>Wouldn't it be as simple as changing:
Yes, quick and dirty.
>Is there a risk to doing this?
your way - yes
a simlar way possibly - no
You'll see improvements in some minutes.
Thaoms
Von: K Post <nntp.p...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 12.05.2015 15:46
Betreff: Re: [Assp-test] fixes in assp 2.4.4 build 15130
Thanks for considering the concepts I was talking about for future
releases. If senderbase shouldn't consider the hostname, then why do we
have it doing so if the domain isn't returned (lines 28449-28451 of
version
15130)? Now listen, I really like having that because it's better than
nothing, so please don't remove that new change, but what's the downside
of
using the info returned by senderbase to consider the hostname? Wouldn't
it be as simple as changing:
28471 if ( $orgname =~ /($whiteSenderBaseRE)/ 28472 || $domainname =~
/($whiteSenderBaseRE)/ ) 28473 { to
28471 if ( $orgname =~ /($whiteSenderBaseRE)/ 28472 || $domainname =~
/($whiteSenderBaseRE)/ || $hostname =~ /($whiteSenderBaseRE)/) 28473 {
and maybe a could comparisons below that? Is there a risk to doing this?
And yes, I absolutely hear you about who >>should<< be correcting the
corpus. Unfortunately, that's not the situation I'm in. I'm not an admin
with ultimate power. If I put those who won't contribute by correcting
but
who complain into spamlovers, I wouldn't need to worry about this
installation anymore, because my career here would be over. The charity
would suffer as would the other charities that piggyback on the service.
It's not optimal, but it's what I have to deal with. I don't want to lose
my job and I really don't want to stop supporting this organization - it's
a great cause with meaningful impact to those that we serve. It just some
,anagement personalities who are the problem...
On Mon, May 11, 2015 at 1:29 PM, Thomas Eckardt
<thomas.ecka...@thockar.com>
wrote:
> >I believe how it is intended, to help insure that a single
> layer inaccuracy (say bayesian) will incorrectly block a message.
>
> IMHO it is a wrong approch of an assp-admin, to try to manage the
> detection behavior of assp using the hundreds available exception lists.
> Exceptions should be set as general as possible - less could be more. It
> is better to spend some more time in corpus maintenance and enduser
> workshops (BlockReporting + reporting spam/ham + personal black/white).
> The self learning algorythm of assp V2 is one of the best. It learns
just
> in time within some seconds or minutes, without the need of a complete
> rebuildspamdb. Inceasing the privacy level (Bayes,HMM, ...) increases
the
> detection correctness to an amazing high level.
> It is better to let spam through - and give the decision in hand of the
> endusers, than try to manage hand made exceptions for them. As a admin
> prevent massive spam attacks , manage the well known WHITE and the well
> known BLACK - everything inbeween should be managed by the endusers.
> If endusers are not willing , include them in allSpamLovers ( ccSpam
is
> also a nice feature :):):) ) and let them feel what SPAM is.
>
> Thomas
>
>
>
>
> Von: K Post <nntp.p...@gmail.com>
> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> Datum: 11.05.2015 16:53
> Betreff: Re: [Assp-test] fixes in assp 2.4.4 build 15130
>
>
>
> Thomas,
> When you said white and black IP lists, which lists (by name please) are
> you talking about?
>
> I see the whitelistedIP list, but I don't want these allowed emails to
> contribute to the whitelist or notspam corpus, I just want to give them
a
> bonus score, like senderbase functionality allows. I know I can give a
> bonus using a bombheaderre, but why not have this also in Senderbase? It
> keeps this kind of thing in one place. You've already got the new code
> looking to the hostname, but, if I understand it correctly, that's only
if
> the domain isn't returned by senderbase. What's the downside to just
> having an "or" match here to catch a given value in WhiteSenderBase if
it
> appears in the neetwork name, domain name, OR the hostname?
>
>
> Greyhat-
> I've been using assp since 0.34, back in the John Hanna days. I'm not
> trying to use senderbase as a single layer. Quite to the contrary, I
use
> senderbase, I believe how it is intended, to help insure that a single
> layer inaccuracy (say bayesian) will incorrectly block a message. I
like
> that the data comes from Cisco's ironport network, vs simply a reverse
DNS
> to global servers.
>
> I'm suggesting what I perceive as an improvement to ASSP for Thomas'
> consideration.
>
> Sometimes its those little things that can make a big difference. One
of
> the things I'm battling is an inaccurate corpus. This isn't ASSP's
fault
> -
> it's due to my job responsibility having changed several years back, no
> one
> else paying attention when there was supposed to be someone, using very
> old
> v2 code, and some lousy settings for about 3 years before now. Now that
> I've convinced the powers that be that this has gotten out of hand,
we're
> back on track and the corpus is improving greatly.
>
> Giving senderbase the ability to look down to the hostname would help me
-
> if there's another way, I'm all ears.
>
> On Mon, May 11, 2015 at 8:39 AM, Grayhat <gray...@gmx.net> wrote:
>
> > :: On Sun, 10 May 2015 22:54:08 -0400
> > ::
<CALhpkAkJ83fODX8sO9h8EHYrs6Ev=oozgitp7zngrqqznkb...@mail.gmail.com>
> > :: K Post <nntp.p...@gmail.com> wrote:
> >
> > > example:
> > > 63.249.66.210 SenderBase: status=not classified, data=US, CRUZIO,
> > > cruzio.com, , Y, 19, changedetection.com
> > > SO GREAT that it shows the changedetection.com hostname in the
> > > analyze gui now, but it's not matching my whitelist, because the
> > > domain of cruzio.com takes priority. If only ASSP would look to the
> > > hostname as well, regardless of if there's a domain listed, we'd be
> > > golden.
> >
> > the purpose for the senderbase queries is different, it's used to find
> > the IP *owner* country (as opposed as the IP country, a big player may
> > use IPs spread all over the globe but be based in country "XX") and
the
> > owner informations; when it comes to IPs and domain/host names we have
> > DNS lists and URI lists... and sincerely it seems to me that you are
> > missing the inner working of ASSP, see, the code uses a "layered
check"
> > approach where each bit and piece contributes to the scoring; my
humble
> > suggestion is to try reading the archives of this list and/or looking
> > at the ASSP source code
> >
> >
> >
> >
>
>
------------------------------------------------------------------------------
> > One dashboard for servers and applications across
Physical-Virtual-Cloud
> > Widest out-of-the-box monitoring support with 50+ applications
> > Performance metrics, stats and reports that give you Actionable
Insights
> > Deep dive visibility with transaction tracing using APM Insight.
> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
>
>
------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
