Amedee Van Gasse" <amedee@amedee.be> writes:
I'm wondering if it is possble to create a milter implementation of spambayes.
It's possible, but not particularly useful. Sure, you could tell a well-behaved sender that you're rejecting the message, but spammers are not well-behaved senders. In typical spammer setups, immediately after the entire message body has been sent, the sender closes the connection without waiting for a response. Spambayes needs the entire message body for scoring, so by the time a spambayes score is available, the spammer no longer cares, and has moved on.
At most, you'd be informing well-intentioned senders of false-positives that their messages were rejected... and they could at that point try to resend through alternate means. However, in my experience, the senders who would benefit from such are the same senders who tend to resend anyway, when they don't get the expected reply to the message.
Where things like milter really help is when you can reject simply based on some combination or subset of sender IP, sender's claimed from address, and recipient address. If you can form a decision just based on those three things, then you can reject before the body is sent (while the spammers are still listening). In lieu of rejection, you can also do fun things like tarpitting the connection, giving them a transient failure (ala greylisting), or similar manipulations.
Unfortunately, I don't know any of the actual mechanics of milter, so I wouldn't be a good source of implementation cluebats.
- Alex
Hello Alex, Thank you for your reply. Yes I know that it isn't particulary useful except for the very few false positives. But what bothers me, is that currently I have no idea at all how many spam I get. I have set up munin to show me the postfix rejections but spambayes-spam of course doesn't show up in those stats. If you know another way to inject spambayes-spam back into the postfix logs and statistics, I'd be much obliged. -- Amedee
In message: <48DE0492.7000204@amedee.be> Amedee Van Gasse <amedee@amedee.be> writes: [ discussion of implementing spambayes as milter ]
Yes I know that it isn't particulary useful except for the very few false positives. But what bothers me, is that currently I have no idea at all how many spam I get. I have set up munin to show me the postfix rejections but spambayes-spam of course doesn't show up in those stats. If you know another way to inject spambayes-spam back into the postfix logs and statistics, I'd be much obliged.
Well, I don't know how to get it back into the postfix logs, but you could easily log and keep stats separately by routing the spam to a counter program instead of sending it straight to /dev/null. The program could then keep whatever statistics you wanted. - Alex
On Wed, October 1, 2008 05:52, T. Alexander Popiel wrote:
In message: <48DE0492.7000204@amedee.be> Amedee Van Gasse <amedee@amedee.be> writes:
[ discussion of implementing spambayes as milter ]
Yes I know that it isn't particulary useful except for the very few false positives. But what bothers me, is that currently I have no idea at all how many spam I get. I have set up munin to show me the postfix rejections but spambayes-spam of course doesn't show up in those stats. If you know another way to inject spambayes-spam back into the postfix logs and statistics, I'd be much obliged.
Well, I don't know how to get it back into the postfix logs, but you could easily log and keep stats separately by routing the spam to a counter program instead of sending it straight to /dev/null. The program could then keep whatever statistics you wanted.
- Alex
Thank you Alex, but that sounds like a hypothetical program that still has to be written, and I am not a programmer. Programming always sounds like black magic to me... ;-)
participants (3)
-
Amedee Van Gasse -
skip@pobox.com -
T. Alexander Popiel