Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

One Year SpamGeek

Daniel Nashed  3 January 2009 16:37:58
A year ago I put the first version of SpamGeek into production. SpamGeek is my own anti-spam solution based on an Extension-Manger hooking directly into the SMTP task.
I decided to write my own anti-spam solution as a weekend-fun project and it is a free solution for smaller environments for up to 5 users.
There are still no commercial plans because for larger customers IBM Lotus Protector and Ironport are the best fit.

After some optimization I have around 99% spam-hit rate. I have around 2-4 spam messages per day still going thru.
Around 7% of my incoming traffic is good mail. Everything else is SPAM (see stats below).

SpamGeek gives me very detailed logging and helps me to figure out problem in the SMTP configuration of my customers and partners.

The combination of very detailed logging and a flexible rules based configuration is specially helpful for admins who want to be in full control of their SMTP traffic.

Below is a current statistic from December 2008.
Another interesting statistic is that in 80% of the cases no RBL lookup is needed to determine the message status. RBL checks are skipped when a message is already rated as "good" or "bad" thru other rules.
This can be based on simple build-in rules or the Domain/IP cache for the IP or Domain.

So after a year looking into SpamGeek and a couple of optimization steps thru lessons learned from the SPAM stats, I am very happy that I decided to build my own anti-spam solution :-)

-- Daniel


December 2008 Message Stats
7%
933
  Accepted
0%
24
  Delayed
2%
265
  Greylisted
69%
8743
  Blocked
12%
1484
  Domino Rejected - User not found
1%
150
  Tried Relaying
7%
901
  Client terminated Connection
0%
4
  Second Message No Data
1%
77
  No Message
12581


Comments

1Robert Ibsen Voith  03.01.2009 19:03:07  One Year SpamGeek

As one of the lucky beta testers, I can only clap my hands very hard for SpamGeek Daniel. It goes far beyond anything else I have tried (such as OpenNTF kSpam for example).

I am not sure why you suggest only very small companies (you say something about 5 users) as targets for SpamGeek. In Norway I would guess than many many small customers don't want to go the full run with IBM Protector etc. SpamGeek could be perfect for those. Would you care to elaborate a little why you recon SpamGeek to be best targeted at (very) small companies?

Again, thanks alot!

2Daniel Nashed  03.01.2009 20:38:49  One Year SpamGeek

@Bob

thanks for your nice feedback! I have designed SpamGeek as a solution for "geeks". The installation is quite easy and can be done in 5 min. with the default configuration. But if you need to customize it you have to look into the nasty details of rules and formulas (very flexible but can cause trouble if someone is not familiar with it).

But this is not the main reason why I think this is not a solution for large customers. I would target the solution to customers up to 100 users. Beyond that I would recommend using Lotus Protector or Ironport. Below that one of those solutions might be over kill.

SpamGeek would work for larger environments if you reduce the logging. By default the logging writes down every message including SPAM. So with reduced logging it could be used by larger environments. The current monitoring has shown that the rules do not take much CPU and the log documents are designed to be first only created in memory plus the IP/Domain cache docs are searched by UNID thru a MD5 hash.

Beside that the exception rules might be a little hard to manage in larger organisations but I guess this is the same for any kind of solution.

So my main concern would be performance and scalability. 100-200 users should be still fine and I bet it would also handle much more users.

Also you have also to take care about anti-virus. In am currently thinking about adding a simple anti-virus solution to scan mail with attachments.

I have the code already prepared to optionally put messages on hold I just had no time yet to finalize the server task to hand the attachments over to a virus scanner.

-- Daniel

3Robert Ibsen Voith  05.01.2009 10:13:04  One Year SpamGeek

@Daniel

Good answer!! I also think that your anti-virus hook sounds very interesting! This means that I could probably get rid of my expensive Symantec subscription and use AVG (or similar) with command-line scanning, right?

4Ove Størholt  05.01.2009 11:17:16  One Year SpamGeek

Hi Daniel and a happy new year to you!

Is it possible to try out Spamgeek? I have a private Domino server running on top OpenSuSE 10.x.

Thanks and see you as Lotusphere!

Best regards from Ove

5Daniel Nashed  05.01.2009 11:18:18  Antivirus

@Bob,

yes the idea was to use something like AVG and build a customizable interface to build in any anti-virus solution. But as always the devil is in the detail.

Actually AVG was my first idea to look into. But I had not time yet to look into details of the AVG tools.

We could probably do something together. I build the command line interface and the configuration and you test AVG ;-)

Let's check details off-line ...

-- Daniel

6Daniel Nashed  15.01.2009 1:07:57  One Year SpamGeek

sure you can try and use it for free in smaller environments. just drop me a mail and I can send you the current version.

it should also work on OpenSuSE but I cannot test it on OpenSuSE because it is not a supported platform for Domino.

But if OpenSuSE works for you, SpamGeek should work too ;-)

The only requirement you have to use SpamGeek is that your MX record points to Domino.

Without that some of the features are not affective.

-- Daniel

7Robert Thresher  11.05.2010 21:07:45  One Year SpamGeek

Karsten Lehmann has told me about your product, May I have a copy for my small server? I do Mindplan on Domino on Linux, or Lotus foundations Start/Branch office. It would be nice to have a Domino solution. Does this work for Linux? We have only 5 users

8Daniel Nashed  19.05.2010 10:58:55  One Year SpamGeek

@Robert, sent you the current version. Sorry for the delay. I have been on holidays for a week.

-- Daniel

9Michael Fritzsche  13.12.2019 9:29:59  One Year SpamGeek

Is there a way to get spamgeek to evaluate it with my personal domino?

Links

    Archives


    • [IBM Lotus Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]