I recently bumped my primary email/database/webserver box up to date. Now all my gentoo boxes are past the annoyingly useless tweaks required for gentoo’s baselayout2. I love gentoo land, where every bit of pain is a lesson. This one included… (continued…)

Avelsieve is a really nicely done web interface for email rules. It is a plugin for Squirrelmail, a tried-and-true webmail client, that works with a cyrus IMAP server, another old dog that is a nightmare to install but gets the job done no matter what it is.

The system has been handling my email for years, but for the past few months, I haven’t been able to get Avelsieve to edit my email rules. It’s very picky about compatibility. Today I finally dug in and fixed that. Apparently cyrus updates broke avelsieve, but there’s a workaround. Turned out to be one line in the avelsieve config file, updated as follows:

# MDM Will this fix the problem of not decoding scripts?
# MDM YES!  IT DOES!  Thank goodness.
# see http://thread.gmane.org/gmane.mail.squirrelmail.plugins/14106
#$avelsieve_disabletls = false;
$avelsieve_disabletls = true;

Yay! My pretty and powerful email rules are back!

After checking my webmaster and root emails (and my dad’s email account, that he shares with EVERYONE :> ) and finding 65 THOUSAND spam messages in the Junk folders, I decided it was time to throw down the gauntlet. I’m proud to say that now I’m absolutely crushing spam.

I am using rules from razor2, dcc, pyzor, SARE and the sa-blacklist, updated daily, along with Bayesian filtering.

SpamAssassin rates incoming email using the rules, and adds the spamscore to the header. If the spamscore is high enough (4 or more in my case), it puts SPAM in the title and safely wraps the content. I then use a sieve rule to dump SPAM-titled mails into each user’s Junk folder at the end of the processing.

I took it a step further because I was PISSED at the volume I’m getting. I have NEVER gotten a false positive in all my checking, so I updated postfix to DISCARD emails with a spamscore of 10 or higher. With the high quality rules I’m using, I now have the good fortune to never even see the obvious spam anymore.

To configure postfix to drop high-scoring spam, add a line to main.cf to do header checking:

header_checks = regexp:/etc/postfix/throw_away_high_score_spam

Then create throw_away_high_score_spam and add this:

/^X-Spam-Level: \*{10}/ DISCARD


UPDATE: A few spams were slipping through at scores around 3.5, I’m dropping my SPAM score trigger to 2.0. I still have yet to get a false positive.

UPDATE UPDATE: My first and only false positive, on Bruce Schneier’s August 2008 Cryptogram newsletter. He’s always causing trouble. :> Steady on.