SpamNet: Razor for the Masses 256
UCRowerG writes "From CNET News on Yahoo!: "Conceived by Napster co-founder Jordan Ritter and open-source developer Vipul Ved Prakash, the company is touting the benefits of democracy, networking and collaboration in the war against unscrupulous e-mail marketers." " Since Prakesh is
responsible for Razor, hopefully there will be Linux support as well, but
once again I gotta throw my props at Spamassassin which catches over a hundred
spam for me each day.
Here's the URL... (Score:5, Informative)
... because the guy who posted this obviously couldn't be bothered....
Re:Signatures? (Score:4, Informative)
http://razor.sourceforge.net/docs/whatsnew.html
I'm frankly quite happy to see Razor come to fruition.
I had exactly the same idea for how to do this (with distributed signature databases) in '93 when I started a well known ISP. The plan was to offer spam-killing as a second-tier service to offer our customers, but alas: at the time, it was considered by management (read: VC) more profitable to allow open spam relays to our subscribers than it was to try to get subscribers to pay for a service like this, so the implementation details went nowhere.
Excellent to see it come to light in the form of working code, OSS style.
Spamassassin over Spambouncer (Score:5, Informative)
I was very impressed with Spambouncer. It was the first spam-heuristic system that I'd used (previously, I'd relied solely on MAPS, ORBS, ORDB, RBL, etc.), and I was very impressed. I found that it rejected a lot of legitimate mail until I grepped my "Sent Items" folder, extracted every "To" field and made that my white list. (The assumption being that if I've e-mailed somebody, I don't mind hearing from them.) That worked very well, and I was happy with Spamassassin. The odd piece of spam would get through, and I still had 1:100 legitimate messages get put in my spam folder. But it made my life much simpler.
Then I tried Spamassassin. The big reason was because I wanted to take part in Razor and know that I was a part of a collaborative process. Also, Spambouncer hadn't been updated in months, which struck me as odd. But I also just wanted to try something different. I found that Spamassassin was better. Not in a way that made Spambouncer look bad, it was just clear that Spamassassin was a superior product. For example, Spamassassin provides a complete scoring in the headers, so you know exactly what criteria caused the message to be block. And I never had to set up a whitelist -- it just works. I still get that tiny little bit of spam that gets through, no more or less than with Spambouncer, but that's really not a complaint. It's very, very rare that a legitimate piece of mail gets caught up in the system. Best of all, the nonexistent addresses on my system that spammers have somehow discovered (big@waldo.net, aldo@waldo.net) can be forwarded via my aliases table to Spamassassin's (Or is it Razor's? I forget.) server to be automatically added to their honeypot collection.
I'll stick with Spamassassin, I think. It appears to be the most mature, stable, simple, straightforward spam filtering product available today. For those looking to set up server-side spam filtering, I highly recommend it.
-Waldo Jaquith
Have Your Cake and Eat It Too (Score:5, Informative)
score RAZOR_CHECK 5.0
I've also got the other "network tests" enables (blacklists), but I assign them low scores since they have a lot of false positives.
Using spamassassin with razor and the blacklists really works. My spam file has 836 spams automatically filtered between March 1 to today, June 19. Of those 836 messages, 511 have the RAZOR_CHECK string in the "X-Spam-Status" line that spamassassin adds to the header.
Not too bad, considering Razor uses a rigid message digest that fails if the spammer adds any "random" content to the messages. Saddly, it seems like that's becoming more common. Rumor has it that Razor is someday going to use "fuzzy" matches with one of two algorithms that somehow accomplish such a feat. Anyone know when/if this is supposed to happen??
Re:Signatures? (Score:3, Informative)
Only the client of Razor is OSS. The author has explicitily stated that the server will not be released under an Open Source license. This is exactly why I'm implementing Pyzor [sourceforge.net], which is a razor-like system but where both the client and server are released openly under the GPL.
Re:Alanis would love this. (Score:3, Informative)
Translation: If you want to keep seeing poorly-coded sites remain poorly-coded sites, use the IE engine.
The more people that use Mozilla, the more web designers have to code for standards compliancy. Using IE or IE's engine will only result in a monopoly on the web.
Spamcop uses the 'collaborative method' too. (Score:3, Informative)
Quick brief on how it works. There are two portions:
- Reporting tool, that allows you to forward spam to SpamCop for analysis. This will pick apart the headers and body, find out where the spam originated from (even if it's gone through legitimate relays and aliasing systems, such as mailing lists), and will send complaints to the relevant owners of the IP block owners, MTAs and web sites. It does a VERY good job of figuring out who's responsible.
- Blocking tool that uses a RBL-style blocking list, which lists IP addresses of spam originators. If enough spam gets reported within 24 hours, the IP sending the spam gets added to the list. You can use this to block addresses where spam has originated from so you dont even receive the spam. People get their IP addresses unblocked only if spam stops being sent from that IP.
The system is very good. It relies on you and others reporting spam to SpamCop in a very workable collaberative effort.
http://spamcop.net/ [spamcop.net]
Alternative to SpamAssassin that Uses Razor (Score:2, Informative)
Pyzor for an open source *server*. (Score:3, Informative)
http://pyzor.sourceforge.net/
Oh, BTW, Spamassasin *uses* Razor.
Spam filtering +Virus scanning = MailScanner (Score:2, Informative)
http://www.sng.ecs.soton.ac.uk/ma
...run ning on my personal server. It's a "wrapper" for SpamAssassin and a number of server-side virus scanners. Pretty cool tool.
Re:Hey Ximian! (Score:4, Informative)
However, I have SpamAssassin working with Evolution now. It was kind of a hassle to set up but it works... here's the overview:
- get and install SpamAssassin, test that it works by piping a good email and a spam email through it
- check that my fetchmail works, write a
- check that my procmail works, write a
- disable the regular pop mailboxes in Evolution
- add a new "local delivery" mailbox to Evolution
- wrote a tiny script I called "getmail" that does "fetchmail -m procmail" and make sure that it gets my email from the POP3 server correctly
- added the getmail to my crontab to run every 5 minutes
- added a filter rule to Evolution: if specific header X-Spam-Flag = YES, drop the email in my Spam folder
and that was it.
Re:Nilsimsa's popularity will be its own demise (Score:2, Informative)
I BSD-ified my example code so if anyone wants to use it, feel free.
Achilles heel (Score:2, Informative)
Ad that is why it will never work.