DSpam report

Michael Torrie torriem at chem.byu.edu
Fri Aug 25 20:40:05 MDT 2006


Thought I'd post to the list to tell folks about my experiences with
DSpam over the last couple of days.  I've been running it for several
users since Wednesday.  DSpam really works best when plugged into mail
server as the MTA, but for my beta testing phase I'm running it through
procmail.  This requires dspam to be setuid dspam (not root), but
procmail has to be setuid root (which is fine since it sheds root very
quickly).  Running it in this mode makes quarantine very difficult, but
the classification and learning works wonderfully, and procmail rules
can filter based on the headers. 

First the good news.  The more spam you receive the better it works.
After just 2 full days of training, it is catching 95% of the spam for
one user.  She tends to get up to 5 times more spam than ham each day,
30-100 pieces of spam every day.  With this much volume, the system has
learned her mail patterns very well. 

Now the not so good.  On my account, I get somewhere around 100 legit e-
mails a day and only 5-20 spam messages (I used to get up to 50 spam a
day until I started using grey-listing to kill 80% of the spam right at
the connection).  After three days of training the spam catching is
still only 60%.  It will eventually improve I hope.  The wide variety of
ham I receive makes the learning process take a lot longer (the "good"
characteristics far outnumber the "bad").

So DSpam works well and I think everyone who has a spam problem should
look into it.  It's faster and ligher than Spamassassin, and more
adaptable.  Ironically, though, the more spam you receive the better it
works.  So get your e-mail address out on the web as wide as
possible. :)  And disable grey-listing...

In the meantime, it looks like I'll still be running spamassassin to
pick up what dspam misses, but I'm happy.

Michael





More information about the PLUG mailing list