Re: [sa] Re: habeas - tainted white list

[Res]

the only person here at present trolling is you, so for F's sake  STFU
and stop generating massive noise ratio


On Fri, 18 Dec 2009, Charles Gregory wrote:


On Fri, 18 Dec 2009, Christian Brel wrote:

Charles, you *are* speaking for J D Falk with his Auspices?


Hey, J D! Please post and give me your auspices.
I'd love to see what this Troll posts if you say 'sure'. :)

- C



--
Res

"What does Windows have that Linux doesn't?" - One hell of a lot of bugs!

RE: Dear Santa

[R-Elists]

Justin,
 
We were able to knock off 4 items in the Amazon USA list with expedited
shipping 8 to 16 days from USA.
 
hopefully it will take them off your wish list...
 
Yes, we would love to see your ummm Sought rules back online if they are not
already
 
are they?
 
if you need us to put an industrial rackmount HP box with SMP & ILO server
online for it, maybe we can work something out...
 
Merry Christmas and God Bless!
 
 - rh




 

hey, if you all insist ;)

http://www.amazon.com/registry/wishlist/1M0UDEXT6A3I7

https://www.amazon.co.uk/registry/wishlist/1G7S5QV025EOX 


thanks!  it might help persuade my wife that I need to get that server
reinstalled ;)

-- 
--j.

Re: More Whitelist thoughts...

[jdow]

http://www.isipp.com/ ? They CLAIM they work with major ISPs and several
anti-spam tools. Since they hit nothing a window dressing score (.001)
might be called for so that people can look for hits to see if they do
any business let alone any good.

{^_^}
- Original Message - 
From: "Warren Togami" 

Sent: Friday, 2009/December/18 19:18



score RCVD_IN_IADB_VOUCHED 0 -2.2 0 -2.2
score RCVD_IN_IADB_DOPTIN 0 -4 0 -4
score RCVD_IN_IADB_ML_DOPTIN 0 -6 0 -6

More Whitelist thoughts...

[Warren Togami]

On 12/18/2009 06:34 PM, John Hardin wrote:

T_RCVD_IN_RP_CERTIFIED
SPAM% 0.0851 126 of 148025 messages HAM% 0.3738 746 of 199558 messages
S/O 0.185 RANK 0.63


Frack.

T_RCVD_IN_RP_SAFE SPAM% 0.0851 126 of 148025 messages HAM% 2.1367 4264
of 199558 messages
S/O 0.038 RANK 0.80


The weekly corpus is too small to safely draw any conclusions.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6247#c54
The rescore masscheck however has indicated that whitelists do more harm 
than good to spamassassin's classification of ham vs. spam.  These weeks 
of whitelist flamewars were hot in emotions but lacking statistical 
data.  The numbers suggest that the whitelists are benefiting the 
whitelist purveyor, while having zero or minutely negative impact on 
spamassassin.


If this is indeed true, then we might want to ask ourselves why we are 
giving such influential weights to the whitelists.  Even the newly 
reduced scores like -2 for RP_SAFE may be unearned given the statistics 
we are seeing.  If we had left these rules floating, the GA rescorer 
would have given much lower scores.


I might be in favor of further score reductions in the short-term until 
we figure out a long-term plan.


In related news...

DNSWL
To my surprise, Matthias has begun to implement my recommendations of 
improved manual abuse reporting, and automated abuse reporting.  Their 
accuracy even without automated abuse detection isn't too bad.


ReturnPath
If their self-description of abuse detection methodologies is indeed 
true, then I don't know what ReturnPath can do more to improve.


score RCVD_IN_IADB_VOUCHED 0 -2.2 0 -2.2
score RCVD_IN_IADB_DOPTIN 0 -4 0 -4
score RCVD_IN_IADB_ML_DOPTIN 0 -6 0 -6
Any idea what this is?  It seems these aren't hitting anything in the 
weekly masscheck.


Warren Togami
wtog...@redhat.com

PROPOSED: Apache SpamAssassin 3.3.0-rc1.proposed1

[Warren Togami]

This will be released if we go three days without an objection as per 
build/README procedure.  At that point these archives will be renamed to "rc1" 
and the announcements will go out.  Please suggest improvements to this 
announcement text as well.

