Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Linux Business

Critical Eye on SpamAssassin 324

ErrorBase writes "In this Infoworld article, Logan G. Harbaugh makes a great deal about an ancient (2.44) version of SpamAssassin comparing it with newer comercial variants. Quote : You get what you pay for. [...] However, it took more than 10 times as long to install and configure SpamAssassin as it did any of the other products. " Why did he not ask Kevin Railsback who had the whole thing working some while ago?)"
This discussion has been archived. No new comments can be posted.

Critical Eye on SpamAssassin

Comments Filter:
  • SpamAssassin (Score:5, Interesting)

    by hookedup ( 630460 ) on Tuesday November 25, 2003 @08:57AM (#7557331)
    All my incomming mail comes through SpamAssassin (cant remember which version off the top of my head), and once in a blue moon a single piece of spam will manage to find it's way through. When it does, I guess i should just applaud the spammer for being so devious.

    TrollAssasin would be nice, imagine seeing posts subjects as *****TROLL***** heh
    • by Cygnus78 ( 628037 ) on Tuesday November 25, 2003 @09:06AM (#7557428)
      Why not create SlashAssassin ? All incoming mail gets moderated.. Let's see ... aah a +5 Interesting. What about this one. Oh a mail from dad.. moderated Offtopic! How typically. Ah one from my brother.. Flamebait.. !
      • Re:SpamAssassin (Score:3, Informative)

        by Brummund ( 447393 )
        That is called scoring. Gnus and other good email/news clients have this. Very useful for reading high-volume lists and avoiding USENET kooks.
    • Doable I think. First you have to use SA's bayesian learning detector, and pass through 'sa-learn' few hundreds troll comments.
      Then write a small filter for squid, which will break all comments into single posts, filter them through SA and reassemble output.

      Nice weekend-hacking project.
    • by Anonymous Coward
      What? open source software having crappy and hard to find documentation?

      Memo to self: if I ever spend 3 months creating free software to share, take 2 hours to write a web page showing somebody how it freaking works!

    • by TamMan2000 ( 578899 ) on Tuesday November 25, 2003 @09:37AM (#7557708) Journal
      All my mail comes through spamassassin as well, but I am not having nearly the success you are...

      I get about 60-70% of my spam correctly tagged, and about .2-.5% false positive. Don't get me wrong, I am WAY happier now that before spamassassin, but if I could be getting better performace, that would be great...
      • by Dr. Evil ( 3501 ) on Tuesday November 25, 2003 @09:53AM (#7557901)

        The problem is that you're making the same mistake I am.

        (No, I can't expand upon that)

      • by Pasc ( 59 )
        Are you running the newest version? 2.60 is much improved over previous versions.

        If you are running 2.60, have you trained and enabled the bayesian filters? By default you need to feed SpamAssassin about 300 spam and 300 ham (non-spam) messages for it to learn the difference. It will auto-train itself over time but it only auot-learns on messages that are very obviously (to it) spam or ham.

        If you normally only get email from a select list of people then you may want to lower your threshold. For people
      • Here's how I catch false positives. But basically you should just learn to live with either false positives or spam. Take your pick.

        I turned subject rewriting on:
        rewrite_subject 1

        Then I set the subject tag to include the hit number:
        # Text to prepend to subject if rewrite_subject is used
        subject_tag *****SPAM****:*_HITS_*

        then in your email client you can sort your JUNK messages based on subject. This will put the tagged spam messages with the fewest hits at the top. That way you can eas
    • Re:SpamAssassin (Score:2, Insightful)

      by endx7 ( 706884 )

      TrollAssasin would be nice, imagine seeing posts subjects as *****TROLL***** heh

      Seriously, wasn't that one of the ideas behind moderation?

  • by ACK!! ( 10229 ) on Tuesday November 25, 2003 @08:59AM (#7557357) Journal
    Seems like this guy did not verbalize it but that was his problem. If you know what you are doing hacking a conf file from vi is easier than a gui for sure. However, his low performance and configuration woes would have probably been handled with a easy to use graphical interface.

    Aren't there tools that do this?
  • by Taranis-BSD ( 699090 ) on Tuesday November 25, 2003 @09:00AM (#7557363) Homepage
    This was just a setup to make commercial software look better or just a incompetent reviewer. Next.
    • Ding, we have a winner...

      This is a kin to when Ballmer was quoted comparing Redhat 6 vs. Longhorn or XP or whatever.

      This guy's just following the first rule of "marketbenching"

      "When in doubt, squew results in favor of the company that's paying you the most..."
    • by I am Kobayashi ( 707740 ) on Tuesday November 25, 2003 @09:19AM (#7557547)
      Agree. I was going to post as an answer to the question:
      "Why did he not ask Kevin Railsback who had the whole thing working some while ago?)"
      Because Freeware doesn't pay for advertisements in his publication....
      It is always nice to see a lack of journalistic integrity in reviewers...
    • This was just a setup to make commercial software look better or just a incompetent reviewer. Next.

