About Archive Tags RSS Feed


Recommendations for software?

15 September 2018 12:01

A quick post with two questions:

  • What spam-filtering software do you recommend?
  • Is there a PAM module for testing with HaveIBeenPwnd?
    • If not would you sponsor me to write it? ;)

So I've been using crm114 to perform spam-filtering on my incoming mail, via procmail, for the past few years.

Today I discovered it had archived about 12Gb of my email history, because I'd never pruned it. (Beneath ~/.crm/.)

So I wonder if there are better/simpler/different Bayesian-filters out there at that I should be switching to? Recommendations welcome - but don't say "SpamAssassin", thanks!

Secondly the excellent Have I Been Pwned site provides an API which allows you to test if a password has been previously included in a leak. This is great, and I've integrated their API in a couple of my own applications, but I was thinking on the bus home tonight it might be worth tying into PAM.

Sure in the interests of security people should use key-based authentication for SSH, but .. most people don't. Even so, if keys are used exclusively, a PAM module would allow you to validate the password which is used for sudo hasn't previously been leaked.

So it seems like there is value in a PAM module to do a lookup at authentication-time, via libcurl.



Comments on this entry

icon cstamas at 19:43 on 14 September 2018

rspamd is getting popular nowadays. I have not spent much time on it and i am quite pleased with the results so far.

icon Evaryont at 06:46 on 16 September 2018

I use rspamd and enjoy it quite a bit. It's been very effective, as I've set it up to also greylist which handles most spam, and the stuff that does make it through is detected appropriately. The defaults are fairly solid.

I don't know of a PAM module for HIBP, but I'd chip in to help sponsor it. I'd imagine that Troy might be willing to as well, or know someone who is. Getting it on every Linux server would be a huge boon to the community.

icon Jonathan at 12:28 on 16 September 2018

I still use crm114. Now you know, you can prune that cache, or just disable it.

icon Steve Kemp at 04:13 on 17 September 2018

I've setup rspamd now, and have been sponsored to write a PAM module.

I didn't realize that there was a cache to disable for crm114, but given the lack of updates it seems like moving on isn't a bad thing.