Slashdot Log In
Critical Eye on SpamAssassin
Posted by
CmdrTaco
on Tue Nov 25, 2003 08:52 AM
from the not-totally-surprising dept.
from the not-totally-surprising dept.
ErrorBase writes "In this Infoworld article, Logan G. Harbaugh makes a great deal about an ancient (2.44) version of SpamAssassin comparing it with newer comercial variants.
Quote : You get what you pay for. [...] However, it took more than 10 times as long to install and configure SpamAssassin as it did any of the other products. "
Why did he not ask Kevin Railsback who had the whole thing working some while ago?)"
This discussion has been archived.
No new comments can be posted.
Critical Eye on SpamAssassin
|
Log In/Create an Account
| Top
| 324 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
|
2
(1)
|
2
Re:What is a good client-side spam filter for Outl (Score:5, Informative)
(http://arstechnica.com/etc/linux/index.html)
Re:What is a good client-side spam filter for Outl (Score:4, Informative)
(http://www.junklight.com/)
Given I get over 100 spams a day and I see non of them I am very happy with this indeed.
Re:What is a good client-side spam filter for Outl (Score:4, Informative)
Re:What is a good client-side spam filter for Outl (Score:5, Funny)
Best one yet!
POPFile (Score:4, Informative)
POPFile is easy to use. It also performs Bayesian filtering. It is what I use.
http://popfile.sourceforge.net/
My current POPFile statistics:
Messages classified: 1,440
Classification errors: 19
Accuracy: 98.68%
SpamAssassin (Score:5, Interesting)
TrollAssasin would be nice, imagine seeing posts subjects as *****TROLL***** heh
Re:SpamAssassin (Score:5, Funny)
What am I doing wrong? (Score:4, Interesting)
(Last Journal: Wednesday November 03 2004, @11:41AM)
I get about 60-70% of my spam correctly tagged, and about
Re:What am I doing wrong? (Score:4, Funny)
The problem is that you're making the same mistake I am.
(No, I can't expand upon that)
Is there a gui tool for configuring SpamAssassin? (Score:5, Insightful)
(Last Journal: Friday June 23 2006, @12:04PM)
Aren't there tools that do this?
Re:Is there a gui tool for configuring SpamAssassi (Score:4, Informative)
Re:Is there a gui tool for configuring SpamAssassi (Score:4, Informative)
http://www.openhandhome.com/saconf.html
a problem with reviewers (Score:5, Insightful)
(http://www.bsd-unix.net/~bruce)
Re:a problem with reviewers (Score:5, Insightful)
It is always nice to see a lack of journalistic integrity in reviewers...
Re:a problem with reviewers (Score:4, Insightful)
Re:a problem with reviewers (Score:5, Informative)
(http://www.aug24.co.uk/)
So if you want to whinge at anyone, whinge at RH. At least this shows that reviewers now think they should include FOSS in their reviews.
Justin.
Re:a problem with reviewers (Score:4, Insightful)
(http://www.aug24.co.uk/)
That is the oldest canard (read: excuse) in the FOSS zealot's book. And I say that as a regular proscelitiser myself.
How old is Red Hat 9? It was the current release till earlier this year, when they launched Fedora. So, he used a version that is a few months old. Whoop-de-fuck. 'Very old' my arse.
J.
Re:a problem with reviewers (Score:4, Insightful)
Anybody using an old version of anti-virus or anti-spam software gets what they deserve (or get's the review their advertisers want). I use spamassassin and clamav with mimedefang on my corporate gateway and you have to upgrade spamassassin regularly or more and more spam starts slipping through - this is the nature of anti-spam and I'm sure is just as true of brightmail and the others.
Coming soon at Infoworld... (Score:5, Insightful)
(http://www.jgc.org/ | Last Journal: Friday August 22 2003, @11:31AM)
Seriously, InfoWorld, SpamAssassin 2.44 was released in February, all the other vendors you compared were constantly updating their products to cope with the ever changing nature of spam.
John.
Logan You Better Run (Score:5, Informative)
My ISP (souther NH) runs SpamAssassin 2.6 - and I can tell you that at the default settings it catches 90-95% with
I've got one client where the run NO filter - some folks (the names GOTTA be on the web site) get up to 100 spams a day. IT are basically monkeys with hands. I have no idea what the CEO thinks. They wouldn't even think OS as they're a total MS shop.
