| Andrew Cooke | Contents | Latest | RSS | Twitter | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Lepl parser for Python.

Colorless Green.

Photography around Santiago.

SVG experiment.

Professional Portfolio

Calibration of seismometers.

Data access via web services.

Cache rewrite.

Extending OpenSSH.

C-ORM: docs, API.

Last 100 entries

Lepton Decay Irregularity; An Easier Way; Julia's BinDeps (aka How To Install Cairo); Good Example Of Good Police Work (And Anonymity Being Hard); Best Santiago Burgers; Also; Michael Emmerich (Vibrator Translator) Interview (Japanese Books); Clarice Lispector (Brazillian Writer); Books On Evolution; Looks like Ara (Modular Phone) is dead; Index - Translations From Chile; More Emotion in Chilean Wines; Week 7; Aeon Magazine (Science-ish); QM, Deutsch, Constructor Theory; Interesting Talk Transcripts; Interesting Suggestion Of Election Fraud; "Hard" Books; Articles or Papers on depolarizing the US; Textbook for "QM as complex probabilities"; SFO Get Libor Trader (14 years); Why Are There Still So Many Jobs?; Navier Stokes Incomplete; More on Benford; FBI Claimed Vandalism; Architectural Tessellation; Also: Go, Blake's 7; Delusions of Gender (book); Crypto AG DID work with NSA / GCHQ; UNUMS (Universal Number Format); MOOCs (Massive Open Online Courses); Interesting Looking Game; Euler's Theorem for Polynomials; Weeks 3-6; Reddit Comment; Differential Cryptanalysis For Dummies; Japanese Graphic Design; Books To Be Re-Read; And Today I Learned Bugs Need Clear Examples; Factoring a 67 bit prime in your head; Islamic Geometric Art; Useful Julia Backtraces from Tasks; Nothing, however, is lost with less discomfort than that which, when lost, cannot be missed; Article on Didion; Cost of Living by City; British Slavery; Derrida on Metaphor; African SciFi; Traits in Julia; Alternative Japanese Lit; Pulic Key as Address (Snow); Why Information Grows; The Blindness Of The Chilean Elite; Some Victoriagate Links; This Is Why I Left StackOverflow; New TLS Implementation; Maths for Physicists; How I Am 8; 1000 Word Philosophy; Cyberpunk Reading List; Detailed Discussion of Message Dispatch in ParserCombinator Library for Julia; FizzBuzz in Julia w Dependent Types; kokko - Design Shop in Osaka; Summary of Greece, Currently; LLVM and GPUs; See Also; Schoolgirl Groyps (Maths); Japanese Lit; Another Example - Modular Arithmetic; Music from United; Python 2 and 3 compatible alternative.; Read Agatha Christie for the Plot; A Constructive Look at TempleOS; Music Thread w Many Recommendations; Fixed Version; A Useful Julia Macro To Define Equality And Hash; k3b cdrom access, OpenSuse 13.1; Week 2; From outside, the UK looks less than stellar; Huge Fonts in VirtualBox; Keen - Complex Emergencies; The Fallen of World War II; Some Spanish Fiction; Calling C From Fortran 95; Bjork DJ Set; Z3 Example With Python; Week 1; Useful Guide To Starting With IJulia; UK Election + Media; Review: Reinventing Organizations; Inline Assembly With Julia / LLVM; Against the definition of types; Dumb Crypto Paper; The Search For Quasi-Periodicity...; Is There An Alternative To Processing?; CARDIAC (CARDboard Illustrative Aid to Computation); The Bolivian Case Against Chile At The Hague; Clear, Cogent Economic Arguments For Immigration; A Program To Say If I Am Working; Decent Cards For Ill People; New Photo

© 2006-2015 Andrew Cooke (site) / post authors (content).

Efficient Spam Filtering With Mutt and SpamAssassin

From: andrew cooke <andrew@...>

Date: Fri, 12 Mar 2010 11:11:45 -0300

I've finally got my spam rates down to GMail levels - effectively none.
Here's how to do it.  This is a bit long and detailed, but it presents most
details of a coherent system that works well for me.


First, get Spamassassin installed and working.  In OpenSuse this means
installing the relevant packages.  I run spamd as a service and then use spamc
to call that.  This avoids the overhead of starting Spamassassin each time an
email arrives.

One reason GMail can filter spam so efficienctly is that it can detect when
many people get the same email.  On a local system you can also do this in
three different ways.  The first way is to use Vipul's Razor.  This is a
centralized service allows you to pool resources with many other users.  It
works with Spamassassin, but needs to be separately installed and configured.

Vipul's Razor is also an OpenSuse package.  Instructions on configuring it
with Spamassassin are here - http://wiki.apache.org/spamassassin/RazorSiteWide

The second way to exploit data from other emails is to use an external DNS
blacklist.  By default, Spamassassin is configured to not use external source
of data (like Vipul's Razor and DNS blacklists).  To change this, edit the
flags in /etc/sysconfig/spamd (this is an OpenSuse specific detail - other
distros will use a different mechanism).

I have: SPAMD_ARGS="-d -c --allow-tell"

(I'll explain --allow-tell later; the important thing here is that -L has been
removed).

Also, in /etc/mail/spamassassin/local.cf, I have:

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
bayes_auto_learn              1

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
razor_config /etc/mail/spamassassin/razor/razor-agent.conf


The Bayes mentioned above allows Spamassassin to "learn" what email is good
and what bad.  Again, I will describe Mutt macros that help with this later.


Next, we need to configure procmail to call Spamassassin and then filter
spam.  To do this with Mutt I use the following mail folders (I am using
maildir; you can do something similar with mboxes):

.spam - this is where I put questionable emails.  These are borderline emails
and this folder needs to be checked regularly by hand (later I will describe
how Mutt macros can simplify this process).

.0-spam - this is where I put emails that were detected as spam, but which are
not "super obviously bad".  When starting, this folder also needs to be
checked regularly (see discussion of mailing lists below), but once everything
is working, it can be left pretty mcuh unattended - it then works as an
emergency backup so that if you incorrectly filter something, you can still
retrieve it.

/dev/null - this is where I send "super obvious" spam.

.learn-spam - this is used for Bayes (see later)

.learn-ham - this is used for Bayes (see later)

Given those, my .procmailrc file looks like this:


MAILDIR=$HOME/mail
DEFAULT=$MAILDIR/ 
LOGFILE=$HOME/log/procmail.log
LOGABSTRACT=all               

# get spamassassin to check emails
:0fw: .spamassassin.lock
* < 256000              
| spamc                 

# strong spam are discarded
:0                         
* ^X-Spam-Level: \*\*\*\*\*\*
/dev/null                    

# weak spam are kept just in case - clear this out every now and then
:0                                                                   
* ^X-Spam-Level: \*\*\*\*\*                                          
.0-spam/                                                             

# if it wasn't detected as spam, but is to a fake address, then we
# know it is spam, so learn from that                             
:0                                                                
* !^(From|To|cc|bcc)[ :].*(compute|andrew|root|webmaster|admin|postmaster).*@acooke\.org
* !^(From|To|cc|bcc)[ :].*@isti\.com
# add mailing lists below
* !^From[ :].*(snowmail_daily@...|Section@...|rforno@...|alert@...).*
{
  # save in case of screw-ups, mailing lists, etc
  :0 c
  .0-spam/
  :0
  .learn-spam/
}             

# otherwise, marginal spam goes here for revision
:0                                               
* ^X-Spam-Level: \*\*                            
.spam/                                           


Earlier I said there were three ways to detect spam using emails to other
people.  The third way is the "fake address" trick above - I download all
email from my ISP that is addressed to acooke.org, even though I know that
only a few addresses are actually valid.  I then use email to invalid
addresses as an extra source of known spam.


With the above configured you should see Spamassassin being called correctly
in the logs (and Vipul's Razor being used too).


Next, some Mutt macros that help simplify all this:

macro index S "<tag-prefix><save-message>=.learn-spam<enter>" "move to learn-spam"
macro pager S "<save-message>=.learn-spam<enter>" "move to learn-spam"
macro index H "<tag-prefix><copy-message>=.learn-ham<enter>" "copy to learn-ham"
macro pager H "<copy-message>=.learn-ham<enter>" "copy to learn-ham"


These are used together with these crontab entries:

*/3 * * * * /home/andrew/bin/spam
*/3 * * * * /home/andrew/bin/ham


And these scripts (this is why --allow-tell was needed for spamd - it lets
these scripts update the server with new information):

> cat spam
#!/bin/bash

for f in `ls /home/andrew/mail/.learn-spam/cur`
do
    spamc -L spam < "/home/andrew/mail/.learn-spam/cur/$f" > /dev/null
    rm "/home/andrew/mail/.learn-spam/cur/$f"
done
for f in `ls /home/andrew/mail/.learn-spam/new`
do
    spamc -L spam < "/home/andrew/mail/.learn-spam/new/$f" > /dev/null
    rm "/home/andrew/mail/.learn-spam/new/$f"
done

> cat ham
#!/bin/bash

for f in `ls /home/andrew/mail/.learn-ham/cur`
do
    spamc -L ham < "/home/andrew/mail/.learn-ham/cur/$f" > /dev/null
    rm "/home/andrew/mail/.learn-ham/cur/$f"
done
for f in `ls /home/andrew/mail/.learn-ham/new`
do
    spamc -L ham < "/home/andrew/mail/.learn-ham/new/$f" > /dev/null
    rm "/home/andrew/mail/.learn-ham/new/$f"
done


The idea here is that anything moved to .learn-spam (by pressing the S key) is
then learnt by the system as spam, while anything copied to .learn-ham is
learnt as ham (non-spam).  Note that S also deletes files.

In practice this means that you can use S to delete and files in your inbox,
or in .spam, and the system will learn from them.  Similarly, if you see
something in .spam or .0-spam that should not be there, you can use H to
"unlearn" it (you must then also copy it manually to wherever you want to keep
it).


Finally, a note on mailing lists.  When you subscribe to a new mailing list it
will not be listed in the .procmailrc above, and so will be sent to .0-spam.
You'll realise that the email is missing, fix procmailrc, and use H + copy to
correct things.  That's a nuisance, but it happens quite infrequently so I
haven't tried to simplify it.

Oh, and also, flag a pile of known good emails as ham.  Without this it takes
teh Bayes system a while to get started.

Andrew

Comment on this post