Do any of you out there run spamassassin on a mail relay or pop/imap server to add the X-Spam headers to all mail that passes through your gateway?
Yep, border MX servers which accept all mail for all domains we host, scan all the mail, then pass it along the line to the recipient servers. Mail either gets tagged, or not, and continues on its way, no modification on the border machines.
If you do, how do you let individual users (who don't have accounts on your relay) tweak their user_prefs file to whitelist things that are not spam or otherwise tweek the rules?
Users can request a whitelisted address, we put it in the site-wide lists. There have been very few requests thanks to our scoring setup. We have a higher scoring point (based on "live" testing prior to actual implementation) for spam, and tag it all and let it through. We don't delete any mail at the gateway, that gets handled on down the line by the endpoint servers.
Do any of you who use spamassassin at the server level (as opposed to the user level) use it to reject spam (versus just marking it up)?
All spam detected by SA first gets tagged by the border servers with the Subject: markup, as well as the X-Spam headers. Then, depending on the destination server, multiple things happen.
For our mass hosting machines, all spam-tagged mail gets detected by Postfix header checks, and gets redirected to a set of e-mail addresses on our border servers for bayes training via nightly script. Based upon feedback from our customers, this was the most effective way for dealing with the spam. People were willing to deal with some possible FP's, as long as we killed most of the spam. This is where our beta testing phase came in handy, so we could tweak the setup and scores, and it's been working like a charm since.
For our dedicated servers, the customer chooses the method of spam filtering. Either they do the same redirect as above, they have us manage it via procmail rules, or they manage it internally with local mail client filters. They also have the option to save mail into spam folders, and we routinely grab those folders, and send them over to the border servers as well for training.
I had this idea that something could add a url to the bottom of the message that would let the user click on it and white/black list the user back on the server. Maybe something like this exists already? I must say that in my own experience, I could not blindly reject mail with Spamassassin because it has too many false positives with my mail.
It all depends on your userbase, their tolerance levels, and the amount of training your filters get. For us, our setup works darn near perfectly, and with the flexibility we have with how we handle the flow of mail, pretty much everyone is satisfied.
Michael Grant
-Gary
