[albatross-users] revisiting checkboxes..
Eric S. Johansson
esj at harvee.org
Fri Jun 27 13:58:11 EST 2003
Michael C. Neel wrote:
> If you look back at my first posts to this list; you'll see I also had a
> very tight interface issue that I needed help with (a set of filters,
> the number is unlimited and the user just keeps "add filter" or "remove
> filter" and each filter had a set of controld to display and remember
> state on because it was step 6 of 8 in a wizard). I ended up going the
> albatross_alias/class route and still prefer that method when it's
> needed.
I'll have to read up on that. One of the things that occurred to me after my
last message about selling the wrong problem is that I probably need to had a
new version of "list" which is "listall" which will return a list of all items
in the group as well as their state. It's probably only useful for checkbox but
you never know.
> If you don't mind, do you plan on open souceing this spam tool? What
> are it's server reqs? Will it run on qmail? If so I'd be interested in
> using this when it done ;)
it is open source already (camram.sourceforge.net) the current version is a few
fries short of a happy meal in a few areas but the filter is fundamentally
sound. What I've got on my pack is a version which uses enhancement of the
python configuration variable class, a bunch of minor bug fixes. I'm working on
a reimplementation of the current spamtrap user interface with extraction of a
bunch of classes for reuse in the dumpster interface. Then I'll create the user
configuration editing tool.
camram is the first practical sender pays antispam system. I described as
practical because while it does allow for sender pays e-mail, it doesn't dictate
that all messages must have a stamp. There is a three filter chain between
stamps, white list (who you know), and a Bayesian style discriminator. The
system also includes a stamping utility designed to work with an SMTP proxy
called e-mailrelay. The Bayesian discriminator is crm114 which works pretty
well but is going through some fairly major changes by itself.
the discriminator phase categorizes messages into good, bad, can't tell. Good
is passed on to the inbox, bad and can't tell is spamtrapped.
the system includes the capability of sending notices or postage to notices.
I've put a great deal of effort into minimizing who gets notices. For example,
only can't tell messages get notices. Additionally, if the message has
indicators that it might have come from a mailing list, it won't send a message
either to prevent annoying folks on a mailing list.
server requirements: all needs is the ability to inject itself somewhere in the
delivery process. I'm currently using procmail because it's convenient. If you
want to make it work with something else all I require it is for message to be
converted to python e-mail object format and I will return it in the same format.
you can run the system and either global mode or individual mode. Global mode
uses one set of discriminator profiles and white list for everyone on the
system. individuals have their own profiles. managing the spamtrap is left up
to a small number of individuals. This is typically what you would use for a
corporate environment.
in individual mode, everyone gets their own spamtrap, white list, discriminator
profile etc. Hasn't been heavily tested because my wife doesn't want to be
bothered with managing her own spamtrap.
Load isn't too horrible. I have it running at one commercial client on midrange
Pentium III and it's just running for them without noticeable load. Unlike Spam
assassin which regularly hammered the machine and caused major headaches.
the next release is waiting for: the user interface tools (no problem
advertising albatross if folks want), changes to the SMTP proxy to single thread
the filter/stamp generator but queue up additional requests, Java applets and
CGI for the postage due notice and browser based stamp generation. would be
nice to have a better authentication system than the traditional htaccess methods.
needs list:
help with user interface implementation (this should come as no surprise)
taking over some of the work so I can concentrate on the ietf protocol proposal
crypto extensions
did I forget to mention the crypto extensions? In a nutshell, put your public
key on every single message outbound. Once you've exchanged stamped messages
with someone, you can "trust their key" a little bit. Then you can sign and
encrypt messages between yourselves automatically with no passphrases. Yes, it
has some weaknesses like MITM but on the other hand, it's an order of magnitude
more secure than postcard mail today and far far easier to use than pgp.
I tend to get a bit passionate about this project and ramble on especially if
I've been up too late like I have been again.
---eric
More information about the Albatross-users
mailing list