SpamAssassin proves to be an effective engine for battling spam

SpamAssassin 2.63, MailPoint 3000, and CanIt-Pro demonstrate the spam-fighting power of open source

SpamAssassin has proven itself to be a cost-effective and valuable open source weapon in the war on spam. But it’s also a complex solution. Capitalizing on SpamAssassin’s strengths, a number of companies have incorporated it into commercial products, adding extra features and much easier installation and manageability.

I recently looked at SpamAssassin 2.63, as well as two commercial products built around it, CanIt-Pro 2.0b from Roaring Penguin Software and the MailPoint 3000 appliance from Digitalinfo Networks. The three products illustrate the full spectrum of convenience vs. cost that applies to all anti-spam products, not just those based on SpamAssassin.

Downloading and installing SpamAssassin 2.63 required a substantial investment in time and reading through the documentation, but the software worked well once I jumped through all its hoops. CanIt-Pro required installing Red Hat Linux and then the software. It also involved a good bit more configuration than the MailPoint appliance, but it proved more flexible. The MailPoint 3000 box took five minutes to install and required little configuration but lacked some features that large companies might need.

In my tests, MailPoint 3000 and CanIt-Pro performed better at filtering out spam than SpamAssassin. However, further tuning of SpamAssassin would undoubtedly have yielded better results.

SpamAssassin 2.63

If you’re a full-time Linux administrator adding SpamAssassin to an existing Linux-based e-mail setup, you’ll find that it can provide more control than most costlier commercial packages. However, if you aren’t familiar with Linux system administration and you don’t relish the idea of wading through hundreds of pages of documentation, SpamAssassin may not be for you. This is not a slap at SpamAssassin; it is capable of good performance and it’s extremely flexible. But it’s not for everyone.

I installed SpamAssassin 2.63, along with the ancillary packages recommended by SpamAssassin.org. It took me a couple of hours to get Linux and the packages installed, but configuration was the real issue. Without looking at every document available, I downloaded more than 700 pages of documentation and found that some of them referred to older versions of SpamAssassin or Linux, and some documents contradicted others. On the upside, there are a couple of newsgroups available for SpamAssassin users and I was able to get quick answers to my questions there.

Configuration is done via a command-line interface, editing text files and Perl scripts. Although SpamAssassin itself doesn’t require a lot of configuration once it’s installed, getting the OS updated with all the correct supporting packages, adding required packages, and getting your e-mail application configured properly to work with SpamAssassin can take some time.

SpamAssassin uses a number of the usual effective techniques to spot spam: header analysis, text analysis, blacklists, real-time blackhole lists, and the newly added Vipul’s Razor, a collaborative spam-tracking database. Additional enterprise-oriented tools can be installed to allow administrators to apply different filtering settings for individual users and groups, or to allow users to access quarantined e-mail and to whitelist senders. These tools can be downloaded and installed freely, but finding them and getting them to work is not a trivial exercise.

Once I got the SpamAssassin software configured and running, its default settings provided acceptable performance, blocking 88 percent of spam, but with a very high 14.77 percent false-positive rate. With a few months of use and tuning, however, I expect its performance would improve substantially. Adding available plug-ins, such as the Bayesian filter or the content-checking filter, would likely help too.

While not a fit for administrators inexperienced with Linux, SpamAssassin is a powerful, extensible package that can perform as well as commercial solutions, provided you are willing to spend the time tuning it and updating it as necessary.

Roaring Penguin Software CanIt-Pro 2.0b

Administrators looking for an inexpensive spam-fighting solution that brings out and adds to the best of SpamAssassin might consider CanIt-Pro.

Although far simpler to install than SpamAssassin, it proved more complex to install than the MailPoint box, requiring the Apache Web Server, PHP Web interface, Perl, and C programming environments. Still, installing the CanIt-Pro package is not onerous and configuration is complex only because of its wide range of features, its scope, and its flexibility. According to Roaring Penguin, a high-end server can handle 100,000 messages a day.