      Spamassassin didn't seem that hard to install. I just typed "apt-get install spamassassin" and just piped my mail through it with a procmail recipe:

      :0fw
      | spamassassin -P

      :0:
      * ^X-Spam-Status: Yes
      spam

      Seemed simple and straight forward. Granted, if you're doing it on an entire machine basis you'd just use spamd/spamc and setup a filter on the mail server itself. For one user though I'm not sure ho

      • A problem we had here at Netmar was that spam assassin, in conjunction with mime-defang, really slams the system. We have several clients who run listserv-type email lists (for various reasons, all verified non-spam, most for like non-profit orgs), and when you send a 500k listserv digest email to 2,000 people, in the default spam assassin config, it would spawn a perl process for each attempted email. So, for about 3 minutes, our mail server would be swamped (load creeping up over 10ish), even though it'
      • by jlv ( 5619 )
        And you better change that sime, straightforward procmail recipe to use ":0fw:" on the first line. That trailing ":" is important if you are not running spamd, as it makes procmail use a lock file and only run 1 instance of SpamAssassin at a time. Otherwise, if you get 30 messages, you'll get 30 instances of SpamAssassin, which is 30 instances of Perl, etc. Large load spike.
    • by aug24 ( 38229 ) on Tuesday November 25, 2003 @09:52AM (#7557892) Homepage
      Bollocks, the reviewer said in the damn article why he used it. It's cos that's what comes with RH9. I've just checked on the RH web site, and 9 is their current release.

      So if you want to whinge at anyone, whinge at RH. At least this shows that reviewers now think they should include FOSS in their reviews.

      Justin.

      • Clearly you did not check well enough, RedHat 9 is now very old by distro standards and is now replaced by their commercial line of products or Fedora.
        • by aug24 ( 38229 ) on Tuesday November 25, 2003 @10:42AM (#7558372) Homepage
          very old by distro standards

          That is the oldest canard (read: excuse) in the FOSS zealot's book. And I say that as a regular proscelitiser myself.

          How old is Red Hat 9? It was the current release till earlier this year, when they launched Fedora. So, he used a version that is a few months old. Whoop-de-fuck. 'Very old' my arse.

          J.

          • by JonnyCalcutta ( 524825 ) on Tuesday November 25, 2003 @11:13AM (#7558686)
            But he didn't upgrade it. Would it be acceptable if he tested an anti-virus product he got with the PC he bought last year and he didn't update the virus defs? Or perhaps he should have used the release version of Brightmail from the time of the Windows XP launch?
            Anybody using an old version of anti-virus or anti-spam software gets what they deserve (or get's the review their advertisers want). I use spamassassin and clamav with mimedefang on my corporate gateway and you have to upgrade spamassassin regularly or more and more spam starts slipping through - this is the nature of anti-spam and I'm sure is just as true of brightmail and the others.
  • by JohnGrahamCumming ( 684871 ) * <slashdot.jgc@org> on Tuesday November 25, 2003 @09:01AM (#7557376) Homepage Journal
    "We compare a collection of recent operating systems: Windows XP Professional, Mac OS X Panther, Debian GNU/Linux 0.91".

    Seriously, InfoWorld, SpamAssassin 2.44 was released in February, all the other vendors you compared were constantly updating their products to cope with the ever changing nature of spam.

    John.
  • Logan You Better Run (Score:5, Informative)

    by Anonymous Coward on Tuesday November 25, 2003 @09:01AM (#7557378)
    Great - compare generation or more older open source to fresh shrinkwrap. Who's zooming (or shilling) for who.

    My ISP (souther NH) runs SpamAssassin 2.6 - and I can tell you that at the default settings it catches 90-95% with .01% (yes Bucko, less than 1/1000) false positives. When they implemented it several versions ago it was just as good.

    I've got one client where the run NO filter - some folks (the names GOTTA be on the web site) get up to 100 spams a day. IT are basically monkeys with hands. I have no idea what the CEO thinks. They wouldn't even think OS as they're a total MS shop.
    • by shis-ka-bob ( 595298 ) on Tuesday November 25, 2003 @09:57AM (#7557938)
      From the home page of Spam Assassin:
      Razor: Vipul's Razor is a collaborative spam-tracking database, which works by taking a signature of spam messages. Since spam typically operates by sending an identical message to hundreds of people, Razor short-circuits this by allowing the first person to receive a spam to add it to the database -- at which point everyone else will automatically block it.

      From the review:
      All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves. Brightmail allows users to forward misidentified e-mails to the administrator, who can choose to add the sender to the whitelist. SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users.

      Who is missing something here? Me or the reviewer? It looks like Razor does exactly what he wants to do and claims that SpamAssassin doesn' t do. It seems to me you are right ... selectively comparing old OS with newer commercial software so that he can make claims that are factually correct about SpamAssassin 2.44 but completely missleading about the current version.

      • by mrex ( 25183 )
        This "journalist" is a grade-A moron as has been demonstrated sufficiently already in this thread. The one new thing I have to add to this conversation is that, contrary to the following statement:

        SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users.

        SpamAssassin (anything remotely resembling a current version) supports per-user whitelists and other preferences. It takes a little more skill to set up, but frankly the end result is way better than anything yo
    • IT are basically monkeys with hands.

      Monkey's don't have hands!?!?

  • by reaper20 ( 23396 ) on Tuesday November 25, 2003 @09:01AM (#7557379) Homepage
    I don't understand why he's so critical of a free product. I upgraded to 2.60 and it's running near flawless, and since the program is so simple, you just upgrade it, no need to change configuration options if you don't need to, you just call it from procmail.

    Yeah all those GUI options look nice, but 90% of the time, why do I need to change my spamblocking settings? The Bayesian filter autoadjusts itself with little or no user intervention -- it's near transparent.

    • you need to change them because the easy install solutions suck(and have default installs that somebody can try to get around and test untill it goes through).

    • > I don't understand why he's so critical of a free product.

