Sat, 28 Jun 2008 00:01:27 +0200, Steve : Re: [dspam-users] How to force whitelisting ? > -------- Original-Nachricht -------- > > Datum: Fri, 27 Jun 2008 14:34:28 +0200 > > Von: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > An: [email protected] > > Betreff: Re: [dspam-users] How to force whitelisting ? > > > > > I am the only one which asking how to force whitelisting ? > > > Looks like. Anyway... you could force whitelisting by directly > incrementing the whitelist token in the storage. For example in MySQL > you could do this (I echo the SQL statement, but I think you get the > point). > > Assuming the DSPAM user id where you want to force whitelist token is > 4. Assuming the message you want to extract the From header is > in /tmp/test.msg. Assuming you need 10 innocent hits for getting a > From header line to be whitelisted, then something like this below > would print out the SQL statement you need to execute in order to get > that particular From line whitelisted: > > _dspam_user_id="4"; > > _message="/tmp/test.msg"; > > _from_token="$(dspam_crc "$(sed '/^$/q;' ${_message} | sed -n > 's:^\(From\)\:[\t ]*\(.*\):\1*\2:gIp')" | sed > 's:^.*CRC\:[\t ]*\([0-9]*\)[\t ]*$:\1:')"; > > echo "INSERT INTO \`dspam_token_data\` (\`uid\`, \`token\`, > \`spam_hits\`, \`innocent_hits\`, \`last_hit\`) VALUES > (${_dspam_user_id}, '${_from_token}', 0, 10, NOW()) ON DUPLICATE KEY > UPDATE innocent_hits=innocent_hits+10, last_hit=NOW();"
Great, this is faster and stronger than generate 20 mails and set them "innocent". > > > > If you want to have a huge bias towards whitelisting for that > token/user, then increase the innocent counter by 1'000 or even more. > > I want to emphasise that this is a hack and that you are polluting > your statistical data with the above mentioned method. DSPAM is not > made for such hacks. Probably better would be to completely ignore > DSPAM on the MTA level for the addresses you want to whitelist. > > Keep in mind that DSPAM calculates the CRC/token on the whole From > header line. And it is CaSeSenSiTiVe! :) > > > As you see below, all the different From lines for the same sender > produce different tokens: > > From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > TOKEN: 'From*Bonnetot Jean-Daniel > <[EMAIL PROTECTED]>' CRC: 12604099113258623031 > > From: Jean-Daniel Bonnetot <[EMAIL PROTECTED]> > TOKEN: 'From*Jean-Daniel Bonnetot > <[EMAIL PROTECTED]>' CRC: 14562488709064319461 > > From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > TOKEN: 'From*Bonnetot Jean-Daniel > <[EMAIL PROTECTED]>' CRC: 12594531299795796023 > > From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > TOKEN: 'From*Bonnetot Jean-Daniel > <[EMAIL PROTECTED]>' CRC: 12609785709371195447 > > From: <[EMAIL PROTECTED]> > TOKEN: 'From*<[EMAIL PROTECTED]>' CRC: > 8608927262636099104 > > From: [EMAIL PROTECTED] > TOKEN: '[EMAIL PROTECTED]' CRC: > 5384785331067481214 Yes, I saw DSPAM is case sensitive and From field are not always the same for one email address. DSPAM might read "From" line with specials rules added of the present token engine like: - case insensitive - token build with "[EMAIL PROTECTED]", everything else is ignored. > > > Keep as well in mind, that the above command just increased the > innocent hit on the whitelist token but did not update the statistics > for the user in question. From a statistical viewpoint this is not so > super good (depending on how much weight you want to give to the > whitelist token). > > Best approach for forcing whitelisting would be to modify DSPAM to > allow whitelisting from the command line with parameters. This > approach would ensure that all the different storage backends would > be able to get updated whitelisting. But I don't think that it would > be a wise idea to go that path (I mean the forced whitelisting). > > Do others on the list see a huge benefit if we would have forced > whitelisting possibility from the command line? I think this is a good idea ! > > BTW: DSPAM does not have domain whitelisting possibility. Would > however not be a ultra huge development task to get that implemented > in DSPAM. Yes, domain whitelisting is too importante for me. > > > // Steve > > > > > -- > > .`'`. BONNETOT Jean-Daniel > > : ': : > > `. ` .` PRIVIANET > > `'` Sys & Net Admin > > > > > > Mon, 23 Jun 2008 12:58:07 +0200, Bonnetot Jean-Daniel : > > [dspam-users] How to force whitelisting ? > > > Hello, > > > > > > Do you know how to force whitelisting ? > > > > > > I have a solution but it is tinkering... > > > > > > For a mail where "From" have to be whitelisted for "To" users. > > > ex : > > > From: Someone <[EMAIL PROTECTED]> > > > To: Otherone <[EMAIL PROTECTED]> > > > ----- > > > i=0 > > > while [ $i -lt 20 ]; > > > do let "i += 1" > > > echo -e "From: Someone <[EMAIL PROTECTED]>\n\n" | dspam > > > --user \ [EMAIL PROTECTED] --source=inoculation --stdout \ > > > --deliver=innocent,spam --class=innocent > > > done > > > ----- > > > > > > The result is : > > > > > > Before : $> echo -e "From: [EMAIL PROTECTED]" | dspam > > > --user \ [EMAIL PROTECTED] --stdout --deliver=innocent,spam > > > --classify X-DSPAM-Result: [EMAIL PROTECTED]; result="Innocent"; > > > class="Innocent"; probability=0.1649; confidence=1.00; > > > signature=N/A > > > > > > After : $> echo -e "From: [EMAIL PROTECTED]" | dspam --user > > > \ [EMAIL PROTECTED] --stdout --deliver=innocent,spam --classify > > > X-DSPAM-Result: [EMAIL PROTECTED]; result="Innocent"; > > > class="Whitelisted"; probability=0.0000; confidence=0.99; > > > signature=N/A > > > > > > As you can see, class become "Whitelisted". > > > Does anyone have a better solution to whiteliste ? Do you know if > > > DSPAM support domain whitelisting ? (every mail from xxxxxx.com > > > would be whitelisted for someone) > > > > > > Thanks > > > > > > -- > > > .`'`. BONNETOT Jean-Daniel > > > : ': : > > > `. ` .` PRIVIANET > > > `'` Sys & Net Admin > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > !DSPAM:1011,4868b98b150921120118676!
