[wplug] SpamAssassin

Bill Moran wmoran at potentialtech.com
Fri Apr 2 16:06:44 EST 2004 

Brandon Kuczenski wrote:
>>wplug-bounces+vze2f6h6=verizon.net at wplug.org wrote:
>>
>>>Teodorski, Chris wrote:
>>>
>>>>Has anyone seen any statistics on the success rate of SpamAssassin? Or
>>>>any good articles? 
>>>>
>>>>I'm trying desperately to prevent my boss from sticking in another MS
>>>>exchange box to act an SMTP relay (I'd like to use postfix) but I'm
>>>>having trouble finding any real numbers.
>>>
>>>I don't use SpamAssassin (because I don't approve of content
>>>filters, but that's another issue altogether)
>>>
>>>However, if you want some stats:
>>>http://www.potentialtech.com/cgi-> bin/awstats.pl?config=mail
>>
>>Well I don't use SA either, most RBL and a patch to block executables and
>>here is the results from one day.  I get this report emailed to me every
>>day, along with others.
> 
> What's the problem with Spam Assassin?  I had the impression that running 
> it in daemon mode was relatively CPU-cheap, and re: Bill's post, I don't 
> see how you could stop spam before it was sent.  Maybe before it was 
> received (which I guess is what you meant).
> 
> Anyways, I was about to do my spamassassin/procmail config THIS VERY 
> WEEKEND, so this topic seems relevant.

I'm not a big fan of _any_ content filter for a number of reasons:
1) It's like painting over the rust.  Someone out there is junkmailing you
    (either viruses or spam), block it at the source
2) It puts you in a constant game of "block something, then they work out
    a way around it".  How many spams have you seen with v1agra in the text,
    in an attempt to fool content filters like spam assassin?  I'm just not
    interested in playing that game.
3) While sa is OK on CPU usage, it's high compared to actually blocking the
    source of the problem.  It's also time-consuming, look at the length of
    time it takes to process your messages once sa is in the loop.  This is
    probably of little concern when you have a small mail server with only
    a few dozen addresses, but it loads a big, corporate server badly.

Beyond that, I think sa is simply unnecessary complexity.  (I'm very much
against unnecessary complexity)  It was on the list of things to put on our
mail server originally, but when we saw how well blocking worked, we decided
not to bother.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com

More information about the wplug mailing list