From amedee at amedee.be  Fri Sep 26 01:47:02 2008
From: amedee at amedee.be (Amedee Van Gasse)
Date: Fri, 26 Sep 2008 01:47:02 +0200 (CEST)
Subject: [spambayes-dev] milter implementation of spambayes
Message-ID: <4277.81.11.192.161.1222386422.squirrel@intrepid.warp.be>

Hello,

Today I was reading about various antispam techniques, and I came across a
reference to milter. Milter is a mail filter that runs at SMTP time,
that's when the sending mailserver still has an open connection to the
receiving mailserver, and the receiver has not yet acknowledged reception
of the email.

I'm wondering if it is possble to create a milter implementation of
spambayes. Currently I'm so confident about spambayes that I move all spam
with a score of 1.00 to /dev/null (with procmail). With a milter-based
spambayes, I could reject the spam when I still have the spamming server
on the line. Don't ask me why, but I have always thought that rejecting at
SMTP is better than silently discarding email, which is still better than
bouncing.

I found a python implementation of milter with an empty base class as an
example: http://code.google.com/p/ppymilter
My problem is: I have zero experience with python so I really don't know
where to start.

My questions to the list:
* Good idea or bad idea? And why?
* If it's a good idea, could it be done by a humble python n00b like
myself? I'm not afraid to get my hands dirty but it's not my intention to
write the book on Mastering Python either.
* Who can help me by sometimes throwing a cluebat in my general direction,
when I get lost?

-- 
Amedee


From skip at pobox.com  Fri Sep 26 03:20:01 2008
From: skip at pobox.com (skip at pobox.com)
Date: Thu, 25 Sep 2008 20:20:01 -0500
Subject: [spambayes-dev] [Spambayes] milter implementation of spambayes
In-Reply-To: <4277.81.11.192.161.1222386422.squirrel@intrepid.warp.be>
References: <4277.81.11.192.161.1222386422.squirrel@intrepid.warp.be>
Message-ID: <18652.14529.884493.28253@montanaro-dyndns-org.local>


    Amedee> I'm wondering if it is possble to create a milter implementation
    Amedee> of spambayes.

I'm sure you can.  I never understood milter though and haven't used
sendmail in several years.  I wouldn't know where to begin.  Then again, the
first google hit for "python milter" is

    http://bmsi.com/python/milter.html

Skip

From Carole.A.Cifrino at maine.gov  Fri Sep 26 21:26:54 2008
From: Carole.A.Cifrino at maine.gov (Cifrino, Carole A)
Date: Fri, 26 Sep 2008 15:26:54 -0400
Subject: [spambayes-dev] new question for FAQs - please send me the answer!
	Thanks.
Message-ID: <6A73A5DE6596754DB4575B71972AA4600378016C@SOM-TEAQASMAIL2.som.w2k.state.me.us>

I mistakenly hit "delete as spam" without knowing which e-mail was
currently highlighted in Outlook?  How do I find that file and recover
it?

 

Carole A. Cifrino, Environmental Specialist IV

Division of Solid Waste Management

Maine Department of Environmental Protection

207-287-7720

carole.a.cifrino at maine.gov

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/spambayes-dev/attachments/20080926/5335210b/attachment.htm>

From popiel at wolfskeep.com  Fri Sep 26 22:51:04 2008
From: popiel at wolfskeep.com (T. Alexander Popiel)
Date: Fri, 26 Sep 2008 13:51:04 -0700
Subject: [spambayes-dev] milter implementation of spambayes
In-Reply-To: <4277.81.11.192.161.1222386422.squirrel@intrepid.warp.be> 
References: <4277.81.11.192.161.1222386422.squirrel@intrepid.warp.be>
Message-ID: <20080926205104.6ABF62DDAC@cashew.wolfskeep.com>

In message:  <4277.81.11.192.161.1222386422.squirrel at intrepid.warp.be>
             "Amedee Van Gasse" <amedee at amedee.be> writes:
>
>I'm wondering if it is possble to create a milter implementation of
>spambayes.

It's possible, but not particularly useful.  Sure, you could tell a
well-behaved sender that you're rejecting the message, but spammers
are not well-behaved senders.  In typical spammer setups, immediately
after the entire message body has been sent, the sender closes the
connection without waiting for a response.  Spambayes needs the entire
message body for scoring, so by the time a spambayes score is available,
the spammer no longer cares, and has moved on.

At most, you'd be informing well-intentioned senders of false-positives
that their messages were rejected... and they could at that point try
to resend through alternate means.  However, in my experience, the
senders who would benefit from such are the same senders who tend to
resend anyway, when they don't get the expected reply to the message.

Where things like milter really help is when you can reject simply
based on some combination or subset of sender IP, sender's claimed
from address, and recipient address.  If you can form a decision just
based on those three things, then you can reject before the body is
sent (while the spammers are still listening).  In lieu of rejection,
you can also do fun things like tarpitting the connection, giving them
a transient failure (ala greylisting), or similar manipulations.

Unfortunately, I don't know any of the actual mechanics of milter,
so I wouldn't be a good source of implementation cluebats.

- Alex

From amedee at amedee.be  Sat Sep 27 12:01:54 2008
From: amedee at amedee.be (Amedee Van Gasse)
Date: Sat, 27 Sep 2008 12:01:54 +0200
Subject: [spambayes-dev] milter implementation of spambayes
In-Reply-To: <20080926205104.6ABF62DDAC@cashew.wolfskeep.com>
References: <4277.81.11.192.161.1222386422.squirrel@intrepid.warp.be>
	<20080926205104.6ABF62DDAC@cashew.wolfskeep.com>
Message-ID: <48DE0492.7000204@amedee.be>

T. Alexander Popiel schreef:
> In message:  <4277.81.11.192.161.1222386422.squirrel at intrepid.warp.be>
>              "Amedee Van Gasse" <amedee at amedee.be> writes:
>> I'm wondering if it is possble to create a milter implementation of
>> spambayes.
> 
> It's possible, but not particularly useful.  Sure, you could tell a
> well-behaved sender that you're rejecting the message, but spammers
> are not well-behaved senders.  In typical spammer setups, immediately
> after the entire message body has been sent, the sender closes the
> connection without waiting for a response.  Spambayes needs the entire
> message body for scoring, so by the time a spambayes score is available,
> the spammer no longer cares, and has moved on.
> 
> At most, you'd be informing well-intentioned senders of false-positives
> that their messages were rejected... and they could at that point try
> to resend through alternate means.  However, in my experience, the
> senders who would benefit from such are the same senders who tend to
> resend anyway, when they don't get the expected reply to the message.
> 
> Where things like milter really help is when you can reject simply
> based on some combination or subset of sender IP, sender's claimed
> from address, and recipient address.  If you can form a decision just
> based on those three things, then you can reject before the body is
> sent (while the spammers are still listening).  In lieu of rejection,
> you can also do fun things like tarpitting the connection, giving them
> a transient failure (ala greylisting), or similar manipulations.
> 
> Unfortunately, I don't know any of the actual mechanics of milter,
> so I wouldn't be a good source of implementation cluebats.
> 
> - Alex
> 
Hello Alex,

Thank you for your reply.
Yes I know that it isn't particulary useful except for the very few
false positives.
But what bothers me, is that currently I have no idea at all how many
spam I get. I have set up munin to show me the postfix rejections but
spambayes-spam of course doesn't show up in those stats.
If you know another way to inject spambayes-spam back into the postfix
logs and statistics, I'd be much obliged.

-- 
Amedee