A quick post with two questions:
- What spam-filtering software do you recommend?
- Is there a PAM module for testing with HaveIBeenPwnd?
- If not would you sponsor me to write it? ;)
So I've been using crm114 to perform spam-filtering on my incoming mail, via procmail, for the past few years.
Today I discovered it had archived about 12Gb of my email history, because I'd never pruned it. (Beneath ~/.crm/.)
So I wonder if there are better/simpler/different Bayesian-filters out there at that I should be switching to? Recommendations welcome - but don't say "SpamAssassin", thanks!
Secondly the excellent Have I Been Pwned site provides an API which allows you to test if a password has been previously included in a leak. This is great, and I've integrated their API in a couple of my own applications, but I was thinking on the bus home tonight it might be worth tying into PAM.
Sure in the interests of security people should use key-based authentication for SSH, but .. most people don't. Even so, if keys are used exclusively, a PAM module would allow you to validate the password which is used for sudo hasn't previously been leaked.
So it seems like there is value in a PAM module to do a lookup at authentication-time, via libcurl.
Tags: bayesian filtering, haveibeenpwned, linux, pam, spam 4 comments