How A Sysadmin Got His Email Under Control

All of this discussion about declaring email bankruptcy got me thinking about what I did last year to deal with my email. I was sorting through 400 new messages a day, and it was overwhelming. I would delete most of the messages without reading them, because they were:

– Mailing list traffic that I never read. Even when I filtered the mail to another folder some would leak through because lots of n00bs just cannot resist bcc’ing the list.

– Automated messages from systems, bereft of actual content. As a system administrator I get all sorts of useless messages from devices and systems.

– Spam. Lots of spam was leaking through my filters.

So beginning in November, I started a three-pronged attack on my email.

1) I unsubscribed from any mailing list that I filtered to another location. If it wasn’t good enough to keep up with I got off the list. I swapped RSS feeds for email when possible. This took about a week to accomplish.

2) I disabled most automated email from systems I support. As I received messages I would classify them as useful or not useful. Ones that aren’t useful are systems telling me nightly that everything is okay, or that the weekly restart of a process went well. Why doesn’t it just tell me when something is wrong?

When “not useful” ones arrived I’d change that system to notify me only when something interesting (to me) happened, or remove the notification script completely so it didn’t bother me anymore. Often I could have my monitoring systems do this work instead of a custom script. The initial effort took me about a month, and I have to be constantly vigilant about new systems. I swear, some of my coworkers think the amount of email they get from their systems is directly proportional to their status as an admin.

3) I wrote a script to retrain SpamAssassin’s Bayesian filters nightly. Every few weeks I’d retrain my filters manually, but that was annoying, and I’d forget to do it. So I wrote something to do it for me. It’s fairly straightforward:

a) Take my spam folder and move it to an archive. This way my spam folder doesn’t get huge.

b) Run sa-learn on that archived spam folder to teach it about spam I’m currently receiving.

c) Use grepmail to extract messages I’ve read today (grepmail -j R -d today /path/to/mbox/file). Not all mail, but only the things I’ve read. That way when I don’t check my email for a few days I don’t inadvertently teach my filters the wrong things. Once you have this in a temporary mbox file run sa-learn on it to teach it about the “ham” you get.

Now I get 40-60 messages a day. It still isn’t perfect (my latest quest is removing false alarms from my monitoring systems) but it is a lot better than where I was.