Recommend a server-side email classifier

submitted by Zak edited

I've been self-hosting email with Maddy for a bit, but haven't shared any of the addresses widely yet in part because I haven't set up a spam filter. I'm pleased with Maddy; there's much less to learn to get a server up and running with sane default behavior than with the email software of old.

Ideally, I'd like to go beyond just spam filtering and have something with arbitrary categories like newsletters and password resets. I would prefer that it learn categories when I move messages to IMAP folders from a mail client. Maddy can feed messages into arbitrary programs and pick a destination folder based on their output.

Web searches turn up a ton of classification programs, most of which seem to be more interested in playing accuracy golf with well-known corpora than expanding functionality beyond simple spam filtering.

Log in to comment


Rob Bos

I've been using rspamd for a while. It may be extensible to do token based classification like you want but it may take some work.


Popfile was pretty great. Sadly it was abandoned 8 years ago.

Zak [OP]

Abandoned doesn't necessarily imply no longer useful. Sometimes, though rarely in the modern world software is *finished*.

I may give it a try. It does actually have the features I'm asking for.


Yes but in this case it's something that parses stuff received from internet, not a calculator or a sudoku app. There's a tiny chance that a specially crafted email could be exploited. It's very unlikely that it would be explicitly targeted as it's a niche app that now gets less than a download a day, but still IMHO it's dangerous.

On the fdroid community I once recommended to everyone a 100% offline app that generated generic images for contacts without pictures and because it was abandoned in 2018 I was downvoted by many who would say "what if an attacker with some top tier social engineering skill persuaded you to use a specially crafted exploited image as a contact picture on your phone, then when you used this app to parse existing picture, the 6 years old image library would be exploited and your phone hacked??" - something that has the same probability of "what if the same day you found on the ground a winning lottery ticket a meteorite hits the ground, bounces back all the stairs and hits you while waiting the subway pushing you on an incoming train?"

Zak [OP]

That's a valid point, though it looks like Popfile's installation instructions call for manually installing libraries, presumably current ones. I think it processes only text, not PDFs or images, which are traditional sources of vulnerabilities. I'm fairly certain it doesn't attempt to execute Javascript. It is, itself written in Perl, which is memory-safe.

It's worth considering security because there's so much malware out there trying to spread indiscriminately, but Popfile is less vulnerable than an Android app (which bundles its dependencies) or anything written in C (which is subject to all kinds of memory management bugs).