[Spambayes] : Stopping spam at SMTP Level
cej at intech.com
Mon Feb 9 02:10:27 EST 2004
dont bother wrote:
>Thanks for that.
>I have a couple of questions on that.
>>Also, server-side filtering is a total f**k to set
>>up (pardon the
>>profanity), especially in a user-specific manner
>>filtering really doesn't work using the same
>>database for multiple
>>users). It also takes up a snotload of resources,
>What makes it so difficult for Bayesian Filters to
>filter the spam using the same database for multiple
Not sure. I think it's because different people have different ham/spam
profiles. You'll get a database that allows ham, but doesn't really
catch spam very efficiently. Everybody's idea of "ham" will poison the
database to a certain extent. Nice idea, but doesn't really work well.
>Also, when you mentioned about SMTP, I have this
>question, why is there no solution of stopping SPAM at
>the SMTP Level?
>Comeon, are we impotent to stop the spammers from
>using this bandwidth in the first place?
Yeah, basically, we're a bunch of neutered impotents. :) The problem
is not bandwidth so much as processing time. Somebody has to take the
mail apart, analyize it, and classify it. The further up the chain that
processing is done, the more processing must be done, and the more
expensive it is in terms of CPU time (and yes, CPU time can still be
expensive). Ideally, it should be done on the spammer's ISP side, but
that seems to be rare (judging by the amount of email that comes into
My solution works like this:
1) Postfix accepts the mail, checks to see if it's sent to a valid user
2) If it is, run it through spambayes via content_filter, which
re-injects the mail into the system. That "run it through spambayes"
script looks at the "to: " mail header and uses the appropriate
user-specific database accordingly.
3) Postfix hands it off to Cyrus, which delivers via POP3 or IMAP.
Could it get any higher-level? I don't think so.
A lot of the spam we get is bounces from remote mail servers. Spammers
spoof our domain, and we get the "invalid-user" bounces. Sick. I've
been just discarding everything that's from mailer-daemon and not to a
valid local user.
More information about the Spambayes