[kw-pm] Book Review: SpamAssassin

[Daniel R. Allen]

Here's my review of the SpamAssassin book which O'Reilly sent me some time
ago.  (Get your own review copy of any of their books, just let me know
what title you'd like and they will send it.  KW.pm also has the same
agreement with Manning and Apress.)
---

SpamAssassin, by Alan Shwartz.  Published by O'Reilly, 2004
Price including user-group discounts: approx. $30 CAD; $22 USD.

It's not an exaggeration to say that SpamAssassin has saved my bacon
over the last three years.  I've had the same domain-name and email
address since 1996.  Consequently, my domain is on quite a few spam
marketering lists.  I get an average of 800 spam messages a day at my
main email address.  Only about 25 of them make it past spamassassin.

SpamAssassin is the most widely known spam filter. While it's not the
only one, it's gained a reputation for stability, effectiveness, and
relative ease of use.  Basic installation usually only involves a few
hours' work, which includes reading and understanding the
documentation.  The installation itself, from CPAN, takes only a few
minutes.

In this case, since it's easy to use, why shell out approximately $30
CAD for a dead-tree book on SpamAssassin?

I see three reasons: the book is reasonably up-to-date and I expect it
will be up to date for the next year at least (covering the latest
major version, 3.0, as well as the previous version, 2.6). It has more
complete information than I've been able to find elsewhere.  And it is
more convenient than the online docs for making comparisons between
different spamassassin setups.

The book is composed of nine chapters.  The first two are
introductory, the third covers rules and tests, including writing
one's own tests, and the fourth covers automated learning by
autowhitelisting and baysean filtering.  They go into reasonable
depth.  They are roughly what I had previously learned from the
doc pages, plus some nice content on writing your own tests
that I found easier to read than the online docs.

The next four chapters cover integrating spamassassin with the four
most popular open-source MTAs, sendmail, postfix, qmail, and exim.
Each one covers MTA architecture, and various methods for setting up
spamassassin (such as during SMTP, after initial reciept, or on final
delivery to the user).  These go into nice detail, with particular
package addons to make things easier for each MTA. One example is
MIMEDefang, a popular add-on mail filter which can quarentine
attachments and scan for viruses.

Don't make the mistake I did at first by flipping to my preferred MTA
and skipping the other three sections.  The MIMEDefang section is only
found in the sendmail chapter, although MIMEDefang is useful for all
four MTAs.  The Exim section is the only one to discuss a fascinating
strategy called "teergrubbing", or using your MTA as a "tar pit",
identifying the spam while the SMTP connection is in prgress and
slowing down the connection, thus tying up the spammers' mail server
for as long as possible.

The last chapter, "Using SpamAssassin as a Proxy," leads me
to my only real criticism of the book.  This chapter seems slapped
onto the end.  It should have been titled "Using Spamassassin as a
Windows Client Proxy."  The assumption is that you'll be running the
proxy on a Windows client; no mention of Apple or Linux here.

There is an appendix of online resources for further study.

For me as a sysadmin, I would consider it worth the time to purchase
and browse this book.  It won't entirely replace a good conversation
with another sysadmin who has already installed the latest version,
but it will give you a much broader understanding of what you're
capable of doing with SpamAssassin with a minimum of fuss.

-Daniel