[wplug] SpamAssassin

[Mike Kuentz (2)]

you could search the archives of the sa user list.  There were a couple
threads a month or so back where users were putting in their counts.  We
use postfix/sa here and works very well.

postfix stats for yesterday:
  21366   received
  16447   delivered
      2   forwarded
      0   deferred
   1420   bounced
   5967   rejected (26%)
      0   reject warnings
      0   held
      0   discarded (0%)

Those rejections are all RBL, malformed addresses, etc.

After they make it through postfix, SA snags another 40-60% of the mail
as spam. (It was 44% from yesterday's stats)  Out of the box, SA is
going to miss a decent amount, maybe 5%, but there are a ton of
constantly evolving custom rules out there that people make that take
care of the misses.  False negatives aren't bad either.  We use this
setup in front of our exchange servers, so what your talking about doing
is definitely out there, in production, and working well.  

I don't know what your boss is like but here are some selling points
that worked for me:
*Uptime.  Your email is probably one of your most important things as
far as all employees collectively are concerned.  You can go 100's of
days without having to reboot with your proposed setup.  With Exchange
you're not going to have that luxury.
*Complexity.  Kind of goes hand in hand with up time.  Trying to
troubleshoot why your Exchange server won't relay mail is a bit more
time consuming and complex than it is with postfix.  If it's a 1000
items stuck in the queue, it'll take you a 2-3 minutes just to bring
that info up in ESM, in postfix your going to do `postqueue -p`.  Want
to sort that info?  Guess which one is going to be easier.  If your boss
doesn't believe you, fill up an SMTP queue on a test Exchange server and
ask him/her to find an email.  That'll fix anybody :)
*Security.  Go to securityfocus and look at the number of security bugs
in Postfix vs. Exchange
*Ease of use.  Want to know if joe at schmoe.com got his blocked due to an
RBL list?  With Postfix you do grep -i 'joe at schmoe.com'
/var/log/maillog.  With Exchange, it's a lot more time consuming.  
*RBL use.  You need at least Exchange 2003 to use RBLs.  That, or third
party software.  Postfix has had it for a while.
*Cost and Licensing.  Linux + Postfix + SpamAssassin = $0 in software
licensing.  Another Exchange license will cost ~ $800, another Windows
license around ~ 800.  That doesn't include upgrade costs down the road
with Software Assurance.  Plus, just about all of the add-on spam
filtering tools for Exchange go on a per mailbox count.  The more
mailboxes, the more it's going to cost.  Most of the add-ons require
subscription services.  When I was looking at a spam solution, it ranged
from $2K to $15K a year for an Exchange solution.
*Proven reliability.  Look around and see how many anti-spam products
use SA as the underlying core.  Go to Google and search for
'spamassassin engine' and you get back results from McAfee SpamKiller
and a host of others.  Obviously something in SA has to be working well
for this many people make it the core of their software.

Hope that helps out your cause.

Mike




> -----Original Message-----
> From: wplug-bounces+junkemail=rapidigm.com at wplug.org 
> [mailto:wplug-bounces+junkemail=rapidigm.com at wplug.org] On 
> Behalf Of Teodorski, Chris
> Sent: Friday, April 02, 2004 1:29 PM
> To: General user list
> Subject: [wplug] SpamAssassin
> 
> Has anyone seen any statistics on the success rate of 
> SpamAssassin?  Or any
> good articles?
> 
> I'm trying desperately to prevent my boss from sticking in another MS
> exchange box to act an SMTP relay (I'd like to use postfix) 
> but I'm having
> trouble finding any real numbers.
> 
> Any help is appreciated.
> 
> Chris
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
> 
>