My current spam solution combines using Google as a filter and then sending to Spamassassin. I have Spamassassin set to a threshold of four (4), and I wondered when I implemented this solution recently how much would get through Google but get caught by Spamassassin.

Well, over the last week I’ve caught thirty (30) spam messages with SA — and that requires that they make it through Google to even be seen by that filter. So that’s 30 out of approximately 1,400. Google’s doing a great job, in other words, but I like having the second filter anyway.

This is a pretty cool concept; you make up an address, like $foo@mailinator.com, and you use that address to sign up for temporary accounts or services that require an email (since giving your real one is problematic).

You then go to mailinator.com and get what you needed, and the information gets scrubbed every few hours. Neat.

The Mailinator

I cleaned out my Gmail spam folder yesterday. As I type this I have 275 messages in there already. Damn. And I’ve received like…15 legitimate emails in that same amount of time (not counting mailing lists).

Yeah, I think we’re losing this battle. I’m thinking of checking out a service like MXLogic.

Bastards.

These people are going through Gmail and Spamassasin filters like they aren’t there. I guarantee you they’re all stupid rich, too. Here’s my quick-fix via .mailfilter thanks to them always putting that text in the From: field: # Wonderful Spam if ( /^From:.*Wonderful.Buys.com/ ) { to "Maildir/.Junk" }

I’ll know tomorrow if I got the syntax right…

For anyone who dislikes complex mail configurations on their Linux mail server, I have a solution other than amavis* for filtering your email.

As with most things *nix, there are many ways to go about this; my way uses Maildrop and my .mailfilter file in my home directory. The punchline is that incoming mail to my account gets:

1. Scanned by Google (Gmail)
2. Scanned by Spamassassin
3. Run through ClamAV
4. Processed by my filtering rules

…and the beauty of it is that, using Debian, this only takes like 5 minutes to setup. And yes, that includes the installation and configuration of Postfix and Courier-Imap. Essentially, all you need is a single apt-get command and some basic configuration of Postfix and Courier-Imap.

apt-get install postfix courier-imap maildrop spamassassin clamav

That’s it for the packages. From there just set up mail as you normally would. Also, don’t forget to add your clamav user:

groupadd clamav useradd -g clamav -s /bin/false clamav

From there just fire up your editor and edit/create your .mailfilter to include the following content: ---------------------------------------------------

# Run all mail through ClamAV if (/usr/bin/clamscan --no-summary --stdout - | grep -c 'FOUND' == 1) { VSCANNER=/usr/bin/clamscan -V VIRUSID=/usr/bin/clamscan --no-summary --stdout - | grep FOUND | cut -d" " -f2 xfilter "reformail -A 'X-Virus-Checker: $VSCANNER'" xfilter "reformail -A 'X-Virus-Infected: Yes'" xfilter "reformail -A 'X-Virus-Identification: $VIRUSID'" to "Maildir/.Infected"; } else { xfilter "reformail -A 'X-Virus-Checker: $VSCANNER'" xfilter "reformail -A 'X-Virus-Infected: No'" } # Run all mail through Spamassassin xfilter "/usr/bin/spamc -u $user"

if ( /^X-Spam-Flag: YES/ ) { to “Maildir/.Junk” }

---------------------------------------------------

So the cool thing about this setup for me is that it doesn’t require you to hack up your /etc/postfix/main.cf file or anything. You keep Postfix processing pretty much as normal (with the exception of the mailbox_command = /usr/bin/maildrop addition).

Once you hand delivered mail off to Maildrop, your .mailfilter file handles the rest. Spam, Viruses, and standard filtering based on content. The bits I added above will add headers to virus infected emails saying the version of clamscan you’re running, what the message was infected with, etc. Cool stuff.

Now, I’m sure there are plenty of advantages to using amavis — large environments, more complex configurations, etc. But for me, with just a few users and the need to sanitize and process mail, using this method is most excellent. For me, simplicity is golden.

Anyway, that’s pretty much it. If you have any questions feel free to drop me an email.:

A couple of days ago I had a cool idea: since Google seems to be so good at filtering spam for their Gmail offering, why not make use of that functionality for my own personal mail?