      Why is there this attitude that if your project is free, then it does not matter if it is garbage. Furthermore, you are not allowed to say it is garbage, because, after all, you don't look a gift horse in the mouth. Perhaps that is why Linux is still not on the desktop. There are plenty of people who spend days configuring theirs and then post "it works for me" comments, while the rest of us silently wonder why anyone would want to spend so muc
    • Exactly, I had SA integrated into exim with custom rules and what not, but it would break on upgrading the debian package, happened twice, needed to tweak exim.

      Then I found out about the beauty of procmail once I looked into filtering all spam to it's own folder without email client filters. So now, I have different emails filtered to specific folders before it ever hits my inbox. Oh and I had to disable the bayesian filter, it was catching way to many not spam emails. Stuff that didn't have any keyword
  • Works for me (Score:5, Informative)

    by perlionex ( 703104 ) <joseph&ganfamily,com> on Tuesday November 25, 2003 @09:01AM (#7557382)
    I run a mail server at home on a Linux box, with Postfix and Spamassassin 2.60. I have it configured to label mail as spam once it hits 8 points, and to automatically chuck it into /dev/null once it hits 12 (using Postfix's header_checks).

    It works pretty well for me -- the mail server's only for my personal use so I don't really have to worry about irate subscribers sueing me for dropping them legit mail =p and the 8-12 point range in the spam marking gives me a chance to vet through those suspicious mails briefly before deleting them.

    I've never tried any other spam filters on the server-side, so I can't really compare. I guess I'm also a bit of a Linux hacker so I don't mind tweaking all those config files along the lines of the FAQ and other hints on forums to get it to work the way I want it to.
  • by Newt-dog ( 528340 ) <newt-dog@phant o m c o w .com> on Tuesday November 25, 2003 @09:03AM (#7557394) Homepage
    I use Eudora and I *tried* to set up a complex system of "filter words". I even it up so that all of the spam would go into a "spam filter" folder. Lotta good that did me . . . Now all of my spam goes directly into my In box, and the good email goes into the spam folder.

    Come to think of it, it seems to work out just fine.

    Newt-dog

  • Sales sales sales (Score:3, Insightful)

    by Anonymous Coward on Tuesday November 25, 2003 @09:03AM (#7557398)
    This is likely funded by un-named virus vendors who has integrated SapmAssassin into their appliaces. Away on a vacation, I came back to find our people unaware SpamAssassin was open source. The vendor quietly forgot to mention that.

    In the end, any company is going to have to put people and tools together to get a spam solutution, or outsource it. But DIY needs people time.

    Don't pay vendors for SpamAssassin, it runs quite nicely on left over PCs reloaded with Linux.
  • by damian ( 2473 ) on Tuesday November 25, 2003 @09:04AM (#7557408) Homepage
    He sent a long open letter to SAtalk. You can find it in the mailing list archive [sourceforge.net]

    • by Joseph Vigneau ( 514 ) on Tuesday November 25, 2003 @09:29AM (#7557635)
      Wow. Considering he probably got a lot of nasty emails from the zealot crowd, this is a well reasoned response. He laid out his review criteria, and how SA can be improved to fare better against its commercial competitors. Well done, and a good challenge for the committers of SA.
    • by CaptainZapp ( 182233 ) * on Tuesday November 25, 2003 @10:07AM (#7558046) Homepage
      The same is true of support - while you may get faster or better support through this group than you get with commercial software, there's no guarantee that you'll get any support at all - and most organizations will find that hard to live with.

      This is very true, of course. But has the guy considerered that this is 1:1 the case with commercial software too?

      Even support providers for enterprise level software (i.e database vendors, which may charge hundreds of thousands of $, depending on the installation and support level) will never guarantee that they provide you with a solution.

      Of course their sales reps have the flashier presentations though, which is a part of what you pay for.

    • Regarding some of the other comments that have been made, some of you have said that SA is not hard to install, taking no more than an hour or two to download, install, configure and begin using. That is consistent with the 10 times longer number I used, because the other installation and configuration times were all around 5-10 minutes.

      You have also said that I should have taken into account the fact that it doesn't cost anything before making statements about it being harder to install, configure and

  • no wonder... (Score:5, Insightful)

    by theonlyholle ( 720311 ) on Tuesday November 25, 2003 @09:05AM (#7557419) Homepage
    well, on the first page the author already makes it pretty obvious why SpamAssassin had to come out at the bottom of the list. He is comparing version 2.44, which was included in RH9 and is thus at least 8 months old, to the latest antispam software that is regularly updated. How on earth is that an unbiased comparison? In a world where spam patters change every week, if not every day, 8 months is a generation... he even says so in his article. I'd be interested to see the results of a similar test, but with SpamAssassin 2.60 and of course with bayesian filtering and some of the other optional features enabled...
  • Because (Score:5, Interesting)

    by FreeLinux ( 555387 ) on Tuesday November 25, 2003 @09:05AM (#7557425)
    Why did he not ask Kevin Railsback who had the whole thing working some while ago?)"

    He expected to get the results that he normally gets with most commercial software. Click Setup.exe, answer a question or two and it's done, up and running. Further configuration is not required though it may be desired.

    The commercial vendors of Spamassassin have not improved the core product in any way. What they have improved is the packaging, the installation, the default configuration and the interface to modify that configuration. The stock SpamAssassin does not offer that although, Spamassassin setup is far more simple than some other packages out there.
  • by lpontiac ( 173839 ) on Tuesday November 25, 2003 @09:07AM (#7557443)
    Kevin Railsback is Test Center operations manager at InfoWorld.

    versus

    IT consultant Logan Harbaugh is the author of two books on networking.

