Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet
Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
|
 |
SpamAssassin |
List Price: $24.95
Your Price: $16.47 |
 |
|
|
|
| Product Info |
Reviews |
<< 1 >>
Rating: 
Summary: Many drawbacks
Review: A comprehensive description of the many features of SpamAssassin [SA] and how it can be integrated with the major mailing programs sendmail, postfix, qmail and Exim. Certainly, the free and open source nature of SA will appeal to some.
But the problem with the book is that it never seriously analyses the many flaws of SA. The most glaring is how it used blacklists. It only applies these against various header fields. Yet it is well known that spammers forge arbitrary sender addresses. Which greatly reduces the efficacy of the blacklist.
Also, the book devotes attention to how SA uses Bayesians. It says how you need a corpus of spam and one of non-spam, to train the Bayesian. Yet this has proved to be a severe constraint on actual usage. The book never says how these corpuses are to be found. In practice, this is done manually. Even worse, the book does not point out that spammers can and are poisoning Bayesians, with innocuous non-sequitur words in their messages. This means that a Bayesian must be continually retrained on new corpuses, that have been manually gathered. Very labour intensive. Few users are willing and able to do so.
Rating: 
Summary: Doesn't cut down on the confusion
Review: Coming into Spamassassin as a new user is very confusing, especially if you don't admin e-mail systems frequently. The spamassassin wiki and documentation are really confusing as well, it seems that nothing really explains the system as a whole very well. Finally, a real book about Spamassassin (I thought). This book skipped over a lot of topics I want to know more about (logging spamassassin activity, how to install razor and pyzor, more information about the RBLs installation and configuration). I don't think so much time should have been spent on Baysean techniques, I find Baysean to be too labor intensive and not practical at all on a site-wide level (which I think the author mentions in the book). This book was good, but not as complete as I was expecting, but as a reference for Spamassassin I suppose it's ok, but not anything better than is online.
Rating: 
Summary: skip the book
Review: Had high hopes when I got this book. Sadly letdown. The book gives a tired old treatment of using a black list to check against the header of a mail message. Now not all spammers forge the header. But many do, as known for years. And they don't just forge the From line. They can also forge the Received lines.
When the author wrote the previous review, he mentioned the Received header lines. But, in general, for an ISP, the only valid header info is what the ISP itself writes. Received lines not written by the ISP can also be forged.
So using a black list on a header can easily be defeated by a spammer. And is being done so by many of them.
But Schwartz goes on to say that SA can now apply the black list against the body links. GREAT! Awesome. This is the key difference between 3.0 and the earlier stuff. Yet, when I went thru the book, I did not see any mention of this. Okay, perhaps I missed it. But if the book actually talks about it, it is in a very obscure fashion.
The new ability in 3.0 is seminal. Because while a spammer can forge headers, if he wants users to click through to his site, he has to write a valid address for himself. When AOL implemented this idea [not using SA] earlier this year, they said it led to the first documented decrease in spam they'd seen.
I repeat- if the book didn't mention the new 3.0 ability, it is grossly deficient. If it did mention it, but scantily, ditto. It certainly deserves at least as much space as was given to Mr Bayes.
Rating:
Summary: Less than I wanted
Review: I'm sure that the Spamassassin developers are doing the best they can, but the sad fact is that the spammers are winning the war.
I don't think there really is a good solution for spam right now. Blacklists don't work, Bayesian filters don't work - nothing works well enough to stop spam entirely.
Still, Spamassassin is useful, and because it is configurable (and open source), you at least have complete control. That assumes, of course, that you understand how it works. That's the reason to buy a book like this, but I was a bit disappointed in that area. I'm not sure yet whether the fault is Spamassassin - maybe it's just not as configurable as it should be - or this book just not explaining things very well.
For example, I note that an awful lot of the spam I get is from certain IP blocks. I don't want to block out large ranges arbitrarily, but I thought it might be interesting to increase the Spamassassin score if the sender was in one of those ranges.
Well, if there is a way to do that, I still haven't figured it out. It could be me - maybe I just haven't read things carefully enough - but I didn't feel that I understood Spamassassin after reading this. Maybe this needs to be a bigger book - only about 100 pages are devoted to configuration and modifying rules, the rest is installation advice.
On the other hand, there's nothing else out there, and this isn't totally without value. If you are using Spamassassin, you may want to pick this up - it could be a long wait for anything better.
Rating: 
Summary: Took some thinking about configuration but works great
Review: SpamAssassin is the immensely popular open-source spam solution for the Linux/Unix world. This book covers version 3.0, which, curiously enough, is not included with the book. This is pretty unusual in the open-source world since it costs very little to put a copy of the program onto CD and bind it into the book.
The reasons for SpamAssassin's popularity include its high level of customizability, the ability to change the rules and the weights assigned to those rules, automatically report spam to clearinghouses, ability to interface with other resources on the internet including DNS blacklists, ability to create a whitelist, and the ability to work with a wide variety of mail systems including sendmail, Postfix, qmail, and Exim. One of the really nice features is the ability for the system to automatically add a person to the whitelist if you send an outgoing email to that person.
Of course all of this requires an understanding of how SpamAssassin works and how to configure and tweak it to get it to do what you want. That is where this book comes in. The author has done an excellent job of explaining not only the concepts but also the details of how SpamAssassin works and how to tweak it to work best in your environment. This is easily one of the most clearly written and understandable books on configuring the software that I have read. SpamAssassin is highly recommended for anyone on a Unix-like system who is considering using the program as a spam control solution.
It took some time to figure out how to configure it best for my needs but my spam is down over 90% with no false positives. Don't expect the author to spoon feed you what is best for your system, but he gives you the information to design one that works for you.
Rating: 
Summary: Re: Boudville's review
Review: Thanks for the review. You are correct that the book focuses on getting the most out of SA, and not on criticizing SA per se (although other approaches are mentioned briefly).
Blacklists applying to header fields is not a flaw - particularly when the Received header is considered, and when you consider that spammers have no incentive to forge blacklisted addresses. Moreover, SA 3.0 can apply URI blacklists to URIs in message bodies, not just to headers.
The book does discuss how you'd acquired a corpus for training, and the research to date (see, e.g., Paul Graham's plan for spam FAQ and presentations) suggests that non-sequitor words included by spammers are not, in fact, effective at poisoning Bayesian classifiers, except under uncommon circumstances. My own experiences are similar - innocuous words do not ruin filter efficacy.
<< 1 >>
|
|
|
|