Hey users list, now would be a very good time to begin testing 3.3.0 if you 
haven't already.  At this point it has been tested in production on many 
production servers (including my own production server since March 2009), but 
it is possible we missed a corner case of some non-standard configuration that 
you folks rely upon.  We could use your feedback, even if it is only "It 
works!"  Now is last chance to complain if you find a problem.

All of the Priority P1 blocker bugs targeted for 3.3.0 are now closed.  I 
suspect there might be a few minor things we might want to polish before 3.3.0 
final, but otherwise this is VERY CLOSE to what 3.3.0 will be.

Warren Togami
wtog...@redhat.com

[DRAFT DRAFT DRAFT - NOT YET RELEASED - DRAFT DRAFT DRAFT]

Apache SpamAssassin 3.3.0-rc1 is now available for testing.

Downloads are available from:
  http://people.apache.org/~wtogami/devel/
md5sum of archive files:

  fabccde7f09dcdf4c06afbd4cc0687c2  
Mail-SpamAssassin-3.3.0-rc1.proposed1.tar.bz2
  a36c646742c0cd5960e7be222cc91200  Mail-SpamAssassin-3.3.0-rc1.proposed1.tar.gz
  8c7f92167f2c2016164aafeac925ac58  Mail-SpamAssassin-3.3.0-rc1.proposed1.zip
  0bf1e2c0fc70dc05104acec8a723cbdb  
Mail-SpamAssassin-rules-3.3.0-rc1.r892385.tgz

sha1sum of archive files:

  7101ea1ab28b47e557583b914e242651f6cd761e  
Mail-SpamAssassin-3.3.0-rc1.proposed1.tar.bz2
  344dd5887772abc0fc0aea11a30dff5d77d67db8  
Mail-SpamAssassin-3.3.0-rc1.proposed1.tar.gz
  d9e852d2c64cf23e86b2ae0e7f3e6082a028c1a2  
Mail-SpamAssassin-3.3.0-rc1.proposed1.zip
  ad71dbf425000d885311b14d39c0c03e2ae1  
Mail-SpamAssassin-rules-3.3.0-rc1.r892385.tgz


Note that the *-rules-*.tgz files are only necessary if you cannot, or do not
wish to, run "sa-update" after install to download the latest fresh rules.

The release files also have a .asc accompanying them.  The file serves
as an external GPG signature for the given release file.  The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://www.apache.org/dist/spamassassin/KEYS

The key information is:

pub   4096R/F7D39814 2009-12-02
  Key fingerprint = D809 9BC7 9E17 D7E4 9BC2  1E31 FDE5 2F40 F7D3 9814
uid  SpamAssassin Project Management Committee 

uid  SpamAssassin Signing Key (Code Signing Key, replacement 
for 1024D/265FA05B) 
sub   4096R/7B3265A5 2009-12-02

See the INSTALL and UPGRADE files in the distribution for important
installation notes.


Summary of major changes since 3.2.5


COMPATIBILITY WITH 3.2.5

- rules are no longer distributed with the package, but installed by
  sa-update - either automatically fetched from the network (preferably),
  or from a tar archive, which is available for downloading separately

- CPAN module requirements:
  - minimum required version of ExtUtils::MakeMaker is 6.17
  - modules now required: Time::HiRes, NetAddr::IP, Archive::Tar
  - minimal version of Mail::DKIM is 0.31 (preferred: 0.37 or later);
expect some tests in t/dkim2.t to fail with versions older than 0.36_5;
  - no longer used: Mail::DomainKeys, Mail::SPF::Query
  - if module Digest::SHA is not available, a module Digest::SHA1
will be used, but at least one of them must be installed;
a DKIM plugin requires Digest::SHA (the older Digest::SHA1 does not
support sha256 hashes), so in practice the Digest::SHA is required

- if keeping AWL database in SQL, the field awl.ip must be extended to
  40 characters. The change is necessary to allow AWL to keep track of IPv6
  addresses which may appear in a mail header even on non-IPv6 -enabled host.
  While at it, consider also adding a field 'signedby' to the SQL table 'awl'
  (and adding 'auto_whitelist_distinguish_signed 1' to local.cf);
  See sql/README.awl for details. The change need not be undone even if
  downgrading back to 3.2.* for some reason;

- fixing a protocol implementation error regarding a PING command required
  bumping up the SPAMC protocol version to 1.5.  Spamd retains compatibility
  with older spamc clients. Combining new spamc clients with pre-3.3 versions
  of a spamd daemon is not supported (but happens to work, except for the
  PING and SKIP commands).