    The first found Spamassassin easy, the second found it hard. Hmmm.

    What really aggravates me is the typical "There are blacklists available that you can subscribe to, and some are updated regularly, but these are noncommercial lists with no guarantees." I'd like to see what guarantees the commercial lists come with.

    • What really aggravates me is the typical "There are blacklists available that you can subscribe to, and some are updated regularly, but these are noncommercial lists with no guarantees." I'd like to see what guarantees the commercial lists come with.

      Apparantly this IT consultant and author of two networking books hasn't read a single EULA.

    • I'd like to see what guarantees the commercial lists come with.

      The guarantee that if they don't do an acceptable job, they won't make any money, and thus have a strong incentive to please their users?

    • "The SpamCop Email System will filter up to 90% of spam sent to your employees."

      Thats "up to" not "at least" so I guess not much of a guarantee, but then again, they only charge $30 a year.

  • by abulafia ( 7826 ) on Tuesday November 25, 2003 @09:09AM (#7557458)
    In true form for throwaway articles like this, products are compared poorly:

    Each product was tested with a different stream of mail, so the number of messages received varied, but all received enough messages to assess their capabilities.

    Can you imagine someone writing "Oracle, Sybase and Postgres were compared. While the data and workloads were different, all products performed enough work to assess thier capabilities."

    All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves.

    I don't know anything about Brightmail. Spamassassin end user whitelists entries can be set up in a number of ways.

    And all the products but SpamAssassin use dynamic updates to keep up with the evolving technologies spammers use to circumvent less sophisticated filters.

    As aluded to in the summary, this is false with modern versions of Spamassassin, which uses Baysian filtering. (The author later says he couldn't get it working.

    However, it took more than 10 times as long to install and configure SpamAssassin as it did any of the other products. [...] But just because the software is installed does not mean it will work -- filtering criteria must be added manually, and until that's done nothing is filtered out. Getting the various configuration files edited properly so that the whole package worked was not simple. Documentation was difficult to find, and not always easy to follow.

    While it is true that one must be comfortable with a text editor to configure Spamassassin, thus perhaps putting it out of reach of point-and-click admins and technical journalists, I also wouldn't be prone to put my mail servers in the hands of either of those groups of people.

    It looks for keywords in the subject or body of e-mails, but is frustrated by words not in the dictionary, such as "V!agra," or words that contain invisible HTML characters.

    While I am not sure what tests appeared in which version, I'm pretty sure 2.44 handled off-by-one works such as V!agra. I have no idea what he's talking about when he says "invisible HTML characters", but it does seem to point to a certain technical incompetence, similar to the ostritch belief - "If I can't see you, then you can't see me."

    This is not to say Spamassassin is the easiest thing in the world to deal with. I happen to love it, because of the extreme flexibility.

    I just get sick of tech journos who decide that because a tool doesn't have a gui and they don't want to take the time to configure it, it sucks.

    • by dboyles ( 65512 ) on Tuesday November 25, 2003 @09:28AM (#7557630) Homepage
      Can you imagine someone writing "Oracle, Sybase and Postgres were compared. While the data and workloads were different, all products performed enough work to assess thier capabilities."

      A very large sample of mail would negate almost all of the differences caused by using a different set of mail, but I get the feeling that each of these servers ran for about a day and the results were gleaned from that.

      I don't know anything about Brightmail. Spamassassin end user whitelists entries can be set up in a number of ways.

      ...and it ain't that hard.

      As aluded to in the summary, this is false with modern versions of Spamassassin, which uses Baysian filtering. (The author later says he couldn't get it working.)

      Maybe I'm missing something or taking things that I consider basic for granted, but Bayesian filtering with SA is about as straightforward as it gets, except that instead of clicking a few buttons, you run one short command.

      While it is true that one must be comfortable with a text editor to configure Spamassassin, thus perhaps putting it out of reach of point-and-click admins and technical journalists, I also wouldn't be prone to put my mail servers in the hands of either of those groups of people.

      I think we've all known these types, and unfortunately they're more widespread than we'd like to think. Many simple solutions such as SA are ruled out because the admin doesn't have the skill to implement them. Note to any managers reading this: hire people with a solid background in the field, not those who list single-platform applications on their resume as "skills." Software changes, but a good administrator has the ability to adapt.
    • I have no idea what he's talking about when he says "invisible HTML characters", but it does seem to point to a certain technical incompetence, similar to the ostritch belief - "If I can't see you, then you can't see me."

      If you look at the source of most HTML spam, you'll see things like:

      v<!-- the -->i<!-- brown -->a<!-- cow -->g<!-- is -->r<!-- dead -->a

      The <!-- --> parts are HTML comments and thus won't be displayed to the user, but they can mess up some spam filt
  • sixty-two percent? (Score:5, Interesting)

    by dboyles ( 65512 ) on Tuesday November 25, 2003 @09:11AM (#7557477) Homepage
    [SpamAssassin] filtered only 62 percent of spam, whereas the other products produced great results, blocking 90 percent to 96 percent of all the spam they encountered with few, if any, legitimate messages blocked.

    To me, this statement is pretty telling. Harbaugh must get some completely different kinds of spam than me, because, even though I receive about 60 spam mails a day (directed to my "spam" folder, so I never see them until I scan the "From:" field and then delete them), maybe one per week makes it through the filter. And seeing as how I can't even remember the last time I got a false positive, that's a pretty damn good number.

    I can believe that if you receive a variety of mail and if you took no time to configure SpamAssassin other than cranking it up, maybe then it'll only catch 80% of the spam. But 62%? I'm not sure if Harbaugh is skewing the benchmarks or if he just doesn't know what he's doing.

    There are some legitimate issues with SpamAssassin that might not make it ready for the enterprise, but for a handful of users, I have been more than satisfied. And the price is right.
    • by wizkid ( 13692 )

      Look at where the article is from!!

      Infoworld.com Do you think there going to put their advertisers products down? I could tell after the first three paragraphs that the article was a sales brochure.
    • by Tom ( 822 )
      The version he's using might make the difference.

      I was using 2.20 until recently. After updating to 2.60, the level of spam still coming through the filter dropped right off. It's about 1 msg. per day now, used to be at least 5 times that.
  • by ryanvm ( 247662 ) on Tuesday November 25, 2003 @09:12AM (#7557490)
    You think 2.44 is ancient? Feh - Debian 'stable' is still stuck with 2.20.
  • by ericspinder ( 146776 ) on Tuesday November 25, 2003 @09:15AM (#7557505) Journal
    In my testing, the performance of the newer products was more than acceptable in every case. Per-user, per-year pricing should not be an obstacle, even for the most expensive product.

    Sounds to me like Infoworld has an advertising contract with (at least) one of these companies. At the very least he should have checked the site for an update before he started his "tests". For a while there, I got every one of those "IT industry" hype mags (always free). While there was some good information here and there, you had to wade through a lot of advertising pretending to be articles.

    I love SpamAssassin and would not consider email hosting without it. It has made my email account useable again ! For the record, it seems to catch about 80-90% of my spam, and I have never seen a 'false positive' (I do check my 'spam' folder, but less and less)

  • i have been using spamassassin for a year and it works great! granted, in the beginnings about 18% of the spam (in my case 18% of about 30 emails per day) would get trough. BUT if you read the manpage and tweak with the different scores a bit, you can get that down to 1 - 2% with about the same amount of false positives. as an admin, you should be able to tweak any spam filter to match your needs best.

    what i can highly recommend is to increase the score of MICROSOFT_EXECUTABLE as it generally is a piece
  • -1, Troll (Score:5, Funny)

    by Tom ( 822 ) on Tuesday November 25, 2003 @09:18AM (#7557536) Homepage Journal
    Can we moderate the article at -1 Troll, please?

    It's just a bit too obvious that he was hoping for a severe slashdotting, driving his own numbers ("look, editor, how many people read my articles!") and the ad numbers of his paper up.

    Probably submitted the story himself, too. :)
  • by greppling ( 601175 ) on Tuesday November 25, 2003 @09:18AM (#7557540)
    I am sure he was as disappointed as me that the installation didn't follow the ./configure && make && make install standard procedure, and that it defaulted to /usr instead of /usr/local as installation directory.

    Seriously:

    • The Spamassassin installation documentation could be better written IMHO.
    • Why doesn't RedHat's update service offer constand updates to the current version of SpamAssassin?
    • Why doesn't it (as mentioned in another post) have the most important configuratoin setups included in their overall configuration GUI?
    I really wish distributions would support SA better.
  • then he can just get Spamassasin Pro but hey what do I know?

    Rus
  • First thing, the user has to be at least as smart as the tool they are wielding. No, actually just smart enough to follow directions and go beyond clicking on "help" to get help. Just another case of wannabe administrator arrogance: "If the tool doesn't configure itself or have cool looking icons, it must suck."
  • by The Subliminal Kid ( 647767 ) on Tuesday November 25, 2003 @09:22AM (#7557577)

    The bias apparent in this article and the crappy comparison chart aside this review doesn't even begin to touch base as a throughly researched opinion ion piece and ends up look like an advert for Brightmail.

    However we do in the OS community face a UI problem. The missing rung on the ladder to mass acceptance is the absence of high quality UI that give users and indeed administrators of the point and drool variety a interface with the service they are seeking to use.

    Before the Highly polished phpmyadmin I met serious resistance from admins for MySQL over msSQL based mostly on interface. The same goes for CUPS which has a web interface that I think has come of age if not achieve adult hood. The Webmin's are OK as long as you don't tinker to much or do anything slightly non-standard. I dislike Swat and am now so used to editing smb.conf I haven't even checked it;s working. I think that a lot of these services, apache, Spamassassin and X11 for example, could bare providing embedded configuration UI's if they aim to capture wider markets. Mandrakes X11 confugulator is very good.

    I was going to mention the difficulty presented for admins with widely deployed Outlook when looking at these kind of solutions but then I though no only have sympathy where it is due. An I know that SpamAssassin could work seamlessly with Outlook but if users want a front end for white-listing then SpamAssassin isn't going to be your toy just yet.

    Though we love the text based config file you may have to put a lot of working into configuration UI's if you want to enter the area as far as that reviewer and many sysadmins are concerned.

    • The same goes for CUPS which has a web interface that I think has come of age if not achieve adult hood.

      For simple configurations (getting a printer set up assuming the drivers are already in place), CUPS is great and easy to use. Once you want to do more complicated things like authentication or SSL - which is what really makes IPP and CUPS shine - you're back to hacking text files and restarting the server.
  • Not Really (Score:4, Insightful)

    by tookish ( 126829 ) <tookeesh@yahoo.cLAPLACEom minus math_god> on Tuesday November 25, 2003 @09:27AM (#7557620) Homepage
    So his complaints are:
    1. SpamAssassin is hard to install
    2. it isn't very effective
    3. nothing is filtered until you manually set up your own filters
    4. it's hard to configure and poorly documented
    5. non-commercial blacklists come with no guarantees
    6. end users can't add to the whitelist
    7. Bayesian filtering isn't included by default, and he couldn't make it work anyway
    8. it doesn't catch words like Viagra and invisible HTML characters

    I knew nothing about filtering spam until I installed SpamAssassin 2.6 in a multi-user environment last week. Here are my responses:

    1. it took less than half an hour to install (from CPAN) and start
    2. effectiveness out of the box was about 95%, with no false positives -- after a few minor tweaks, I'm at about 98% with no false positives
    3. simply not true -- it runs right out of the box
    4. maybe it's hard to configure if you're used to a GUI -- if you're not afraid of editing a text file, it's very easy to set up; and there's no shortage of documentation at spamassassin.org [spamassassin.org] and elsewhere
    5. do commercial blacklists come with guarantees? I don't know
    6. with a very little bit of scripting, you could allow users to add to the whitelist
    7. I haven't tried the Bayesian filtering because it's apparently not well suited to a multi-user environment
    8. simply not true -- it flags this stuff out of the box

    I wouldn't recommend that my grandmother install SpamAssassin, but if you have any admin skills whatsoever, it's quite easy to use it to set up effective and useful filters. Furthermore, there are enough factual errors in the article that I'm tempted to dismiss it outright.

    Of course, it's possible that it got a lot better between 2.44 and 2.6, but that begs the question, why did he install 2.44?

  • Am I the only one who notices that Microsoft are lanuching their own anti-spam solution, and suddenly we get "honest-and-unbiased" reporting on solutions like SpamAssassin?

    Who is kidding who here?

  • by lone_marauder ( 642787 ) on Tuesday November 25, 2003 @09:29AM (#7557639)
    I can install Spamassassin and six other applications via CPAN in the time it takes to get the syntax right for one license key.

    I also like the characterization of Spamassassin as "first generation" without any supporting evidence to the fact. First generation was adding spam senders to your e-mail client's blocklist. Bayesian filtering is well beyond first generation, but spammers have learned to defeat Bayesian filtering with poison data in non-eyeball space and text obfuscation. The next generation in spam detection is to detect the Bayesian evasion features - and guess what does that!? Spamassassin (2.60).
  • by cyways ( 225137 ) on Tuesday November 25, 2003 @09:30AM (#7557652)

    I've found the easiest way to implement SpamAssassin is to invoke it through MailScanner [mailscanner.info]. MailScanner uses third-party virus scanners and can optionally invoke SpamAssassin as well. With the free ClamAV [elektrapro.com] antivirus product, you can build a powerful open source mail scanner. Even without a virus scanner, MailScanner detects and quarantines executable attachments and other dangerous content which represent the most common types of mail-borne viruses and worms.

    RedHat installs the daemonized version of SA as well as the SA Perl scripts. Using the daemon, the easiest implementation is to invoke SA in /etc/procmailrc on the mail delivery host; for mail gateways running sendmail, you need to use the milter interface. I've found the MailScanner+SpamAssassin approach much easier to configure than either of these methods, and you get virus scanning to boot!

    I suspect if the reviewer had compared SA 2.60+ to the commercial products, rather than the older 2.44 version used in the review, SA would have shown better results.

    I'd agree with the reviewer that one of the things SA lacks is an easy method for users to interact directly with the program. (Part of the issue has to do with security; SA runs as root. As I read the review, I wondered how the other products allow users to interact directly with the scanners without sacrificing security.) It's not easy to maintain per-user Bayesian filtering, for instance, but I generally recommend having the mail client, e.g., Mozilla [mozilla.org], handle these tasks.

  • by Perl-Pusher ( 555592 ) on Tuesday November 25, 2003 @09:31AM (#7557656)
    I was using version 2.44, I was able to compile and upgrade spamassassin before the number of posted replies hit 60! Can't be too hard!
  • Old, and on the list (Score:3, Informative)

    by satyap ( 670137 ) on Tuesday November 25, 2003 @09:36AM (#7557701)
    Not only is this somewhat old news, it's been discussed on the spamassassin mailing list. Apparently, the article was edited so that it's more anti-spamassassin than the reviewer intended, but Mr. Harbaugh also defends his review of an older version of spamassassin as "it came with my Redhat 9" (NOT a direct a quote). He also claims it took nearly an hour to install and set up. (I counter that it took seconds to install and minutes to set up).

    The current version of spamassassin is 2.60.
  • by sillypixie ( 696077 ) on Tuesday November 25, 2003 @09:37AM (#7557714) Journal
    I have SA 2.6 running as a plugin to the SunONE Messaging Server (v5.2), in BAREBONES mode (ie no RBL, no Bayesian, nothing but perl regex) and it filtered 591 spam from my bosses mailbox alone on the first weekend. 12 or 13 managed to sneak through.

    Since then, I've downloaded a bunch of rules from The SA Custom Rule Emporium [merchantsoverseas.com] and almost nothing gets through.

    If this guy had trouble, it is the fault of the documentation, not the product. Either that, or he was dumb enough not to upgrade to perl 5.8 or above, and spent forever installing modules.

    He says:
    SpamAssassin is the perfect example of first-generation techniques becoming outmoded by advances in spamming technology

    Funny how when you install an old version of the product, it seems outmoded, hmmm?

    Sheesh.

