nemesis's Journal

Spamassassin feeds OCD

Friday 21st September, 2007

As a system administrator who runs their own mailserver, you tend to receive more spam than your average Joe. When you run an RFC compliant mailserver, you are required to have a couple of addresses that will always be valid; such as 'postmaster@domain.com' and 'abuse@domain.com'. Having these widely-publicised addresses makes you a prime candidate for spam, because spammers don't even need to figure out whether the address actually exists.

About three months ago, I installed SpamAssassin. Last week, Rob did too. We both found similar results. While SA flags about 75% of your spam correctly, there's 25% of it that's not flagged as spam.

Faced with this situation, the obvious course of action is to write your own rules to flag the spam not being caught, and thus, increasing the effectiveness of SA. Ergo, the downward spiral begins.

At first, you make some big wins. The first few rules you write bring you up to maybe 80% effectiveness. But every additional percentage point becomes increasingly harder to attain. At around 90%, and a 100-line custom rules file, I began to realise that this was becoming unhealthy.

A lesson to those who run their own mailservers:
Don't install SA. Sure, you might think it's a good idea at the time; but you won't be able to resist the temptation to write your own rules.

0 Responses

Leave a comment

Sign in to leave a comment!

Don't have a login yet? Get one now!