-------- Original-Nachricht -------- > Datum: Mon, 30 Jun 2008 12:46:28 +0200 > Von: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > An: [email protected] > Betreff: Re: [dspam-users] How to force whitelisting ?
> > Sat, 28 Jun 2008 00:01:27 +0200, Steve : > Re: [dspam-users] How to force whitelisting ? > > -------- Original-Nachricht -------- > > > Datum: Fri, 27 Jun 2008 14:34:28 +0200 > > > Von: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > > An: [email protected] > > > Betreff: Re: [dspam-users] How to force whitelisting ? > > > > > > > > I am the only one which asking how to force whitelisting ? > > > > > Looks like. Anyway... you could force whitelisting by directly > > incrementing the whitelist token in the storage. For example in MySQL > > you could do this (I echo the SQL statement, but I think you get the > > point). > > > > Assuming the DSPAM user id where you want to force whitelist token is > > 4. Assuming the message you want to extract the From header is > > in /tmp/test.msg. Assuming you need 10 innocent hits for getting a > > From header line to be whitelisted, then something like this below > > would print out the SQL statement you need to execute in order to get > > that particular From line whitelisted: > > > > _dspam_user_id="4"; > > > > _message="/tmp/test.msg"; > > > > _from_token="$(dspam_crc "$(sed '/^$/q;' ${_message} | sed -n > > 's:^\(From\)\:[\t ]*\(.*\):\1*\2:gIp')" | sed > > 's:^.*CRC\:[\t ]*\([0-9]*\)[\t ]*$:\1:')"; > > > > echo "INSERT INTO \`dspam_token_data\` (\`uid\`, \`token\`, > > \`spam_hits\`, \`innocent_hits\`, \`last_hit\`) VALUES > > (${_dspam_user_id}, '${_from_token}', 0, 10, NOW()) ON DUPLICATE KEY > > UPDATE innocent_hits=innocent_hits+10, last_hit=NOW();" > > Great, this is faster and stronger than generate 20 mails and set them > "innocent". > > > > > > > > > If you want to have a huge bias towards whitelisting for that > > token/user, then increase the innocent counter by 1'000 or even more. > > > > I want to emphasise that this is a hack and that you are polluting > > your statistical data with the above mentioned method. DSPAM is not > > made for such hacks. Probably better would be to completely ignore > > DSPAM on the MTA level for the addresses you want to whitelist. > > > > Keep in mind that DSPAM calculates the CRC/token on the whole From > > header line. And it is CaSeSenSiTiVe! :) > > > > > > As you see below, all the different From lines for the same sender > > produce different tokens: > > > > From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > TOKEN: 'From*Bonnetot Jean-Daniel > > <[EMAIL PROTECTED]>' CRC: 12604099113258623031 > > > > From: Jean-Daniel Bonnetot <[EMAIL PROTECTED]> > > TOKEN: 'From*Jean-Daniel Bonnetot > > <[EMAIL PROTECTED]>' CRC: 14562488709064319461 > > > > From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > TOKEN: 'From*Bonnetot Jean-Daniel > > <[EMAIL PROTECTED]>' CRC: 12594531299795796023 > > > > From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > TOKEN: 'From*Bonnetot Jean-Daniel > > <[EMAIL PROTECTED]>' CRC: 12609785709371195447 > > > > From: <[EMAIL PROTECTED]> > > TOKEN: 'From*<[EMAIL PROTECTED]>' CRC: > > 8608927262636099104 > > > > From: [EMAIL PROTECTED] > > TOKEN: '[EMAIL PROTECTED]' CRC: > > 5384785331067481214 > > Yes, I saw DSPAM is case sensitive and From field are not always the > same for one email address. > DSPAM might read "From" line with specials rules added of the present > token engine like: > - case insensitive > - token build with "[EMAIL PROTECTED]", everything else is > ignored. > So you are purposing to use just the "From" part and then the email address in lowercase without any other element of the from line. Right? Doing so will weaken DSPAM. It is much easier for me to fake "From: <[EMAIL PROTECTED]>" then to fake "From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]>". > > > > > > Keep as well in mind, that the above command just increased the > > innocent hit on the whitelist token but did not update the statistics > > for the user in question. From a statistical viewpoint this is not so > > super good (depending on how much weight you want to give to the > > whitelist token). > > > > Best approach for forcing whitelisting would be to modify DSPAM to > > allow whitelisting from the command line with parameters. This > > approach would ensure that all the different storage backends would > > be able to get updated whitelisting. But I don't think that it would > > be a wise idea to go that path (I mean the forced whitelisting). > > > > Do others on the list see a huge benefit if we would have forced > > whitelisting possibility from the command line? > > I think this is a good idea ! > I would see a benefit in that only if the web interface and the other end-user tools would have a possibility to interact with the whitelisting. Just adding forced whitelisting into DSPAM is from my viewpoint useless. The reason why I think that it is useless is: - The whitelisting could be done more elegant on the MTA level (why even bothering to start DSPAM when you already on the MTA level know that you don't want to filter that email). - Forced manual whitelisting in the content filter (aka DSPAM) would pollute the statistical data of DSPAM and it would fire up the content filter for nothing. - The current implementation for whitelisting is good enough for most end users and it is automatic. The user does not need to maintain the whitelisting as DSPAM does everything for him/her. > > > > BTW: DSPAM does not have domain whitelisting possibility. Would > > however not be a ultra huge development task to get that implemented > > in DSPAM. > > Yes, domain whitelisting is too importante for me. > You mean domain whitelisting done the same way as it is now done with the normal whitelisting functionality in DSPAM or do you mean one where the user can/has to interact with DSPAM in order to populate the domain based whitelisting? -- GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen! Jetzt dabei sein: http://www.shortview.de/[EMAIL PROTECTED] !DSPAM:1011,4869023b150921933212519!