Re:Logan You Better Run (Score:4, Informative)
Razor: Vipul's Razor is a collaborative spam-tracking database, which works by taking a signature of spam messages. Since spam typically operates by sending an identical message to hundreds of people, Razor short-circuits this by allowing the first person to receive a spam to add it to the database -- at which point everyone else will automatically block it.
From the review:
All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves. Brightmail allows users to forward misidentified e-mails to the administrator, who can choose to add the sender to the whitelist. SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users.
Who is missing something here? Me or the reviewer? It looks like Razor does exactly what he wants to do and claims that SpamAssassin doesn' t do. It seems to me you are right ... selectively comparing old OS with newer commercial software so that he can make claims that are factually correct about SpamAssassin 2.44 but completely missleading about the current version.
I get what I pay for too from reading the article. (Score:5, Informative)
(http://arstechnica.com/etc/linux/index.html)
Yeah all those GUI options look nice, but 90% of the time, why do I need to change my spamblocking settings? The Bayesian filter autoadjusts itself with little or no user intervention -- it's near transparent.
Works for me (Score:5, Informative)
(http://www.ganfamily.com/)
It works pretty well for me -- the mail server's only for my personal use so I don't really have to worry about irate subscribers sueing me for dropping them legit mail =p and the 8-12 point range in the spam marking gives me a chance to vet through those suspicious mails briefly before deleting them.
I've never tried any other spam filters on the server-side, so I can't really compare. I guess I'm also a bit of a Linux hacker so I don't mind tweaking all those config files along the lines of the FAQ and other hints on forums to get it to work the way I want it to.
Re:Works for me (Score:5, Informative)
(http://www.ganfamily.com/)
Spam Filters . . . and Eudora (Score:4, Funny)
(http://www.lds-chat.com/)
Come to think of it, it seems to work out just fine.
Newt-dog
Sales sales sales (Score:3, Insightful)
In the end, any company is going to have to put people and tools together to get a spam solutution, or outsource it. But DIY needs people time.
Don't pay vendors for SpamAssassin, it runs quite nicely on left over PCs reloaded with Linux.
He already sent an open letter to SAtalk (Score:5, Informative)
(http://krass.com/)
Re:He already sent an open letter to SAtalk (Score:5, Informative)
Re:He already sent an open letter to SAtalk (Score:4, Insightful)
(http://etoy.com/)
This is very true, of course. But has the guy considerered that this is 1:1 the case with commercial software too?
Even support providers for enterprise level software (i.e database vendors, which may charge hundreds of thousands of $, depending on the installation and support level) will never guarantee that they provide you with a solution.
Of course their sales reps have the flashier presentations though, which is a part of what you pay for.
no wonder... (Score:5, Insightful)
(http://www.only4christ.de/)
Because (Score:5, Interesting)
He expected to get the results that he normally gets with most commercial software. Click Setup.exe, answer a question or two and it's done, up and running. Further configuration is not required though it may be desired.
The commercial vendors of Spamassassin have not improved the core product in any way. What they have improved is the packaging, the installation, the default configuration and the interface to modify that configuration. The stock SpamAssassin does not offer that although, Spamassassin setup is far more simple than some other packages out there.
Taken from the two articles (Score:5, Interesting)
versus
The first found Spamassassin easy, the second found it hard. Hmmm.
What really aggravates me is the typical "There are blacklists available that you can subscribe to, and some are updated regularly, but these are noncommercial lists with no guarantees." I'd like to see what guarantees the commercial lists come with.
Critical Eye on Tech Journalists (Score:5, Informative)
Each product was tested with a different stream of mail, so the number of messages received varied, but all received enough messages to assess their capabilities.
Can you imagine someone writing "Oracle, Sybase and Postgres were compared. While the data and workloads were different, all products performed enough work to assess thier capabilities."
All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves.
I don't know anything about Brightmail. Spamassassin end user whitelists entries can be set up in a number of ways.
And all the products but SpamAssassin use dynamic updates to keep up with the evolving technologies spammers use to circumvent less sophisticated filters.
As aluded to in the summary, this is false with modern versions of Spamassassin, which uses Baysian filtering. (The author later says he couldn't get it working.
However, it took more than 10 times as long to install and configure SpamAssassin as it did any of the other products. [...] But just because the software is installed does not mean it will work -- filtering criteria must be added manually, and until that's done nothing is filtered out. Getting the various configuration files edited properly so that the whole package worked was not simple. Documentation was difficult to find, and not always easy to follow.
While it is true that one must be comfortable with a text editor to configure Spamassassin, thus perhaps putting it out of reach of point-and-click admins and technical journalists, I also wouldn't be prone to put my mail servers in the hands of either of those groups of people.
It looks for keywords in the subject or body of e-mails, but is frustrated by words not in the dictionary, such as "V!agra," or words that contain invisible HTML characters.
While I am not sure what tests appeared in which version, I'm pretty sure 2.44 handled off-by-one works such as V!agra. I have no idea what he's talking about when he says "invisible HTML characters", but it does seem to point to a certain technical incompetence, similar to the ostritch belief - "If I can't see you, then you can't see me."
This is not to say Spamassassin is the easiest thing in the world to deal with. I happen to love it, because of the extreme flexibility.
I just get sick of tech journos who decide that because a tool doesn't have a gui and they don't want to take the time to configure it, it sucks.
Re:Critical Eye on Tech Journalists (Score:5, Insightful)
(http://sandbox.etree.org/)
A very large sample of mail would negate almost all of the differences caused by using a different set of mail, but I get the feeling that each of these servers ran for about a day and the results were gleaned from that.
I don't know anything about Brightmail. Spamassassin end user whitelists entries can be set up in a number of ways.
As aluded to in the summary, this is false with modern versions of Spamassassin, which uses Baysian filtering. (The author later says he couldn't get it working.)
Maybe I'm missing something or taking things that I consider basic for granted, but Bayesian filtering with SA is about as straightforward as it gets, except that instead of clicking a few buttons, you run one short command.
While it is true that one must be comfortable with a text editor to configure Spamassassin, thus perhaps putting it out of reach of point-and-click admins and technical journalists, I also wouldn't be prone to put my mail servers in the hands of either of those groups of people.
I think we've all known these types, and unfortunately they're more widespread than we'd like to think. Many simple solutions such as SA are ruled out because the admin doesn't have the skill to implement them. Note to any managers reading this: hire people with a solid background in the field, not those who list single-platform applications on their resume as "skills." Software changes, but a good administrator has the ability to adapt.
sixty-two percent? (Score:5, Interesting)
(http://sandbox.etree.org/)
To me, this statement is pretty telling. Harbaugh must get some completely different kinds of spam than me, because, even though I receive about 60 spam mails a day (directed to my "spam" folder, so I never see them until I scan the "From:" field and then delete them), maybe one per week makes it through the filter. And seeing as how I can't even remember the last time I got a false positive, that's a pretty damn good number.
I can believe that if you receive a variety of mail and if you took no time to configure SpamAssassin other than cranking it up, maybe then it'll only catch 80% of the spam. But 62%? I'm not sure if Harbaugh is skewing the benchmarks or if he just doesn't know what he's doing.
There are some legitimate issues with SpamAssassin that might not make it ready for the enterprise, but for a handful of users, I have been more than satisfied. And the price is right.
You think 2.44 is ancient? (Score:5, Informative)
Re:You think 2.44 is ancient? (Score:5, Informative)
(http://web.lemuria.org/)
Aside from that, installing 2.60 into your home directory is absolutely painless. Just did that, before I learned about the backports.org website.
Article lenght advertisement (Score:3, Insightful)
(Last Journal: Sunday January 08 2006, @04:07PM)
Sounds to me like Infoworld has an advertising contract with (at least) one of these companies. At the very least he should have checked the site for an update before he started his "tests". For a while there, I got every one of those "IT industry" hype mags (always free). While there was some good information here and there, you had to wade through a lot of advertising pretending to be articles.
I love SpamAssassin and would not consider email hosting without it. It has made my email account useable again ! For the record, it seems to catch about 80-90% of my spam, and I have never seen a 'false positive' (I do check my 'spam' folder, but less and less)
-1, Troll (Score:5, Funny)
(http://web.lemuria.org/)
It's just a bit too obvious that he was hoping for a severe slashdotting, driving his own numbers ("look, editor, how many people read my articles!") and the ad numbers of his paper up.
Probably submitted the story himself, too.
The review isn't as bad as slashdotters make it (Score:5, Insightful)
Seriously:
- The Spamassassin installation documentation could be better written IMHO.
- Why doesn't RedHat's update service offer constand updates to the current version of SpamAssassin?
- Why doesn't it (as mentioned in another post) have the most important configuratoin setups included in their overall configuration GUI?
I really wish distributions would support SA better.It's all about the UI (Score:4, Insightful)
The bias apparent in this article and the crappy comparison chart aside this review doesn't even begin to touch base as a throughly researched opinion ion piece and ends up look like an advert for Brightmail.
However we do in the OS community face a UI problem. The missing rung on the ladder to mass acceptance is the absence of high quality UI that give users and indeed administrators of the point and drool variety a interface with the service they are seeking to use.
Before the Highly polished phpmyadmin I met serious resistance from admins for MySQL over msSQL based mostly on interface. The same goes for CUPS which has a web interface that I think has come of age if not achieve adult hood. The Webmin's are OK as long as you don't tinker to much or do anything slightly non-standard. I dislike Swat and am now so used to editing smb.conf I haven't even checked it;s working. I think that a lot of these services, apache, Spamassassin and X11 for example, could bare providing embedded configuration UI's if they aim to capture wider markets. Mandrakes X11 confugulator is very good.
I was going to mention the difficulty presented for admins with widely deployed Outlook when looking at these kind of solutions but then I though no only have sympathy where it is due. An I know that SpamAssassin could work seamlessly with Outlook but if users want a front end for white-listing then SpamAssassin isn't going to be your toy just yet.
Though we love the text based config file you may have to put a lot of working into configuration UI's if you want to enter the area as far as that reviewer and many sysadmins are concerned.
Not Really (Score:4, Insightful)
(http://www.tookish.org/)
I knew nothing about filtering spam until I installed SpamAssassin 2.6 in a multi-user environment last week. Here are my responses:
I wouldn't recommend that my grandmother install SpamAssassin, but if you have any admin skills whatsoever, it's quite easy to use it to set up effective and useful filters. Furthermore, there are enough factual errors in the article that I'm tempted to dismiss it outright.
Of course, it's possible that it got a lot better between 2.44 and 2.6, but that begs the question, why did he install 2.44?
install took 10 times as long...? (Score:5, Insightful)
I also like the characterization of Spamassassin as "first generation" without any supporting evidence to the fact. First generation was adding spam senders to your e-mail client's blocklist. Bayesian filtering is well beyond first generation, but spammers have learned to defeat Bayesian filtering with poison data in non-eyeball space and text obfuscation. The next generation in spam detection is to detect the Bayesian evasion features - and guess what does that!? Spamassassin (2.60).
SA+MailScanner works for me (Score:5, Informative)
I've found the easiest way to implement SpamAssassin is to invoke it through MailScanner [mailscanner.info]. MailScanner uses third-party virus scanners and can optionally invoke SpamAssassin as well. With the free ClamAV [elektrapro.com] antivirus product, you can build a powerful open source mail scanner. Even without a virus scanner, MailScanner detects and quarantines executable attachments and other dangerous content which represent the most common types of mail-borne viruses and worms.
RedHat installs the daemonized version of SA as well as the SA Perl scripts. Using the daemon, the easiest implementation is to invoke SA in /etc/procmailrc on the mail delivery host; for mail gateways running sendmail, you need to use the milter interface. I've found the MailScanner+SpamAssassin approach much easier to configure than either of these methods, and you get virus scanning to boot!
I suspect if the reviewer had compared SA 2.60+ to the commercial products, rather than the older 2.44 version used in the review, SA would have shown better results.
I'd agree with the reviewer that one of the things SA lacks is an easy method for users to interact directly with the program. (Part of the issue has to do with security; SA runs as root. As I read the review, I wondered how the other products allow users to interact directly with the scanners without sacrificing security.) It's not easy to maintain per-user Bayesian filtering, for instance, but I generally recommend having the mail client, e.g., Mozilla [mozilla.org], handle these tasks.
Thanks for the reminder!! (Score:3, Interesting)
Old, and on the list (Score:3, Informative)
The current version of spamassassin is 2.60.
Try the Custom Rule Emporium! (Score:4, Informative)
(Last Journal: Wednesday October 10, @03:59PM)
Since then, I've downloaded a bunch of rules from The SA Custom Rule Emporium [merchantsoverseas.com] and almost nothing gets through.
If this guy had trouble, it is the fault of the documentation, not the product. Either that, or he was dumb enough not to upgrade to perl 5.8 or above, and spent forever installing modules.
He says:
Funny how when you install an old version of the product, it seems outmoded, hmmm?
Sheesh.
Pixie
He was trying to make a point (Score:4, Interesting)
Notice that he deliberately took a standard install from RedHat 9, something some IT person (Not a tr00 g33k) might buy at CompUSA. He then tried to install the provided product. Clearly, a tr00 g33k would go and download the latest release, but keep in mind that not everyone is so comfortable with being on the bleeding edge - I believe that this was a point he tried to make. There is also the perception that the release provided with a "product" such as RedHat 9 will be up to the same standards as the OS.
While it's true the latest version has default rules and whatnot - it's quite likely that his older, more out of date version does not. In fact, going briefly to the spamassin home page the links for the 2.5 and 2.4 release documentation are broken.
The point to be made was: OSS needs to be more buttoned up. Notice that he said that he had no trouble installing redhat 9. That's becuase the installer is rather good.
Commercial Guarantees, eh? (Score:5, Insightful)
(http://www.uberm00.net/ | Last Journal: Monday January 19 2004, @09:27PM)
11. LIMITED WARRANTY FOR PRODUCT ACQUIRED IN THE US AND CANADA.
Microsoft warrants that the Product will perform substantially in accordance with the accompanying materials for a period of ninety days from the date of receipt.
YOUR EXCLUSIVE REMEDY. Microsoft's and its suppliers' entire liability and your exclusive remedy shall be, at Microsoft's option from time to time exercised subject to applicable law, (a) return of the price paid (if any) for the Product, or (b) repair or replacement of the uct, that does not meet this Limited Warranty and that is returned to Microsoft with a copy of your receipt.
Note that a) no updates or fixes are guaranteed, b) your only remedy is media replacement or a refund, and c) this choice of remedy is up to Microsoft.
I love it when people claim that you're taking a huge risk with open source software without guarantees. Microsoft says their software will work, but isn't saying that if their software doesn't work, they have to fix it.
modifying subjects and other content (Score:3, Interesting)
I know you're just joking, but to be serious for a minute, the reason not to do that is because you'd be transparently altering someone else's copyrighted property. Overzealous and/or overworked sysadmins misconfigure SA to globally analyze all incoming content and then to alter email subjects based on its opinion. This is an invasion of content, certainly prone to false positives because antispam scanning is an individually trained process, and breaks the trail of reply threads at least on a visual basis. There are always going to be tons of misconfigured or RFC ignorant smtp servers out there, and being compatible with them is what makes the Internet work. That would include corporate servers, legitimate opt-in bulk mail, and opt-in mailing lists run by Some Dude. There will be people on a mailing list whose personal content is always publicly marked by certain recipients as spam! It's confusing, insulting, and unnecessary. SMTP has invisible meta-tags in its headers to allow for that, and agents are supposed to respect them.
This is fine for using SA's global config as your personal config for your own little systems, but not for an ISP or business.
According to spamassassin.org:
Personalized Bayesian training (Score:3, Informative)
-- casual readers may skip the following details
In an attempt to mitigate this, SA makes an unfortunate mistake in its unsupervised learning algorithm - it uses a different set of rules for training than it uses for marking mail as spam or not. So you can easily have email marked as spam but have the system trained as non-spam (or vice versa). This introduces systematic bias into the learning so that spam detection can get worse in the long run. As a further attempt to mitigate this problem, the learner uses a higher spam threshold, so many spams that are correctly marked do not contribute to the learning process. There is no way to set the SA configuration parameters to eliminate these biases (setting the learn threshold does *not* do it).
--- end of gory details
It is not too difficult to set up SA for personalized learning. Just pipe your mail to the following command:
spamassassin -e
If the return code is 0 (non-spam) also pipe the mail to
sa-learn --ham --single
If the return code is 1 (spam) pipe to
sa-learn --spam --single
If you do this you are guaranteed that the statistics recorded in your personal bayes db correspond exactly to the judgements made by SA.
In addition to this you must correct SA when it makes a mistake, by piping the message to sa-learn again with the right flag. You may be able to set up a macro in your mail reader to do this.
This isn't as easy to set up as it should be, but it is *very* effective.
In the last year I've received 20,000 non-spam and over 100,000 spam messages & viruses (30,000 if you eliminated the "Cumulative Update" messages, which SA caught just fine.) About 100 spams have gotten through (a couple a week) and about 10 false positives have occurred. All of the false positives have been 'weird' - advertising, automatic responses, or web pages that were forwarded to me. As far as I know (and I do check periodically) I've had no false positives in the last 50,000 spams.
My preliminary analysis indicates that personalized learning reduces both false negatives and false positives by a factor of ten. I'll report more systematic analysis in due course.
what is it with those guys? (Score:3, Insightful)
(http://www.spamgourmet.com/)
PC Magazine [pcmag.com].
Spamgourmet [spamgourmet.com] (open source and free to use) was lined up against several commercial offerings, and was rated the lowest. It was clear from the review that he didn't spend much time learning about how spamgourmet works -- he wound up faulting it for perceived problems that were addressed by features that he ignored in the review.
Not to be cynical, but if I were a tech reviewer, I might be afraid of lawsuits resulting from my reviews -- open source projects have no revenue, and therefore can't prove up any damages in court. This might make me more likely to choose the open source alternative to get the shaft. Hopefully that's not what's going on here, but you've got to wonder...
My letter to the author (Score:5, Insightful)
(http://slashdot.org/ | Last Journal: Monday January 31 2005, @05:48PM)
Mr. Harbaugh,
This letter is in response to your InfoWorld article titled "Commercial solutions win, spam loses." In that article you portray all commercial spam solutions as winners and you portray the only open-source spam solution you reviewed as a dismal failure. I must say that as a professional in the anti-spam field I'm am truly disappointed by your incomplete and inaccurate assessment.
You start the article off quite well. Your introduction regarding two of the possible types of spam filtering is in terms that the average reader can understand. The introduction is also technically accurate, although it doesn't mention the other ways to filter spam.
You quickly take an opportunity to kick dirt on SpamAssassin by claiming it filters a fraction of the amount of spam all the commercial solutions filter. You hint at something during that statement when you said that SpamAssassin's "age showed in my tests," yet you fail to actually make it apparent to the user what the real truth is. I must ask, why did you choose to compare such an ancient version of SpamAssassin to the current versions of the four commercial products? Version 2.44 is over 9 months old. Spam filtering techniques are constantly evolving to filter a continually changing target. Comparing a 9.5 month old copy of SpamAssassin to the current version of BrightMail is like comparing a 1990 Chevy Silverado to a brand-new 2004 model. As an author and professional in the IT industry writing a column for InfoWorld, one of your goals is accuracy and fairness in reporting, is it not?
You make numerous false statements regarding SpamAssassin in your article:
1) "All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves... SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users."
This is simply not true. SpamAssassin allows its users to add whitelist or blacklist entries to the personal preferences. It also allows its users to control the scoring for each individual ruleset with SpamAssassin's arsenal. Even the ancient version of SpamAssassin you chose to use had that simple feature. SpamAssassin also has the ability to automatically whitelist senders.
2) "Delegation of specific administrative functions is possible with all the products except SpamAssassin..."
This too is not true. As I said in response to number 1, SpamAssassin allows its users to control the scoring for each individual ruleset. This gives them the ability to disable certain rules, lessen the scores of others, and increase the scores of rules they wish had more weight. For example a user could disable the MAPS RBL DNS blacklist checks, whitelist joe@mydomain.tld, blacklist annoying-spammer@spamdomain.biz, and increase the score of the rule ALL_CAP_PORN to 2. The users can also create their own rulesets. SpamAssassin gives its users a high level of control over their spam filtering.
3) "Finally, in addition to stopping spam, all four commercial products provide content-filtering features, allowing the administrator to block incoming or outgoing e-mail that contains proprietary data, audio or video files, executables, sexually explicit words, or racial slurs. They also provide protection against DoS attacks and directory harvesting attacks."
This one baffled me at first. I'm honestly not sure why you want to compare features that have nothing to do with filtering spam. Filtering racial slurs from an email is
spamassassin-2.44-11.8.x.i386.rpm (Score:4, Insightful)
To moderators. When you mod something "informative", please check the facts first. Spamassasin in RH 9 is 2.44.