My mail server does not run Plan 9, so my own setup would require some implementation work, as I mentioned before.
> how do you maintain content-based filtering without > spending time on it on a regular basis? I typically see one or two spams a day that make it through, and I save those into a mailbox named "spam" that a cron job uses to retrain the filter (Spam Assassin). I also see a lot of spam going to bogus addresses at swtch.com (they are valid at swtch.com.au), and I feed those in as spam samples. I don't know how much that actually helps. > at work we have a barracuda box which seems to > be completely content based. it's false positive > rate is significant. so you actually need to skim > up to a hundred questionable messages per week. > > i find that skimming through lists like this is very > error prone. I don't have a false positive mailbox to skim. I run Mail Avenger, which lets me run shell scripts during the SMTP session to decide whether to let it continue. (It was the inspiration for validateaddress and validatesender.) In addition to checking the sender and the recipient, I can run a program over the body before accepting the mail, so that's where I run Spam Assassin. If SA thinks the mail is spam, SMTP rejects it rather than saving it or deciding to reject it later and having to send a bounce. That means my mail server doesn't contribute to someone else's backscatter problems, and if someone does send something that looks like spam, they get immediate feedback about it not going through, rather than hoping I will see it in a spam box. The reject response in SMTP explains that the mail looks like spam and gives a magic word to put in the subject if it is not spam. I've been using this setup for a few years now. I have had exactly one real message that was falsely rejected that I remember, and it was a big chain forward that arguably was spam, although it was a real person sending it. I have also had two legitimate commercial emails (receipts) rejected as spam, but I knew they were on the way so I looked for them. (I do spool the rejected messages to a file, both for my own peace of mind and to handle cases like these.) It's not perfect, but it is far better than having to watch a spam folder. Russ
