Friday, October 21, 2005

Spam Fighting with Mac OS X

Back in May, I made a decision to dogfood my home and office, so I switched my servers from Linux-appliance sytems (ClarkConnect at home and SME Server at work) to Mac OS X Server running on a matched pair of Mac minis. They're nice, slick, simple, and much easier to administer than even the appliance distros were (OK, they're not much easier, but they are pretty easy when you're an Apple-Certified person like I happen to be). The minis make good, solid webservers for mainly static content, and Mac OS X Server provides good file, print, and web services along with integrated Squirrelmail for webmail and amavis for an interface to both ClamAV and SpamAssassin.

Unfortunately, the amavis config is slightly broken by default, and it's not yet been fixed by Apple. Out of the box, Bayesian training doesn't work correctly. A workaround is at the excellent site AFP548, but that's not the only glitch - spammers have learned lately to start routing mail through backup MX systems so as to hopefully bypass detection. And different SA configurations are set to handle forwarded mail differently - Tiger Server's trusts it and it's a pain to change that (though possible).

My solution for home use was to simply stop my backup MX service that I was getting from ZoneEdit (who handles my DNS) - presto, instant 10-fold spam reduction! The other fix was to add blacklisting at both home and work. I am using the sbl-xbl.spamhaus.org blacklist, which is doing a pretty good job of reduction. Then, at the office I usually leave my desktop iMac on all the time so I can remotely drive it when needed. Now I leave Mail.app open as well, and since it has a very nice spam catcher I let it snag spam and train it as well. All in all, I see only a spam or two per day on my Treo, typically.

After the next scheduled Mac OS X update (10.4.3, due in the next week or two), I am going to re-address the issue and work on tweaking SpamAssassin's settings. Overall, the mail subsystem in Tiger is solid and functional, but Apple still needs to make fine-tuning a little easier.