Hello list I am playing around with Senderbase (www.senderbase.org) and want to integrate it into policyd-weight. Currently I am using Net::SenderBase (http://search.cpan.org/~msergeant/Net-SenderBase-1.01/) and it works very well. The information of the returned codes of Senderbase are not anymore online but can be read on the web archive (http://web.archive.org/web/20040830010414/http://www.senderbase.org/dnsresponses.html).
In SpamAssassin they had used two calculations for scoring with data from Senderbase: # SenderBase information <http://www.senderbase.org/dnsresponses.html> # these are experimental example rules # sa.senderbase.org for SpamAssassin queries # query.senderbase.org for other queries header __SENDERBASE eval:check_rbl_txt('sb', 'sa.senderbase.org.') tflags __SENDERBASE net # S23 = domain daily magnitude, S25 = date of first message from this domain header SB_NEW_BULK eval:check_rbl_sub('sb', 'sb:S23 > 6.2 && (time - S25 < 120*86400)') describe SB_NEW_BULK Sender domain is new and very high volume tflags SB_NEW_BULK net # S5 = category, S40 = IP daily magnitude, S41 = IP monthly magnitude # note: accounting for rounding, "> 0.3" means at least a 59% volume spike header SB_NSP_VOLUME_SPIKE eval:check_rbl_sub('sb', 'sb:S5 =~ /NSP/ && S41 > 3.8 && S40 - S41 > 0.3') describe SB_NSP_VOLUME_SPIKE Sender IP hosted at NSP has a volume spike tflags SB_NSP_VOLUME_SPIKE net Does any one have experience with Senderbase data? What other values could be useful for scoring? When I look at Senderbase (for example: http://www.senderbase.org/senderbase_queries/detailip?search_string=24.216.190.165) then I see that they calculate a "Vol Change vs. Last Month" per IP. How is that done? Does any one know that (I can't find the values for "Last Month" in the result from Senderbase)? I think it would be great to include Senderbase into policyd-weight since it is basically one DNS lookup with a lot of possible scoring values (IronPort uses 60 calculations for scoring with their product). The Net::SenderBase module could be avoided by directly querying the TXT record at senderbase.org and policyd-weight already has DNS lookup functionality. On the other hand Net::SenderBase has a nice way to query data over HTTP if needed. What is your opinion on this? Could that be useful for us policyd-weight users? // Steve -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/
