Gene Heskett wrote:
On Monday 19 October 2009, Ted Mittelstaedt wrote:
amadis wrote:
I usually think of myself as pretty capable with a computer but
Spamassassin and it's website have made me think twice. I took me 20
minutes just to figure out where this forum was. I feel like Apache is
trying to weed out dunderheads like me from using their product. I swear
I cannot understand 80% of what is written on the how to install page.
I've spent three hours now trying to install this program and cannot
imagine that this was written for anyone but a computer programmer. I've
searched the internet for help elsewhere and every conversation sounds
like a foreign language. How is this user-friendly? I'd really like to
support OpenSource but I swear if someone doesn't show me a SIMPLE way to
work this, I'm dumping SA and Thunderbird and going back to Outlook.
Are you running a mail server? SpamAssassin is a tool intended to be
used by people who build mailservers that are used at ISPs and
companies. It's not intended to be used by end-users for a single
mailbox - although if you had the right kind of account at an ISP
you could do that - most people would not.
I wonder where that got started? I have experience with 5 ISP's over the
years, and currently have accounts with two majors plus the tv station where
I was the CE for almost 20 years, now retired. I have never been refused
access via a pop3 fetcher such as fetchmail by any of them as long as my
scripts had the passwd and crypt protocols set correctly. I pop all 3 of
them every 90 seconds on a dsl circuit. Fetchmail hands it off to procmail,
procmail then /dev/nulls the known spammers, then hands it of to SA, and
anything coming back with more than 4 stars again gets sent to /dev/null. It
hands the rest to kmail, which sorts it into folders and hands it to me. As
near total hands off once configured as it can be.
Since your not the recipient mailserver, (your upstream server is) and
I presume that your upstream is NOT running SA or doing any filtering
(otherwise you are effectively wearing 2 condoms, on on top of the
other, and wasting a lot of CPU on your system scanning mail that has
been scanned already) you are effectively telling the spammers that they
have a valid e-mail box and encouraging more spam.
If you have control of the destination IP address the spammers are
sending spam to, (the upstream) you can configure your MTA to issue an
error 550 then disconnect when a source IP address on an Internet
blacklist attempts to pass you mail. Not only does that save your
bandwidth but if the spammer is relaying spams through an open
mailserver, that will cause the compromised sending mailserver to bounce
the relayed spam to it's administrator's mailbox (assuming that it's
properly configured) which might ring the clue phone of the
administrator managing the compromised mailserver, or if that doesn't
work possibly consume all free disk space on the compromised server,
thus causing it to crash and cease being a nuisance to the rest of
us on the Internet.
SA is useful dealing with the spams that make it past the blacklist,
or spams coming from the few servers out there which are legitimate
mail senders but are also blacklisted since they send spams as
well - and so you have to put them in an exception list and allow them
to send their mixed ham and spam to you.
But whenever practical you want to not even receive those spams in
the first place. Why devote CPU time to scanning them when you already
know the sending IP is a spam source?
I would submit that the innate fear of a text editor to be used to configure
this stuff is a much larger reason a lot of people use a webmailer at their
ISP.
I would submit that your goofy structuring of your mailstream is
causing you to receive thousands of spams which your SA install is
then deleting, generating reports of how effective it is, and making
you feel like your winning the war against the spammers. ;-)
The question then is how do we convince them its ok to set options in a text
file instead of a web page controlled by the ISP, where you have to click
past 3 web spams per message before you can actually see the message?
The question is how do we educate all would-be SA users in best
anti-spam practices, and how to get the most mileage out of SA?
Ted
