I have #SpamAssassin on my email inbox and somehow I STILL get a ton of spam. Email sucks!

I’m thinking that the one thing specialized coding #LLMs might actually be useful for is maintenance/bugfix work, especially for long-running FOSS projects. E.g. #SpamAssassin is almost old enough to buy beer. The initial core dev group has all moved on. A few heart attacks in sedentary middle-aged sysadmins could cripple the project. It is very hard to attract new devs to a mature project. Trained specialized LLMs could be repositories of "institutional memory."

Stemming from a (not very constructive) discussion I had this morning about SPAM in the #fediverse, I started looking at an integration for #GoActivityPub projects with #SpamAssassin.

I realized we need a portmanteau for #activitypub filter similar to the existing milter (mail filter). :D Any thoughts?

@rowens …and for those using #FreeBSD there also is a ready to run #bsdpot (i.e. #jail) #container / #potluck image with a complete preconfigured mail server consisting of #postfix, #dovecot, #openldap client, #spamassassin at https://potluck.honeyguide.net/blog/mailhub-potluck/ to try out…

#SpamAssassin funktioniert auf meinem Server inzwischen sehr zuverlässig. Das liegt wohl auch an den Filterregeln von Heinlein (Mailbox.org), die ich regelmäßig importiere.

JUST RELEASED!
#MIMEDefang 3.4.1, the mature #milter that lets you integrate #SpamAssassin, #ClamAV, and other filtering tools with #Sendmail, #Postfix, or any other milter-capable #MTA and to enact any #email policy or practice that you can express in #Perl.

https://mimedefang.org

I deal with this in #spam detection and control all the time. Naive Bayesian classification can be useful. It can also be wrong. If you feed too much of your mail into a Bayesian filter, the accuracy drops. We’ve implemented 2 auto-learn approaches in #SpamAssassin: learn the extreme cases based on the static rule scores OR learn the error cases where the static and Bayes judgments differ. There is no agreement on which is better. We know from experience that if you do both at once, it’s bad.

Got an email that scored 13.5 on #SpamAssassin. New record, I think.

Fittingly, it was offering to sell a huge list of email addresses.

When will ISPs start blocking outgoing mail with bogus headers? May not fix everything, but it would fix a lot, right?

Or is there an issue or aspect I'm missing?

#email, #DieSpamDie

This just enhances my respect for how projects under the #TheASF vet contributors and their contributions. I can’t imagine anyone getting LLM-generated code into #SpamAssassin, unless by an existing committer gone crazy. Even in that case, I expect we’d have the code dissected and the committer flayed before it saw anything like a release. https://wandering.shop/@emmah/110080135828321243

Do you use #ASF #SpamAssassin?
Do you want to contribute to the fight against #spam?
Do you handle a lot of mail?

The ASF SpamAssassin project re-scores and validates our hundreds of rules every day, based on the manual verification of SA-checked ham and spam corpora by contributors who share their results with us. And we are running low on that help.

Please see https://cwiki.apache.org/confluence/display/SPAMASSASSIN/NightlyMassCheck for details of how you could help. If you can provide data, reach out.
#Infosec
#ThreatIntel
#FOSS

@stickfog https://mailinabox.email/ is supposedly good; I haven't tried it myself. Putting #Linux on a low-end VPS and setting up for example #Dovecot (for #IMAP #POP3) plus #Postfix or #Exim (#SMTP) with #SpamAssassin (spam filtering) and a #LetsEncrypt cert isn't particularly hard. Adding #SPF #DKIM #DMARC for reliable outgoing mail isn't really difficult either per se, but takes a little more care. I recommend using a VPS host with full virtualization (not e.g. OpenVZ containers) and snapshots.

I keep training #SpamAssassin about what is #spam or #scam, and what is not ('ham' in the anti-spam jargon), but I have to admit that spammers are way better and stubborn than me.

No matter what I do they keep coming through... 🙄

Any ideas about how to improve at this?

If you think about running your own #Mailserver with #ClamAV and #Spamassassin integration, save yourself endless hours of trouble with #Dovecot and #Postfix - just deploy the #CitadelGroupware #Docker container and run one of the most reliable, easy-to-install Mail-, XMPP and Groupware servers in a nutshell!

P.S.: yes, this application has its roots in the legendary #CitadelUX #BBS server of the 1980s and 1990s and since then has evolved into a web-based Mailserver / Groupware system.

https://www.citadel.org/docker.html

The best feature of #SpamAssassin is the user #community, which because it is an #ASF project, means the users mailing list and secondarily the dev list.

With the exception of one hostile psychopath who likes to read the list via public archives and berate newbies off-list for not knowing everything, it is almost entirely collegial and helpful. Users who are chronically toxic to each other in other places are civil on our list.

And when I'm wrong there, no one beats me up.

#Spam #FOSS

@gabriel

Generally speaking, yes.

Here's s great 1 minute script to install #Postfix, #Dovecot, #OpenDKM, #SpamAssassin, etc., Complete with copypasta keys, Etc., And use the MXToolbox .com tools to check your MX RRs, #SPF, #rDNS, and you should be fine sending even to that shithole gmail:

https://github.com/LukeSmithxyz/emailwiz

It's a pretty awesome install. Waaay better than all that bloated moocow stuff.

I hope that helps!

#tallship #FOSS

⛵

.

Yes, you SHOULD run a purely recursing non-forwarding DNS caching resolver on the same machine or physical LAN as your MTA and/or spam filter and use no other resolver for mail ops. DNSBL usage is only the first reason.

#spamassassin #DNS #email #infosec #spam

Je pensais que le projet Spamassassin n'avançait plus vraiment et bien je me suis trompé ! Nouvelle version majeure ! #email #spamassassin
https://www.spamresource.com/2022/12/spamassassin-v400-released.html

@tehabe Schön das noch weiter entwickelt wird. Dachte schon es wäre gestorben. Habe #spamassassin vor etwa sieben Jahren durch #rspamd ersetz und kann jeden nur empfehlen es sich mal anzuschauen.

Oh, I see. Our email server is querying Spamhaus' DNSBL via the ISP's recursive resolvers.

I think I have fixed it by redirecting #SpamAssassin to the local BIND instance via "dns_server 127.0.0.1".

Thank you for your help!

@grumpybozo @bekopharm

The real problem is that I'm still using a #SpamAssassin from the past!
@grumpybozo @bekopharm