On 2022-05-08 17:29, Bill Cole wrote:
On 2022-05-07 at 04:42:25 UTC-0400 (Sat, 7 May 2022 11:42:25 +0300)
Henrik K <[email protected]>
is rumored to have said:
There's lots of common headers that are basically huge base64 strings,
creating stupid amounts of random Bayes tokens.
Apparently rulesrc/sandbox/axb/23_bayes_ignore_header.cf was created
to
handle some of these already?
I've found atleast these missing:
IronPort-SDR
X-Exchange-Antispam-Report-CFA-Test
X-Forefront-Antispam-Report-Untrusted
X-Gm-Message-State
X-MS-Exchange-AntiSpam-MessageData
X-MS-Exchange-AntiSpam-MessageData-0
X-MS-Exchange-CrossTenant-UserPrincipalName
X-MS-Exchange-SLBlob-MailProps
X-MSFBL
X-Microsoft-Antispam-Message-Info
X-Microsoft-Antispam-Message-Info-Original
X-Microsoft-Antispam-Untrusted
X-Microsoft-Exchange-Diagnostics
X-Provags-ID
X-SG-EID
X-SG-ID
Wouldn't these be better put directly into bayes/23_bayes.cf instead
of some
sandbox, that's intended more for testing rules than changing SA
config?
Yes.
However, I'm not convinced that all of those are unhelpful for Bayes.
Some will never repeat and so are pure noise, but those which identify
specific senders may be useful. The MS anti-spam headers may be
tokenized into useful pieces (e.g. "NSPM" or "SPM") even if the
headers as a whole are opaque.
Any objections 1) adding these new ones
I have not researched all of those, but I believe that some of those
should in theory be useful in Bayes.
so it would be a need to have opt out for bayes_ignore_header ?
2) moving everything to 23_bayes.cf?
+1
+1
