A lot of people have complained about a recent uptick in spam, but I have to say I'm not getting hit all that much. I get around 3,000 unsolicited emails a day, and only about a half dozen slip through my net, a net composed only of SpamAssassin (with Bayesian filtering turned on) and ClamAV (for antiviral goodness). Here are the particulars of my setup, all of which takes place on my mail server so that I can use any old client and still enjoy the benefits.
- When an email comes into my server, it first gets scanned by ClamAV, and quarantined if it's dangerous.
- Once an email proves that it's not harboring any nasty viruses, it gets compared to a short roster of mailing lists to which I subscribe, and if it harkens from one, it gets sorted into my mailing list folder.
- If it's not from a legitimate list, the email gets fed to SpamAssassin.
- SpamAssassin checks it against its own rules, the spam databases at Vipul's Razor and the Distributed Checksum Clearinghouse, and my Bayes database. It assigns the email a spam likelihood score.
- Email with spam scores of over 10 get deleted immediately, email with spam scores of over 5 but less than 10 get thrown into a spam folder, and email with scores of less than 5 get put into my inbox.
- If a piece of spam manages to defeat all of this and make it into my inbox, I throw it into a reject folder. Thanks to a nudge by Ben Hammersley, this reject folder is processed every morning, teaching my Bayes filters that everything within is spam.
- Other choice bits: ClamAV updates itself every night, SpamAssassin's automatic whitelisting is turned off (due to a nasty prior bug that left a bad taste in my mouth), and I wrote a few custom SpamAssassin rules that make sure that all of MovableType's comment notifications make it through unscathed.
I openly acknowledge that this all takes a little bit of maintenance every now and then, and that as a result, it's probably not the solution for everyone. I have to keep up with the latest version of SpamAssassin (which is about to hit 3.0) and its related spam database clients, I have to dabble in Linux system administration in order to get it all configured, and of course, having the mail server sitting in my house helps a ton. All that said, I'm pretty happy with the current state of things, given that the less than two percent of my incoming mail that's legitimate makes it into my inbox, and it's the rare spam that comes along for the ride. And as a bonus, the other people that have accounts on my mail server get the benefit of all the work! [Q Daily News]