- it may be worth mentioning that a rule DKIM_VERIFIED has been renamed
  to DKIM_VALID, to match its semantics;

- due to a change in internal data structure (Bug 6185, 6254), third-party
  plugins which accesss the $pms->{main}->{conf}->{headers_spam} (and ham)
  need to be updated. One such example is the ClamAVPlugin plugin - please
  find a fresh version on its wiki page. It retains backwards compatibility,
  so can be used with both 3.2.5 as well as with SpamAssassin 3.3.0;

- versions of amavisd-new between 2.5.2 a

Re: habeas - tainted white list

[John Hardin]

On Fri, 18 Dec 2009, John Hardin wrote:


On Fri, 18 Dec 2009, Justin Mason wrote:

> > >  Or we could have the whitelist rules in a meta such that they only 
> > >  hit when a blacklist rule doesn't, if this is a common enough 
> > >  problem.  It might also allow people to get past the high negative 
> > >  score for the whitelists.


 it can be measured by finding the WL rule's page on
 ruleqa.spamassassin.org, then examining the OVERLAP section for overlaps
 with BL rules.


As of last weekend's network masscheck:

T_RCVD_IN_RP_CERTIFIED
SPAM%   0.0851 126 of 148025 messages
HAM%0.3738 746 of 199558 messages
S/O 0.63
RANK0.185

overlap spam:  60% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_BRBL;
overlap spam:  58% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_ZEN;
overlap spam:  26% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_SORBS;

T_RCVD_IN_RP_CERTIFIED
SPAM%   0.0851 126 of 148025 messages HAM%0.3738 746 of 199558 messages
S/O 0.185 RANK  0.63


Frack.

T_RCVD_IN_RP_SAFE 
SPAM%   0.0851 126 of 148025 messages 
HAM%2.1367 4264 of 199558 messages
S/O 0.038 
RANK0.80



overlap spam:  60% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_BRBL;
overlap spam:  58% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_ZEN;
overlap spam:  26% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_SORBS;


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: habeas - tainted white list

[John Hardin]

On Fri, 18 Dec 2009, Justin Mason wrote:

Or we could have the whitelist rules in a meta such that they only 
hit when a blacklist rule doesn't, if this is a common enough 
problem.  It might also allow people to get past the high negative 
score for the whitelists.


it can be measured by finding the WL rule's page on 
ruleqa.spamassassin.org, then examining the OVERLAP section for overlaps 
with BL rules.


As of last weekend's network masscheck:

T_RCVD_IN_RP_CERTIFIED
SPAM%   0.0851 126 of 148025 messages
HAM%0.3738 746 of 199558 messages
S/O 0.63
RANK0.185

overlap spam:  60% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_BRBL;
overlap spam:  58% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_ZEN;
overlap spam:  26% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_SORBS;

T_RCVD_IN_RP_CERTIFIED
SPAM%   0.0851 126 of 148025 messages 
HAM%0.3738 746 of 199558 messages
S/O 0.185 
RANK	0.63


overlap spam:  60% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_BRBL;
overlap spam:  58% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_ZEN;
overlap spam:  26% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_SORBS;

Test rules committed.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: habeas - tainted white list

[Daryl C. W. O'Shea]

On 18/12/2009 2:44 PM, Rob McEwen wrote:
> R-Elists wrote:
>> here is a chance for possible help in more areas than just this specific
>> ruleset issue...
>>
>> i asked Rob some time ago if he could write a script that would check logs
>> and report if a certain rule was effective or not by itself vrs if other
>> rules hit with it and maybe that rule was not needed or could be lowered etc

Well it doesn't report to alert people that a rule may not make much of
a difference in the scheme of things, you can infer the information from
ruleqa's score map output.

Daryl

Re: habeas - tainted white list

[Daryl C. W. O'Shea]

On 18/12/2009 8:35 AM, Per Jessen wrote:
> Daryl C. W. O'Shea wrote:
> 
>> If we had more mass-check data from a wider number of mail recipients
>> maybe it would change things, statistically, maybe it wouldn't.  New
>> mass-check contributors are always welcome.  They take very little
>> effort to manage once you've set it up (I ignore mine for years at a
>> time).
> 
> Is there a good howto for setting this up? 

Other than a clean corpus, it doesn't take much more effort:

http://wiki.apache.org/spamassassin/NightlyMassCheck

Daryl

Re: [sa] Re: habeas - tainted white list

[Daryl C. W. O'Shea]

On 18/12/2009 4:46 PM, Charles Gregory wrote:
> On Fri, 18 Dec 2009, jdow wrote:
>> I suppose it's not a whole lot of bother to change the 3.2 scores.
>> But, people who feel they have been bitten with a HABEAS score have
>> probably already overridden them.
> 
> Again, I make a note that my concern is for the thousands who install a
> 'pre-canned' Spamassassin install, with a wrapper to handle what happens
> to the messages, etc, etc. If you feel a slight chill at the notion of
> people operating mail servers with so little knowledge, I'm right there
> with you, but I *was* one of these people a few years ago. Stumbling and
> learning. Trial by fire. Fun way to learn. :)

Interestingly this is one of the reasons why we err on the side of
not-tagging mail.

Daryl

Re: [sa] Re: Whitelists in SA

[Daryl C. W. O'Shea]

On 18/12/2009 5:13 PM, Warren Togami wrote:
> On 12/18/2009 04:56 PM, Charles Gregory wrote:
>> On Fri, 18 Dec 2009, John Hardin wrote:
>>> We hope to get rule scoring and publication much more automated -
>>> i.e., if a rule in the sandbox works well based on the automated
>>> masschecks, it would be automatically scored and published via
>>> sa-update.
>>
>> Music to my ears. I will wait (semi-)patiently. Thanks.
>>
>> - C
> 
> Why wait, when you do relatively simple things to help make it happen?
> 
> http://wiki.apache.org/spamassassin/NightlyMassCheck
> We can more frequently update rules if more people participate in the
> nightly masschecks.  The current documentation is a bit of a confusing
> mess unfortunately.

Exactly!  We have code to do this now.  But I'm positive that we don't
have a large and diverse enough ham corpus (on a daily basis, not the
big turn out for the "legacy" re-score mass-checks) to trust it.

Contributors are always welcome!

Daryl

Re: habeas - tainted white list

[Daryl C. W. O'Shea]

On 18/12/2009 2:58 PM, John Hardin wrote:
> On Fri, 18 Dec 2009, Jason Bertoch wrote:
> 
>> John Hardin wrote:
>>>  On Fri, 18 Dec 2009, Jason Bertoch wrote:
>>>
>>> >  Charles Gregory wrote:
>>> > > > >   If a spammer gets an IP blacklisted, at the least DNSWL and
>>> HABEAS
>>> > >   should make note of this and remove the IP
>>> > >  Or we could have the whitelist rules in a meta such that they
>>> only hit >  when a blacklist rule doesn't, if this is a common enough
>>> problem.  It >  might also allow people to get past the high negative
>>> score for the >  whitelists.
>>>
>>>  That sounds like a good idea to me...
>>
>> Is there a way to pull stats on this concept from mass check results
>> or would a new rule need to be checked in by a dev?
> 
> The latter. I can do that tonight or tomorrow.

If you do it tonight it'll make tonight's --net enabled mass-check,
otherwise it'll be another week before we have results.

Daryl

Re: [sa] Re: Whitelists in SA

[Warren Togami]

On 12/18/2009 04:56 PM, Charles Gregory wrote:

On Fri, 18 Dec 2009, John Hardin wrote:

We hope to get rule scoring and publication much more automated -
i.e., if a rule in the sandbox works well based on the automated
masschecks, it would be automatically scored and published via sa-update.


Music to my ears. I will wait (semi-)patiently. Thanks.

- C


Why wait, when you do relatively simple things to help make it happen?

http://wiki.apache.org/spamassassin/NightlyMassCheck
We can more frequently update rules if more people participate in the 
nightly masschecks.  The current documentation is a bit of a confusing 
mess unfortunately.


Warren

Re: [sa] Re: Whitelists in SA

[Charles Gregory]

On Fri, 18 Dec 2009, jdow wrote:

 Perhaps you meant CHAIR and keyboard? ;)

I should have guessed you've managed to short circuit the path
through your brain.
{O,o}   <-- Grinning, ducking, and running REAL fast that way>
(Thanks for the straight line. {^_-})


(Thinks twice about it)

Ouch. Subtle. I like it. :)

- Charles

Re: Dear Santa

[Justin Mason]

On Wed, Dec 16, 2009 at 15:31, R-Elists  wrote:

>
>
> >
> > Axb
> > PS: If JM posts a link to his Amazon wishlist, maybe we can
> > all help him decorate the new place :-)
> >
> >
> >
>
> +1
>

hey, if you all insist ;)

http://www.amazon.com/registry/wishlist/1M0UDEXT6A3I7

https://www.amazon.co.uk/registry/wishlist/1G7S5QV025EOX

thanks!  it might help persuade my wife that I need to get that server
reinstalled ;)

-- 
--j.

Re: [sa] Re: Whitelists in SA

[jdow]

From: "Charles Gregory" 
Sent: Friday, 2009/December/18 13:49



On Fri, 18 Dec 2009, jdow wrote:

 On Thu, 17 Dec 2009, jdow wrote:
 Still no changes through the sa-update channel.
 Is there a time delay in the masscheck results being applied?

Yes, there is, Mr. Gregory. It exists between your monitor and your
keyboard.


There is a one inch gap between those two.

Perhaps you meant CHAIR and keyboard? ;)


I should have guessed you've managed to short circuit the path
through your brain.

{O,o}   <-- Grinning, ducking, and running REAL fast that way>

(Thanks for the straight line. {^_-})

Re: [sa] Re: habeas - tainted white list

[jdow]

From: "Charles Gregory" 
Sent: Friday, 2009/December/18 13:46



On Fri, 18 Dec 2009, jdow wrote:
I suppose it's not a whole lot of bother to change the 3.2 scores. But, 
people who feel they have been bitten with a HABEAS score have probably 
already overridden them.


Again, I make a note that my concern is for the thousands who install a 
'pre-canned' Spamassassin install, with a wrapper to handle what happens 
to the messages, etc, etc. If you feel a slight chill at the notion of 
people operating mail servers with so little knowledge, I'm right there 
with you, but I *was* one of these people a few years ago. Stumbling and 
learning. Trial by fire. Fun way to learn. :)


So the more that can be 'standardized' without jeopardizing flexibility, 
the better things can be :)



 If you like you can transparently disable the DNSWLs.

Is he smart enough to do so?


With out regard for who 'he' is, it is certain that *someone* out there is 
not that 'smart', and follows the 'recommendations' provided by their 
hosting provider for a 'standard' mail server setup. They will just want 
it to 'work' without any maintenance at all.


And just to beat out the next inevitable argument, no, these people are 
not 'lazy'. They just literally don't know what they are doing. If someone 
doesn't pre-build the system properly, they end up running open relays.

Yes, THOSE people. :(


Once 3.3 is out the problem is solved if they have a distro that reviews
and updates the packages it distributes. (Yes, that IS a big if, as with
regards to Fedora and ClamAV. {^_-}) If SpamAssassin is not updated what
makes you think the distro would have the automatic updates for the rules
enabled? I just don't see SpamAssassin as a suitable tool for a person
who is a perfectionist and not a tinkerer. (No tool is suitable for
such a person, for that matter.)

Updating 3.2 is probably not as important as getting 3.3 out. And given
the few number of complaints updating 3.2 is likely quite the opposite
of critical. Look how long it's been out before it took a nutcase to
start complaining leading to the discovery of this alleged problem.
(Even the respected Lukreme has not stated outright that the item for
which he showed scores was really confirmed spam as opposed to a
disgruntled user trying to get off a mailing list and not willing to
follow simple instructions for doing so.)

{o.o} 

Re: [sa] Re: Whitelists in SA

[Charles Gregory]

On Fri, 18 Dec 2009, John Hardin wrote:
We hope to get rule scoring and publication much more automated - i.e., 
if a rule in the sandbox works well based on the automated masschecks, 
it would be automatically scored and published via sa-update.


Music to my ears. I will wait (semi-)patiently. Thanks.

- C

Re: [sa] Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, John Hardin wrote:
> >   Or we could have the whitelist rules in a meta such that they only 
> >   hit when a blacklist rule doesn't, if this is a common enough 
> >   problem.  It might also allow people to get past the high negative 
> >   score for the whitelists.

