[Spambayes] : Stopping spam at SMTP Level

Christopher Jastram cej at intech.com
Mon Feb 9 02:10:27 EST 2004


dont bother wrote:

>Hey Chris,
>Thanks for that.
>I have a couple of questions on that.
>
>  
>
>>Also, server-side filtering is a total f**k to set
>>up (pardon the 
>>profanity), especially in a user-specific manner
>>(since Bayesian 
>>filtering really doesn't work using the same
>>database for multiple 
>>users).  It also takes up a snotload of resources,
>>    
>>
>
>What makes it so difficult for Bayesian Filters to
>filter the spam using the same database for multiple
>users?
>  
>
Not sure.  I think it's because different people have different ham/spam 
profiles.  You'll get a database that allows ham, but doesn't really 
catch spam very efficiently.  Everybody's idea of "ham" will poison the 
database to a certain extent.  Nice idea, but doesn't really work well.

>Also, when you mentioned about SMTP, I have this
>question, why is there no solution of stopping SPAM at
>the SMTP Level?
>Comeon, are we impotent to stop the spammers from
>using this bandwidth in the first place?
>
>Thanks
>Dont
>  
>
Yeah, basically, we're a bunch of neutered impotents.  :)  The problem 
is not bandwidth so much as processing time.  Somebody has to take the 
mail apart, analyize it, and classify it.  The further up the chain that 
processing is done, the more processing must be done, and the more 
expensive it is in terms of CPU time (and yes, CPU time can still be 
expensive).  Ideally, it should be done on the spammer's ISP side, but 
that seems to be rare (judging by the amount of email that comes into 
our network).

My solution works like this:
1) Postfix accepts the mail, checks to see if it's sent to a valid user
2) If it is, run it through spambayes via content_filter, which 
re-injects the mail into the system.  That "run it through spambayes" 
script looks at the "to: " mail header and uses the appropriate 
user-specific database accordingly.
3) Postfix hands it off to Cyrus, which delivers via POP3 or IMAP.

Could it get any higher-level?  I don't think so.

A lot of the spam we get is bounces from remote mail servers.  Spammers 
spoof our domain, and we get the "invalid-user" bounces.  Sick.  I've 
been just discarding everything that's from mailer-daemon and not to a 
valid local user.

Chris Jastram



More information about the Spambayes mailing list