Re: [fetchmail-devel] [Bug #15103] Fetchmail Fails with ASSP (http://assp.sourceforge.net/)

[Matthias A. <mat...@gm...>]

Frederic Marchal schrieb:

[in response to BerliOS Bug #15103]

> I solved this issue by running ASSP in test mode (check option "Bayesian 
> Test Mode") and prefixing the subject with something like [SPAM] (in 
> option "Prepend Spam Subject"). It means ASSP won't stop mails seen as 
> bayesian spam but will tag the subject. The mails can then be filtered 
> out automatically by the final recipient.

This, and my being bogofilter's co-maintainer (bogofilter also does
Bayesian filtering), prompted me to have a glimpse at ASSP, and I must say
that the promises it makes are way too bold. ASSP's self-advertising as the
best tool aside, the assertion that Bayes filter were to intelligently
decide is just crap. Bayes filters are making statistical decisions based
on past training. "Maintenance free" doesn't work for them.

> Since you are downloading your mails with fetchmail, you can't simply 
> reject them because it is too late to do that. The purpose in rejecting 
> them is to leave the bad mails on the hand of the one that accepted them 
> in the first place. But in your case, you already have accepted them and 
> you have to deal with them...

True enough. I had, before reading your message, already closed the bug
report as invalid as ASSP violates the SMTP protocol. You've just handed me
another good reason not to change fetchmail, because the whole setup is
just twisted.

Beyond that, the assertion of the original were that ASSP were inefficient
(the wording was like 'resource use goes through the roof' or similar) if
it were to look at the whole message -- and that's a particular drawback or
implementation issue of ASSP that fetchmail certainly isn't meant to fix,
and I'm definitely not meaning to.

> If your server is also accepting external mails through direct 
> connections via port 25 and you want ASSP to reject those mails, then 
> you have to open some kind of backdoor on your mail server to let 
> fetchmail inject the mails it is reading. Be sure to properly firewall 
> that port to prevent anybody but fetchmail to inject mails.

Well, while a firewall certainly isn't a bad idea, it's not required
either. Most SMTP servers can be made to listen on particular addresses,
which for most of them is equivalent to binding them to particular
interfaces. Binding the SMTP server to interfaces that are only locally
accessible, such as the loopback interface or its address 127.0.0.1, is
sufficient to prevent access from the outside. It's doable with Postfix and
Exim. I don't know about Sendmail or Courier. It's also possible with qmail
running off tcpsvd or tcpserver, but I'd recommend against using qmail for
the delayed-bounce behaviour and dozens of other reasons beyond this
discussion.

> By the way, I don't advise to let ASSP delete or reject blindly bayesian 
> spams because, as you noticed, it doesn't take the whole mail into 
> account and, in general, it does a poor job at filtering spams. It tends 
> to have a high rate of false positives and you will loose good e-mails 
> if you don't keep an eye on what it does.

But then it seems to me that if you're using fetchmail or getmail, that
integrating bogofilter, spamprobe or qsf in the mail system is more
efficient than ASSP if it's prone to high resource use.

At least bogofilter and SpamProbe are much faster than SpamAssassin's bayes
mode. :-)

HTH

-- 
Matthias Andree