 Is there a way to pull stats on this concept from mass check results or
 would a new rule need to be checked in by a dev?

The latter. I can do that tonight or tomorrow.


Thanks John. As always I am stifled by being unable to generate a decent 
ham corpus (privacy regs). So my thanks for being able to test out these 
wild ideas. Hope this ones works! :)


- C

Re: [sa] Re: Whitelists in SA

[Charles Gregory]

On Fri, 18 Dec 2009, jdow wrote:

 On Thu, 17 Dec 2009, jdow wrote:
 Still no changes through the sa-update channel.
 Is there a time delay in the masscheck results being applied?

Yes, there is, Mr. Gregory. It exists between your monitor and your
keyboard.


There is a one inch gap between those two.

Perhaps you meant CHAIR and keyboard? ;)

- C

Re: [sa] Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, jdow wrote:
I suppose it's not a whole lot of bother to change the 3.2 scores. But, 
people who feel they have been bitten with a HABEAS score have probably 
already overridden them.


Again, I make a note that my concern is for the thousands who install a 
'pre-canned' Spamassassin install, with a wrapper to handle what happens 
to the messages, etc, etc. If you feel a slight chill at the notion of 
people operating mail servers with so little knowledge, I'm right there 
with you, but I *was* one of these people a few years ago. Stumbling and 
learning. Trial by fire. Fun way to learn. :)


So the more that can be 'standardized' without jeopardizing flexibility, 
the better things can be :)



 If you like you can transparently disable the DNSWLs.

Is he smart enough to do so?


With out regard for who 'he' is, it is certain that *someone* out there is 
not that 'smart', and follows the 'recommendations' provided by their 
hosting provider for a 'standard' mail server setup. They will just want 
it to 'work' without any maintenance at all.


And just to beat out the next inevitable argument, no, these people are 
not 'lazy'. They just literally don't know what they are doing. If someone 
doesn't pre-build the system properly, they end up running open relays.

Yes, THOSE people. :(

- C

Re: [sa] Re: Whitelists in SA

[John Hardin]

On Fri, 18 Dec 2009, Charles Gregory wrote:

I recognize, from the existence of such sites as 'rules du jour' that it 
has long been a practice for SA to release 'core' rule updates very 
infrequently. But with respect, I question whether that is still a good 
practice, particularly when an 'issue' raises concern over a particular 
set of scores, and it would *appear* that these updates require 
relatively little effort.


We hope to get rule scoring and publication much more automated - i.e., if 
a rule in the sandbox works well based on the automated masschecks, it 
would be automatically scored and published via sa-update.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: habeas - tainted white list

[Justin Mason]

On Fri, Dec 18, 2009 at 19:04, Jason Bertoch  wrote:

> John Hardin wrote:
>
>> On Fri, 18 Dec 2009, Jason Bertoch wrote:
>>
>>  Charles Gregory wrote:
>>>

  If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS
  should make note of this and remove the IP

>>>
>>> Or we could have the whitelist rules in a meta such that they only hit
>>> when a blacklist rule doesn't, if this is a common enough problem.  It might
>>> also allow people to get past the high negative score for the whitelists.
>>>
>>
>> That sounds like a good idea to me...
>>
>>
> Is there a way to pull stats on this concept from mass check results or
> would a new rule need to be checked in by a dev?
>
> it can be measured by finding the WL rule's page on
ruleqa.spamassassin.org, then examining the OVERLAP section for overlaps
with BL rules.

-- 
--j.

Re: OT Re: Museum piece...

[Gene Heskett]

On Friday 18 December 2009, jdow wrote:
>From: "Gene Heskett" 
>Sent: Friday, 2009/December/18 09:25
>
>> On Friday 18 December 2009, Per Jessen wrote:
>>>hc...@mail.ewind.com wrote:
 re: CP/M

 No S-100 bus systems mentioned yet?

 My first home computer was a Godbout S-100 bus system running a dual
 8085/8088 CPU board. At that time, the future in operating systems was
 going to be CP/M 86.
>>>
>>>I'm surprised nobody has mentioned the ZX80/1 yet.  I've also got a
>>>Newbrain stashed away somewhere, manuals, circuit diagrams an' all.
>>
>> That's because the z-80 was only slightly less dain bramaged than the
>> 6502.
>>
>>>/Per Jessen, Zürich
>
>Actually the 6502 was a handy little chip once prices dropped. On one
>project we replaced a host of other chips with 6502s. They, plus a few
>extra components, make nice glass TTYs. You can also use one as a very
>flexible timer. It seems the guys in charge of the project went a
>little overboard on the 6502s. But it did work, was reliable, and did
>the job. For a 2-off design that's all you need.

