Great article Ron. I have two additional thoughts you might choose to share. First, SpamAssassin can be DNS intensive, so I highly recommend installing a local caching DNS server such as PowerDNS on the same machine(s) with SpamAssassin. Secondly, commercial solutions not only offer better capture rates, but also increase the overall reliability of email delivery because of their redundant network architecture. Further, a commercial solution will almost always be more cost effective due to economies of scale.
Nat Earp
Frontgate Technology Services
http://www.frontgatecorp.com/
Latest security headlines from Network World:
Browser war redux, patch time, iPod news
Microsoft to release four critical patches
'It's the data, stupid' so you'd better vote to protect it
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Why SpamAssassin?
I would not recommend SpamAssassin. SA is a great product but it is slower than other open source products and requires substantialy more maintenance (updating rules, etc) then other open source products.
If you are looking for a great overall product with good interface to manage users and a good interface for the users managing their spam/ham then I would recommend DSPAM. It has many different options and allows you to choose between many engines for classifying spam/ham and many different operation modes. To my knowledge it is the only pure statistical solution having support for classification groups, merged groups, etc. This allows you to pre-train the filter and offer out of the box high capture rate for new users while still allowing the user to tweak/train the filter for his own needs.
If you are looking for fast processing and high capture rate then look at CRM114 or OSBF-LUA.
OSBF-LUA is one of the fastest classifier I have used. It very fast and does not need much training. Beside that it is pure statistical (like CRM114 and DSPAM) and does not use any external sources like RBLS, RHBL, DNSBL, DNSWL, reputation services, SPF, DKIM, hashing, etc (DSPAM can use external sources but does not need to in order to have high catch rate).
OSBF-LUA is the winner of TREC's Spam Track 2006. It outperformed any competitor including SpamAssassin and commercial products. I think this says enough about the quality of the tool.
RE: Blocking spam on a Unix system
Why going to spend a few hours on implementing SA, changing your set up and when everything is installed check and maintain the anti spam solution on a daily base? It is time consuming and results in a non profitable action in your company.
Maybe it's better to take a look at managed email security solutions like MX Lab. You can visit them at http://www.mxlab.eu. Such solutions only need an MX change and you are safe for viruses and spam, well for some 98%. You don't have to spend you time on installing and maintenance and you're server will be less under load when spam hits your machine.
Just my thoughts on this matter.
Most spam appliances work fine on a UNIX system
Most spam appliances act as a SMTP proxy so they are transparent to the operating system you use.
My company Abaca offers a 99% spam accuracy guarantee where we pay you if any user gets less than 99% accuracy.
But there other systems which offer no guarantee such as IronPort, Barracuda, etc. that also work (just not as well).