Groups of users can have designated administrators and different rule sets for filtering. This is a nice feature for supporting groups that receive different kinds of e-mail. For example, marketing can have higher thresholds for marketing-related messages, while engineering can cut them back to none. This granularity can extend to individual users and there are preset configurations for basic users, as well as a full interface for more sophisticated users.

Creating whitelists to ensure that mail from selected sources always gets through is simple and can be delegated as far down the chain as desired, to designated administrators or end-users.

One of CanIt-Pro’s interesting features: The software can be configured to simply not accept mail that appears to be spam. This is unusual; most programs accept the mail and then quarantine or delete it. By preventing the message from being delivered at all, CanIt-Pro can reduce the amount of traffic your mail server must handle. The drawback, of course, is that there’s no way to retrieve false positives. This filtering rule can be disabled, fortunately.

As with SpamAssassin, you can configure rules any way you desire, as long as you can program in Perl well enough to modify the existing rules. Most users will not need to do any programming, but the option does provide for a very open-ended solution. Roaring Penguin supplies full source code and permission to modify it for internal use.

CanIt-Pro can also provide content filtering to ensure compliance with corporate policies by removing incoming or outgoing messages with adult content, prohibited language, or attachments. Further, it provides encryption services.

Performance was within the range that most administrators and users will be satisfied with. In my tests, it caught 90 percent of all spam and had a low false-positive rate of .82 percent.

CanIt-Pro requires less configuration than SpamAssassin but more than MailPoint. It will yield a very flexible, inexpensive enterprise-oriented system that supports thousands of users.

Digitalinfo Networks MailPoint 3000

The MailPoint 3000 appliance proved the easiest to set up and configure in my tests, but it’s the least flexible and lacks some features that administrators at larger enterprises might want.

Priced at $1,599, this 1U, rack-mounted server will handle thousands of users. The price is substantially lower than that of other appliances I’ve tested, and the performance was good, with more than 90 percent of spam filtered and no critical false positives.

Companies seeking a spam-busting appliance with more enterprise features might consider the MailPoint 5000, which is still a good value at $3,499.

Installing the MailPoint 3000 is a simple matter requiring a serial terminal connection for the initial network configuration and an SSL browser connection for the remaining configuration.

The interface is straightforward, and I was able to configure the system without referring to the documentation. Initial spam-filtering performance was lower, as the threshold was initially set to ensure no false positives. Decreasing the threshold, easily accomplished via the Web interface, increased spam-filtering performance substantially without adding false positives.

The MailPoint 3000 adds a GUI to the SpamAssassin engine, giving administrators access to its content-filtering and attachment-blocking capabilities. MailPoint admins can’t adjust Perl scripts to change filtering rules, but the options presented through the interface should prove adequate for most users.

Rather than providing multiple configurations for different domains, groups, and users, all settings on the MailPoint 3000 apply to all users and domains. There is also no provision for individual user access to the quarantine. (The MailPoint 5000 model adds support for multiple user and group configurations.) Although releasing quarantined messages and whitelisting senders’ addresses are easy, an administrator will have to perform those tasks.

Considering the capability you get for the price, administrators who are looking for basic functionality and who are willing to handle quarantines themselves should consider the MailPoint series.

Each of these solutions will have a place in some organizations. SpamAssassin will suit administrators willing to spend the time getting familiar with the documentation and tuning the product. CanIt-Pro is a package that provides a straightforward install and powerful customization capabilities, as well as enterprise-level features for handling multiple groups and users. The MailPoint 3000 is not only easy to install but also simpler to configure, making it useful to even inexperienced admins.

InfoWorld Scorecard
Setup (20.0%)
Value (10.0%)
Ease of use (20.0%)
Manageability (25.0%)
Accuracy (25.0%)
Overall Score (100%)
Roaring Penguin Software CanIt-Pro 2.0b 8.0 9.0 8.0 9.0 9.0 8.6
Digitalinfo Networks MailPoint 3000 9.0 9.0 9.0 7.0 9.0 8.5
SpamAssassin 2.63 7.0 10.0 6.0 8.0 6.0 7.1
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies