SpamAssassin for Exchange

By Deane Barker on October 5, 2005

I was looking for a spam filter for my Exchange server. I had great luck with SpamAssassin on another box (just regular SMTP), and luckily I found two great resources today:

  1. How To Use SpamAssassin on Win32: This is a fantastic example of someone documenting something they know how to do, and documenting it well.

    It’s a fantastic body of information, written by someone who has been doing it for a long time. Everything is covered, including odd permutations, bugs, warnings, dependencies, etc.

  2. Exchange SpamAssassin Sink: This event sink fires on every inbound message, writes it to a file, sics SpamAssassin on it, and parses the result. It can just add headers to the message (allowing client filtering), or it can toss it altogether.

I installed this whole solution in about two hours this afternoon, including tuning and fiddling. It’s currently filtering away like crazy — 50% of inbound email is spam right now, and I know I can turn down the threshold quite a bit yet.

On a well-powered Windows Server 2003 machine, it’s taking one second to filter each email. (It’s probably less, but the logs don’t list micro-seconds. Suffice it to say that no email has taken more than one second to process.) Remember, however, that none of the network tests (Razor, Pyzor, etc.) work on Windows, and they’re what tended to add all the processing time.

What’s nice about this setup is that it saves all email in “Ham” and “Spam” folders. While this is a bit of a privacy risk, obviously, it also allows you to save up thousands of good and bad emails then train SpamAsassin’s Bayesian filter on them (it even inclues a BAT file to do that in one click). My understanding is that SpamAssassin gets scary-good when you have a well-trained Bayesian database behind it.

Gadgetopia
What Links Here

Comments

  1. I’m going to throw a vote in for spam filtering services. I signed up for SpamStopsHere two years ago and it has been awesome. Sure, it sucks having to pay to deal with junk mail but on the flip side though, I haven’t thought about spam in two years. And, I do it for my whole family and now all of them are happy too. I don’t have to train anything as their customer base reports spam, it is added to their filters and everyone benefits.

    I could go on and on about their product but you should do some research of your own. Or even try their 30 trial.

  2. I’m sure there are some great services, but how well do they scale, financially speaking? One user is probably cheap, but how about 20? 50? I’m curious.

  3. I’m trying this out, based on your recommendation. It seems impressive at first glance. The proof, I guess, is in how much spam I get.

  4. I am very intrested in finding out how your spam looks now that you are testing the spamstopshere recommendation. Please keep us up to date!

    -Thanks, Chris

  5. Installed SA on both our exchange boxes, but the ESA_Sink seems to mess up some HTML emails. Basically it converts every email as a text file to check it for spam and then converts it back to its original format… but it does a lousy job of it. Instead, it should keep a copy of the original, convert a copy of the original to text for scanning, and if it passes, then substitute the original back in (rather than having a “converted email” come through). Many are complaining about their html emails. :-/

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.