The way I see it, spammers have full access to Spamassassin, which makes it almost trivial for a dedicated person to be able to bypass it. Furthermore, since major rule releases come out so infrequently, their work bypassing it has a good lifespan on it.

The Google Difference

The difference with Gmail spam filtering (vs. Spamassassin) is that there is likely a team of engineers working on nothing but spam filtering for Google. They probably use a number of free products stacked in layers, in addition to some highly proprietary code. And best of all, this defense is likely to be quite a bit more nimble than the Spamassassin project — meaning that they can see something innovative that’s getting through the filters and make a change immediately to counter.

So Gmail spam filtering clearly has its advantages. I decided to leverage that against the constant flow of trash that makes it through Spamassassin, starting yesterday. The cool thing about this is that I’m not just “using” Gmail as a spam filtering service. I also use it as the web interface for my main account. Here’s how I set it all up:

—

Gmail Forwarding

The solution hinges on the ability to forward mail from a Gmail account to another address. All of us can do this; it’s under the POP and Forwarding section of your Gmail settings.

1. Create an alias on your mailserver for your primary email address. So for me, this would be for the daniel account. Point that alias to a Gmail address that you are going to capture spam with. This is also the account that you are going to use for webmail. Don’t forget to run newaliases to get the alias to take effect.
2. Create a new user account on your mailserver. Name it something like spam_account, or whatever. This is where your Gmail is going to send all of your (now filtered) mail.
3. Copy your Maildir folder (or whatever format you use) from your main account to the newly created account. This is the actual account your IMAP and/or POP client is going to be pulling mail out of from this point on. Delete the old mail folder if you are into being neat.
4. Go into your Gmail account and forward all mail to your newly created email address So if you used the previous example, you’d be forwarding all email to spam_account @yourdomain.com.

There, now the linking is complete. The way this will break down is like so: mail will come into your main address (you@yourdomain), get aliased to $you@gmail.com, get filtered by Gmail, get forwarded (clean) to your alternate account on your mailserver, and then get picked up via your IMAP or POP client.

Remember, you are not logging into your main account anymore with your mail clients; you’re logging into the alternate “mail/spam” account.

Conclusion

So that’s pretty much it. You now have a fully functioning mail system that benefits from Google’s uber spam filtering prowess. If you’re feeling froggy, however, you should then run all the mail that hits that alternate account through your own Spamassassin implementation. That’s what I do, and it does occassionally catch a few wiley characters that make it through Gmail’s filtering.

If you have any comments or questions, feel free to comment below or contact me directly.:

Here’s a very simple way to see if you’re system is a spam relay:

telnet relay-test.mail-abuse.org

Press enter and watch it go. Do be warned, though; if it turns out that you are a relay, it’ll be noted in the database.

Well, it’s 2006 now and I decided it’d be a good time to go from the RC of WordPress 2.0 to the final release. It went smoothly and I’m up on the new software now.

I also took the opportunity to change my anti-spam solution from Authimage to Askimet. We’ll see how that goes. If it doesn’t work I’ll just add Authimage back, but I think commenters will enjoy the lack of the extra steps when leaving comments — not to mention the elimination of the possibility of having your whole post nuked when you mess up the Authimage verification.

Anyway, let me know if you see any hickups. Oh, and happy new year. :)

The new (beta) version of WordPress has a couple of really cool plugins that are almost worth the upgrade just by themselves.

The first is Askimet Antispam — it uses a WordPress API interface to determine what is and is not spam, and it integrates nicely with the WordPress layout. You can see how many spam attempts have been blocked right from the dashboard, as well as under the manage menu.

The second godlike plugin is also under the manage menu; it’s a backup plugin. As expected, it backs up your entire database (with a cool progress bar, btw) to a .sql file that you pull down to your local system.

On the negative side, the beta actually seems a bit slower than 1.x, and as mentioned in a previous post I still don’t get all the post editing options in Safari.

Overall, though, I’m happy with where the package is going. The upgrade was simple and worked as expected the first time. With any luck they’ll make some improvements to the speed and Safari compatibility, and at that point we’ll be golden.

It’s pretty sad when you have to resort to these types of measures:

UPDATE wp_posts SET ping_status="closed";

So no more pingbacks for me. Bastards.