Stephane wrote:
That's the best approach, as SpamAssassin does occasionally false report a good email as spam.Hello again, Amongst the answers to my previous post ("has a large company implemented SA") there was a very good idea on success stories with SA... It is true that most of the people on the net who would say they were happy with SA and that it worked well for them are using it for their private use, or run a server which does mailboxes storage as well (POP3/IMAP I would imagine). However I couldn't find any description of a successful implementation with a similar setup than ours -- I would guess at least a few other companies must follow the same model.Our infrastructure would look like: Internet-->[SA]-->[Mailsweeper]-->[SMTP/Lotus Notes gateway]-->Lotus Notes Mail reader on Client PC Each bracketed text is a separate server, so SA would be a dedicated relay, with no local mailboxes, just a passthrough. The goal for us is to tag emails (X-Spam-Flag) in a first step and let the Notes client put tagged msgs into a separate folder (only saves time, bandwidth and storage are still used).
Read above ;)In a second step we would like to quarantine all detected spam at the SA server level (thus saving also bandwidth and storage).
It is a pretty reliable protocol, and no reason why it shouldn't be with SpamAssassin or any other open source software. Remember much of the mail server software in use these days is based on open source. It's about how the administrator manages it. Testing, knowledge, and proper usage.I received many replies to my previous post from people who work in companies having implemented SA, but none of them do the blocking at the gateway level, they give the choice to the users. With our infrastructure, we cannot do that, as the SA server will not know anything about the mailboxes, it would just be a relay, no local /var/spool/mail directory, no local /home/xxx directory for the users ! I think most companies are afraid of implementing opensource software as a component for an important service such as email. I think that generally even though people know email has not been designed to be a 100% reliable protocol they still make business with it.
SpamAssassin is actually pretty quick with bug fixes, since the source is open, anyone can technically patch the bug, including the admin themself. Since it's tested as the builds mature, by the time it reaches release, most of the code has been tested for months. I have been testing 2.50 with pop3proxy for weeks already. Bugs that were in existance are gone.First of all, please let me highlight that the following thoughts are not my personal views but difficult barriers to face when you try to get opensource into a large manufacturing company (not an ISP, not a software company) like ours. The major fears are: - opensource software is often made by hobbyists and these people do not have the structure to provide software support/bugfixes, or quick response to a big problem incurring financial losses (no emails go through for example!)
All software has bugs. With open source, at least you can see the code, see the work as it progresses, and contribute yourself to ensure it's minimal. You can also see exactly what the developers know regarding bugs, and make a decision. Check bugzilla.
As with any software, mantainance upgrades tend to be real easy, while feature releases tend to be a bit more complex. And have the potential for new bugs. That's with anything. Windows 2000 was a monumental upgrade, and had lots of issues for admins. SP 1 was fairly simple to install, and improved service. expect the same.- are upgrades straightfoward and not causing problems to the existing running system, are they well tested.
NAI! This has been discussed in detail. It happened. But despite it all. Seems work continues as before.- what if the SA project is abandoned, what if the source is bought by a commercial vendor, in other words, what if SA as it exists today disappears ? With opensource you cannot have a contractual engagement to provide support or updates, nor can you really know the roadmap for a product and what is planned for future development
Not of much help here. I've implemented on my laptop, that's about it.Blocking spam-tagged emails at the gateway level as we intend to do requires a good trust in the chosen spam filter product !! And here is my point, this trust comes when you can point at other and say: they use it, they are happy with it, and all problems they encountered, they could fix them with the help of xxxx and if they get any more problems they can rely on xxxx to fix them quickly. I am desperate to get SA implemented (I just love it!!) but we wouldn't like to reinvent the wheel if someone else did a similar implementation
I appreciate this is a very long email (apologies), if this post has got nothing to do with this mailing list, I am more than happy to carry the discussion off it with anyone who feels they are in the same position as me, as my company. Best Regards, Stephane ------------------------------------------------------- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
smime.p7s
Description: S/MIME Cryptographic Signature
