OT: More on Spam Re: [Dovecot] deploying dspam
Simon Waters
simonw at zynet.net
Wed Dec 15 19:11:59 EET 2004
On Wednesday 15 Dec 2004 4:48 pm, John Peacock wrote:
> Hauke Fath wrote:
> > While this of course depends on your definition of "larger", some
> > people seem to think otherwise:
> >
> > http://www.usenix.org/events/lisa04/tech/blosser.html
>
> Not having a Usenix login, I cannot comment on the full paper, but to
The full paper seems to be there under HTML (despite the 'before November
2005' comment - whoops).
> The use of a single wordlist is appropriate for limited circumstances.
> Even in a corporate environment like I manage, there is a very wide
> definition of what constitutes spam, and a configuration such as
> described above wouldn't work here. It would work even less in an ISP
> environment, with widely varied userbase.
Oh I don't know - we could probably easily filter our clients spam with a
single word list - real pharmacists don't obfusicate drug names very often.
But it would obviously lose skill, and if tuned right let more spam through.
But that wouldn't stop it being a very effective spam filter. But I think the
spamassassin aproach of weighing several inputs statistically is better here
anyway - over reliance of content will always lead to false positives.
I'm interested how much Spam Assassin maintenance was complained about. I use
to do some with SA 2, but with SA3 with network tests switched on, it seems
to just work pretty much. Although the damn thing has started autolearning as
ham one type of spam (argh) in the last week.
However delegating this to users may create it's own form of maintenance :(
I wouldn't have thought that different database backends dbm versus Postgres
would affect scalability (other than the NFS issue). As presumably if each
user has a unique list we need to read the relevant words for each message
from whichever database. I could see the NFS thing being a practical issue,
but I dare say there are ways. Certainly we had a busy webserver with several
GDBM writes happening on a web server for every hit, and my predecessors
hadn't noticed it was opening the databases every time instead of holding
them open between requests.
More information about the dovecot
mailing list