    Pixie
  • I run a commercial service hosting customers and my customers have gone positively APESHIT over S.A.. Just an opposing viewpoint.
  • by Zebra_X ( 13249 ) on Tuesday November 25, 2003 @09:41AM (#7557756)
    While his review was perhaps not scientifically conducted. I think there was a point to be made with the SpamAssasin blurb.

    Notice that he deliberately took a standard install from RedHat 9, something some IT person (Not a tr00 g33k) might buy at CompUSA. He then tried to install the provided product. Clearly, a tr00 g33k would go and download the latest release, but keep in mind that not everyone is so comfortable with being on the bleeding edge - I believe that this was a point he tried to make. There is also the perception that the release provided with a "product" such as RedHat 9 will be up to the same standards as the OS.

    While it's true the latest version has default rules and whatnot - it's quite likely that his older, more out of date version does not. In fact, going briefly to the spamassin home page the links for the 2.5 and 2.4 release documentation are broken.

    The point to be made was: OSS needs to be more buttoned up. Notice that he said that he had no trouble installing redhat 9. That's becuase the installer is rather good.
  • by TheSpoom ( 715771 ) * <slashdot@uberm00. n e t> on Tuesday November 25, 2003 @09:41AM (#7557758) Homepage Journal
    Here's a nice example of a commercial guarantee. See if you can determine where it's from:

    11. LIMITED WARRANTY FOR PRODUCT ACQUIRED IN THE US AND CANADA.

    Microsoft warrants that the Product will perform substantially in accordance with the accompanying materials for a period of ninety days from the date of receipt.

    ...

    YOUR EXCLUSIVE REMEDY. Microsoft's and its suppliers' entire liability and your exclusive remedy shall be, at Microsoft's option from time to time exercised subject to applicable law, (a) return of the price paid (if any) for the Product, or (b) repair or replacement of the uct, that does not meet this Limited Warranty and that is returned to Microsoft with a copy of your receipt.


    Note that a) no updates or fixes are guaranteed, b) your only remedy is media replacement or a refund, and c) this choice of remedy is up to Microsoft.

    I love it when people claim that you're taking a huge risk with open source software without guarantees. Microsoft says their software will work, but isn't saying that if their software doesn't work, they have to fix it.
  • Is there a lighter-weight alternative that is just as effective?

    I run a personal mail server (Debian on a P-75 w/ 32MB) which most of the time is just fine. If for some reason I stop Yahoo forwarding my messages and then catch up later with fetchmail, I have to stop spamd. If I don't then I have hit the power button as SpamAssassin will consume all memory and CPU and then some. Even if I hit Ctrl+Alt+Del, it will still be thrashing 6 hours later. It's kind of annoying... so any recommendations for alte
  • by dan_bethe ( 134253 ) <slashdotNO@SPAMsmuckola.org> on Tuesday November 25, 2003 @10:03AM (#7557995)
    TrollAssasin would be nice, imagine seeing posts subjects as *****TROLL***** heh

    I know you're just joking, but to be serious for a minute, the reason not to do that is because you'd be transparently altering someone else's copyrighted property. Overzealous and/or overworked sysadmins misconfigure SA to globally analyze all incoming content and then to alter email subjects based on its opinion. This is an invasion of content, certainly prone to false positives because antispam scanning is an individually trained process, and breaks the trail of reply threads at least on a visual basis. There are always going to be tons of misconfigured or RFC ignorant smtp servers out there, and being compatible with them is what makes the Internet work. That would include corporate servers, legitimate opt-in bulk mail, and opt-in mailing lists run by Some Dude. There will be people on a mailing list whose personal content is always publicly marked by certain recipients as spam! It's confusing, insulting, and unnecessary. SMTP has invisible meta-tags in its headers to allow for that, and agents are supposed to respect them.

    This is fine for using SA's global config as your personal config for your own little systems, but not for an ISP or business.

    According to spamassassin.org:

    We strongly urge ISPs installing the product to notify their users when it's installed, and to not enable it by default -- but many seem to ignore this advice. We agree, that's totally unprofessional. :(
  • Arsehole (Score:2, Interesting)

    Does he by any chance love outlook rules as well?

    Spam assasin is on my server and is absolutely brilliant.. it catches 99.9% of all my spam, and has only on 5-10 occasions in the past month (i get about 50-60 emails a day) counted 'innocent' mail as spam... and even those were newsletters....

    Anyone who slates SpamAssasin is one very deluded person... its Open Source, constantly improved... open to editing by it's users, rules can be added.... marvellous.

    Commercial variants ive seen have been painfully ba
  • by gvc ( 167165 ) on Tuesday November 25, 2003 @10:33AM (#7558289)
    The Bayes filter in SA 2.6 works very well but unfortunately is not well-suited to site-wide learning.

    -- casual readers may skip the following details

    In an attempt to mitigate this, SA makes an unfortunate mistake in its unsupervised learning algorithm - it uses a different set of rules for training than it uses for marking mail as spam or not. So you can easily have email marked as spam but have the system trained as non-spam (or vice versa). This introduces systematic bias into the learning so that spam detection can get worse in the long run. As a further attempt to mitigate this problem, the learner uses a higher spam threshold, so many spams that are correctly marked do not contribute to the learning process. There is no way to set the SA configuration parameters to eliminate these biases (setting the learn threshold does *not* do it).

    --- end of gory details

    It is not too difficult to set up SA for personalized learning. Just pipe your mail to the following command:

    spamassassin -e

    If the return code is 0 (non-spam) also pipe the mail to

    sa-learn --ham --single

    If the return code is 1 (spam) pipe to

    sa-learn --spam --single

    If you do this you are guaranteed that the statistics recorded in your personal bayes db correspond exactly to the judgements made by SA.

