Mon, 30 Jun 2008 17:56:39 +0200, Steve : Re: [dspam-users] How to force whitelisting ? > -------- Original-Nachricht -------- > > Datum: Mon, 30 Jun 2008 12:46:28 +0200 > > Von: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > An: [email protected] > > Betreff: Re: [dspam-users] How to force whitelisting ? > > > > > Sat, 28 Jun 2008 00:01:27 +0200, Steve : > > Re: [dspam-users] How to force whitelisting ? > > > -------- Original-Nachricht -------- > > > > Datum: Fri, 27 Jun 2008 14:34:28 +0200 > > > > Von: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > > > An: [email protected] > > > > Betreff: Re: [dspam-users] How to force whitelisting ? > > > > > > > > > > > I am the only one which asking how to force whitelisting ? > > > > > > > Looks like. Anyway... you could force whitelisting by directly > > > incrementing the whitelist token in the storage. For example in > > > MySQL you could do this (I echo the SQL statement, but I think > > > you get the point). > > > > > > Assuming the DSPAM user id where you want to force whitelist > > > token is 4. Assuming the message you want to extract the From > > > header is in /tmp/test.msg. Assuming you need 10 innocent hits > > > for getting a From header line to be whitelisted, then something > > > like this below would print out the SQL statement you need to > > > execute in order to get that particular From line whitelisted: > > > > > > _dspam_user_id="4"; > > > > > > _message="/tmp/test.msg"; > > > > > > _from_token="$(dspam_crc "$(sed '/^$/q;' ${_message} | sed -n > > > 's:^\(From\)\:[\t ]*\(.*\):\1*\2:gIp')" | sed > > > 's:^.*CRC\:[\t ]*\([0-9]*\)[\t ]*$:\1:')"; > > > > > > echo "INSERT INTO \`dspam_token_data\` (\`uid\`, \`token\`, > > > \`spam_hits\`, \`innocent_hits\`, \`last_hit\`) VALUES > > > (${_dspam_user_id}, '${_from_token}', 0, 10, NOW()) ON DUPLICATE > > > KEY UPDATE innocent_hits=innocent_hits+10, last_hit=NOW();" > > > > Great, this is faster and stronger than generate 20 mails and set > > them "innocent". > > > > > > > > > > > > > > If you want to have a huge bias towards whitelisting for that > > > token/user, then increase the innocent counter by 1'000 or even > > > more. > > > > > > I want to emphasise that this is a hack and that you are polluting > > > your statistical data with the above mentioned method. DSPAM is > > > not made for such hacks. Probably better would be to completely > > > ignore DSPAM on the MTA level for the addresses you want to > > > whitelist. > > > > > > Keep in mind that DSPAM calculates the CRC/token on the whole From > > > header line. And it is CaSeSenSiTiVe! :) > > > > > > > > > As you see below, all the different From lines for the same sender > > > produce different tokens: > > > > > > From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > > TOKEN: 'From*Bonnetot Jean-Daniel > > > <[EMAIL PROTECTED]>' CRC: 12604099113258623031 > > > > > > From: Jean-Daniel Bonnetot <[EMAIL PROTECTED]> > > > TOKEN: 'From*Jean-Daniel Bonnetot > > > <[EMAIL PROTECTED]>' CRC: 14562488709064319461 > > > > > > From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > > TOKEN: 'From*Bonnetot Jean-Daniel > > > <[EMAIL PROTECTED]>' CRC: 12594531299795796023 > > > > > > From: Bonnetot Jean-Daniel <[EMAIL PROTECTED]> > > > TOKEN: 'From*Bonnetot Jean-Daniel > > > <[EMAIL PROTECTED]>' CRC: 12609785709371195447 > > > > > > From: <[EMAIL PROTECTED]> > > > TOKEN: 'From*<[EMAIL PROTECTED]>' CRC: > > > 8608927262636099104 > > > > > > From: [EMAIL PROTECTED] > > > TOKEN: '[EMAIL PROTECTED]' CRC: > > > 5384785331067481214 > > > > Yes, I saw DSPAM is case sensitive and From field are not always the > > same for one email address. > > DSPAM might read "From" line with specials rules added of the > > present token engine like: > > - case insensitive > > - token build with "[EMAIL PROTECTED]", everything else is > > ignored. > > > So you are purposing to use just the "From" part and then the email > address in lowercase without any other element of the from line. > Right? Doing so will weaken DSPAM. It is much easier for me to fake > "From: <[EMAIL PROTECTED]>" then to fake "From: Bonnetot > Jean-Daniel <[EMAIL PROTECTED]>".
Yes, but this is the price for a managed whitelist ;) I think this addon may be added and not be a replacement of the present engine for the From line. > > > > > > > > > > > Keep as well in mind, that the above command just increased the > > > innocent hit on the whitelist token but did not update the > > > statistics for the user in question. From a statistical viewpoint > > > this is not so super good (depending on how much weight you want > > > to give to the whitelist token). > > > > > > Best approach for forcing whitelisting would be to modify DSPAM to > > > allow whitelisting from the command line with parameters. This > > > approach would ensure that all the different storage backends > > > would be able to get updated whitelisting. But I don't think that > > > it would be a wise idea to go that path (I mean the forced > > > whitelisting). > > > > > > Do others on the list see a huge benefit if we would have forced > > > whitelisting possibility from the command line? > > > > I think this is a good idea ! > > > I would see a benefit in that only if the web interface and the other > end-user tools would have a possibility to interact with the > whitelisting. Just adding forced whitelisting into DSPAM is from my > viewpoint useless. The reason why I think that it is useless is: > - The whitelisting could be done more elegant on the MTA level (why > even bothering to start DSPAM when you already on the MTA level know > that you don't want to filter that email). > - Forced manual whitelisting in the content filter (aka DSPAM) would > pollute the statistical data of DSPAM and it would fire up the > content filter for nothing. > - The current implementation for whitelisting is good enough for most > end users and it is automatic. The user does not need to maintain the > whitelisting as DSPAM does everything for him/her. > Whitelisting on the MTA level may be harder to manage depending on your network architecture. I have some people who send report when DSPAM make a mistake but every email are different, so one email address could take long time before being whitlisted. In the first times of using a email address, the user's dictionary is building, this can take some time. People don't want to report many and many mail for corresponding with others. > > > > > > > BTW: DSPAM does not have domain whitelisting possibility. Would > > > however not be a ultra huge development task to get that > > > implemented in DSPAM. > > > > Yes, domain whitelisting is too importante for me. > > > You mean domain whitelisting done the same way as it is now done with > the normal whitelisting functionality in DSPAM or do you mean one > where the user can/has to interact with DSPAM in order to populate > the domain based whitelisting? > I talk about a managed whitelist. !DSPAM:1011,4869130c150922805823753!
