Improved Spam Filtering
Sophos released a new version (5.1) of PureMessage today. It includes the ability to block messages from given IP addresses before they're accepted for delivery. That should improve the UW-HEP spam filtering system, because it will decrease the number of messages the spam filtering engine has to inspect. Unfortunately, Sophos did not include instructions about configuring this feature so I opened up a trouble ticket with them.
PureMessage Spam Rule Decoding Tool
I wrote a command line tool to decode PureMessage spam rules today. It uses etc/data/antispam/db.summary so the data should be perfectly up to date... ftp://noc.hep.wisc.edu/pub/src/pmx/
Spam and Virus Hit Rates
I tossed together some spam and virus hit rate graphs today...
http://noc.hep.wisc.edu/nrg/spam/Mail-spam.cgi
PureMessage Tools
I recently wrote a number silly little scripts to help track what's going on with our email system....
- spam-report - grep and pretty print var/log/message_log and var/log/message_log.N using perl regexps
- msggrep - grep and pretty print Sendmail syslogs using perl regexps
- mqueue - pretty print Sendmail mailq output, one line per msg, so one can pipe it to grep
- mqueuerm - a stupid old script to remove a msg from the Sendmail mailq
- extract_pmx_counters - extract raw spam/virus/other counters so spam hits/hit rate data can be exported via Net-SNMP's snmpd and thus graphed with, eg, RRDtool
Of course, the really cool thing about these scripts is that they use perl regular expressions.)
ftp://noc.hep.wisc.edu/pub/src/pmx/
Spam Hit Rates
Our hit rate is in the 35-40% range. Graphs can be found at...
http://noc.hep.wisc.edu/nrg/spam/Mail-spam.cgi
UW-HEP Spam Filtering Service
Effective tomorrow, Thursday June 30th, the UW-HEP email service will be filtered by Sophos PureMessage. The fine print can be found at..
http://www.hep.wisc.edu/computing/spam
PureMessage Testing
I was able to resolve all my current issues with PureMessage today. Hacking on the policy script was/is great fun. There were a few wonky things that happened, but all-and-all it's good stuff. Now I'm looking into SMTP throughput testing. I'd like to figure out how many msgs/minute my test server can handle. It seems that Sophos doesn't not do any tiny installations like ours, so it's not clear if our server is big enough.
PureMessage
The per-user Spam Assassin thing is tired and old. Sridhara Dasu, a Prof here, recently told me about a product called Sophos PureMessage.
Getting out sendmail compiled such that it provides STARTTLS and AUTH PLAIN was crazy--even considering the fact that I ported a ton of custom sendmail code from version 8.6.mumble to 8.8.8 at my previous job. So I'm doubous about this PureMessage thing working. And I'm not sure how I feel about having to call tech support when our spam filtering is broken.
At any rate, I've started looking into PureMessage, which quarantines messages flaged as spam and sends a daily "digest" folks can use to retreive quarantined message if they'd like. It sounds pretty darn cool.