    In addition to this you must correct SA when it makes a mistake, by piping the message to sa-learn again with the right flag. You may be able to set up a macro in your mail reader to do this.

    This isn't as easy to set up as it should be, but it is *very* effective.

    In the last year I've received 20,000 non-spam and over 100,000 spam messages & viruses (30,000 if you eliminated the "Cumulative Update" messages, which SA caught just fine.) About 100 spams have gotten through (a couple a week) and about 10 false positives have occurred. All of the false positives have been 'weird' - advertising, automatic responses, or web pages that were forwarded to me. As far as I know (and I do check periodically) I've had no false positives in the last 50,000 spams.

    My preliminary analysis indicates that personalized learning reduces both false negatives and false positives by a factor of ten. I'll report more systematic analysis in due course.
  • by jqh1 ( 212455 ) on Tuesday November 25, 2003 @10:42AM (#7558367) Homepage
    Larry Seltzer did a similar job with a review of disposable email address services in
    PC Magazine [pcmag.com].

    Spamgourmet [spamgourmet.com] (open source and free to use) was lined up against several commercial offerings, and was rated the lowest. It was clear from the review that he didn't spend much time learning about how spamgourmet works -- he wound up faulting it for perceived problems that were addressed by features that he ignored in the review.

    Not to be cynical, but if I were a tech reviewer, I might be afraid of lawsuits resulting from my reviews -- open source projects have no revenue, and therefore can't prove up any damages in court. This might make me more likely to choose the open source alternative to get the shaft. Hopefully that's not what's going on here, but you've got to wonder...

  • by macdaddy ( 38372 ) on Tuesday November 25, 2003 @01:53PM (#7560517) Homepage Journal
    This guy's article was a joke. Not only did he use an ancient version (in the spam world) of SpamAssassin but he either flat out lied in his article or was too lazy to seek out the truth. Hard to configure? Can't find docs? Doesn't support A B C D or E? If this guy had spent 5 minutes of his precious time doing to research on SA he wouldn't have made these flagrant lies. I don't get these people. I really don't. I CCd the Editor-in-Chief at InfoWorld, Mr. Steve Fox, as well.

    Mr. Harbaugh,

    This letter is in response to your InfoWorld article titled "Commercial solutions win, spam loses." In that article you portray all commercial spam solutions as winners and you portray the only open-source spam solution you reviewed as a dismal failure. I must say that as a professional in the anti-spam field I'm am truly disappointed by your incomplete and inaccurate assessment.

    You start the article off quite well. Your introduction regarding two of the possible types of spam filtering is in terms that the average reader can understand. The introduction is also technically accurate, although it doesn't mention the other ways to filter spam.

    You quickly take an opportunity to kick dirt on SpamAssassin by claiming it filters a fraction of the amount of spam all the commercial solutions filter. You hint at something during that statement when you said that SpamAssassin's "age showed in my tests," yet you fail to actually make it apparent to the user what the real truth is. I must ask, why did you choose to compare such an ancient version of SpamAssassin to the current versions of the four commercial products? Version 2.44 is over 9 months old. Spam filtering techniques are constantly evolving to filter a continually changing target. Comparing a 9.5 month old copy of SpamAssassin to the current version of BrightMail is like comparing a 1990 Chevy Silverado to a brand-new 2004 model. As an author and professional in the IT industry writing a column for InfoWorld, one of your goals is accuracy and fairness in reporting, is it not?

    You make numerous false statements regarding SpamAssassin in your article:

    1) "All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves... SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users."

    This is simply not true. SpamAssassin allows its users to add whitelist or blacklist entries to the personal preferences. It also allows its users to control the scoring for each individual ruleset with SpamAssassin's arsenal. Even the ancient version of SpamAssassin you chose to use had that simple feature. SpamAssassin also has the ability to automatically whitelist senders.

    2) "Delegation of specific administrative functions is possible with all the products except SpamAssassin..."

    This too is not true. As I said in response to number 1, SpamAssassin allows its users to control the scoring for each individual ruleset. This gives them the ability to disable certain rules, lessen the scores of others, and increase the scores of rules they wish had more weight. For example a user could disable the MAPS RBL DNS blacklist checks, whitelist joe@mydomain.tld, blacklist annoying-spammer@spamdomain.biz, and increase the score of the rule ALL_CAP_PORN to 2. The users can also create their own rulesets. SpamAssassin gives its users a high level of control over their spam filtering.

    3) "Finally, in addition to stopping spam, all four commercial products provide content-filtering features, allowing the administrator to block incoming or outgoing e-mail that contains proprietary data, audio or video files, executables, sexually explicit words, or racial slurs. They also provide protection against DoS attacks and directory harvesting attacks."

    This one baffled me at first. I'm honestly not sure why you want to compare features that have nothing to do with filtering spam. Filtering racial slurs from an email is
    • I received a reply from the author, Logan Harbaugh, a little while ago. It would seem that I'm not the only person that stood up in support of SA. Apparently there was a reason he used an ancient version of SA. It would seem that the reason was supposed to be in the article but that the editing staff stripped it out prior to being published. Here is Mr. Harbaugh's reply:

      Date: Tue, 25 Nov 2003 11:40:33 -0800

      From: Logan Harbaugh
      Subject: RE: In regards to your article titled "Commercial solutions win,

The cost of feathers has risen, even down is up!

Working...