True, for one or two-offs maybe.  But it was short one very valuable 
addressing mode, and needed about 2 more , maybe 3, more 16 bit wide pointer 
registers before it could be said to compete with a 6809.  Then when the 
Hitachi 6309's secrets were discovered, those of us with 6809 code in our 
dreams were ecstatic.  Moto was too proud of the 6809, so it didn't get the 
design wins it should have.

>You'll also find that the Z-80 design powers amazing amounts of gadgets
>in theaters and theme parks. (Several Z-80s were "on set" and in use for
>the animations in, for example, Team America, Harry Potter (I knew the
>Mandrake root's lines from LONG before it hit theaters. ), Total
>Recall, Chucky, and many others. (Gilderfluke makes some nice gadgets
>based on modern Z-80ish CPUs.)

I take that newer shrinks of the z-80 have fixed the "ignore the $EB command" 
(switch foreground/background registers) the earlier ones ignored about 10 to 
20% of the time?  Zilog told me to go pound sand when I called complaining 
about that bug in both of the chips I had at the time, Early 1982 IIRC.  I 
never touched the chip again, but the one in a timex 1000 I bought the kids 
later either didn't suffer, or somehow managed to program around it.


>{^_-}
>


-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.


Men take only their needs into consideration -- never their abilities.
-- Napoleon Bonaparte

Re: [sa] Re: Whitelists in SA

[Charles Gregory]

On Fri, 18 Dec 2009, LuKreme wrote:
It's already been stayed no changes to 3.2.5 will be made until 3.3 is 
done, hasn't it?


Well, at this point, I respectfully bow, and take a step back, so as not 
to sound too demanding of our great volunteers (smile), but I believe 
in another of my posts I put forward the idea that design, testnig and 
implementation of rules should be a bit more 'frequent', drawing upon 
the model of ClamAV, with signatures being frequently released, even 
while the next major 'engine' update is in the works.


I recognize, from the existence of such sites as 'rules du jour' that it 
has long been a practice for SA to release 'core' rule updates very 
infrequently. But with respect, I question whether that is still a good 
practice, particularly when an 'issue' raises concern over a particular 
set of scores, and it would *appear* that these updates require relatively 
little effort.


So, to put it bluntly, I don't see how a couple of rules changes are 
worthy of being 'held back' by the entire push to SA 3.3. I would 
think that a few quick adjustments, and presumably a 'masscheck' would 
suffice, and new/revised rules could be released at least on a monthly 
basis without any serious concern for compromising the overall score 
balance that is the critical goal of SA updates?


Or am I grossly mis-estimating the work-load? :)

- C

Re: Cooperative data gathering project.

[John Hardin]

On Sat, 19 Dec 2009, Jason Haar wrote:


On 12/19/2009 04:51 AM, Jonas Eckerman wrote:


(And if more security is needed the easiest way would be to simple
limit access to approved IP addresses.)


Except that a token would enable one "owner" with multiple SA instances 
on separate networks to come across as one entity - that could be 
desirable too. It all depends on what you are trying to achieve of 
course. Also UDP means forgery is a bigger risk - so IP-based checks are 
less reliable.


Right. You'd need to include an id/auth token in the UDP packet.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: Cooperative data gathering project.

[Jason Haar]

On 12/19/2009 04:51 AM, Jonas Eckerman wrote:
>
> (And if more security is needed the easiest way would be to simple
> limit access to approved IP addresses.)
Except that a token would enable one "owner" with multiple SA instances
on separate networks to come across as one entity - that could be
desirable too. It all depends on what you are trying to achieve of
course. Also UDP means forgery is a bigger risk - so IP-based checks are
less reliable.

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

Re: habeas - tainted white list

[John Hardin]

On Fri, 18 Dec 2009, Jason Bertoch wrote:


John Hardin wrote:

 On Fri, 18 Dec 2009, Jason Bertoch wrote:

>  Charles Gregory wrote:
> > 
> >   If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS

> >   should make note of this and remove the IP
> 
>  Or we could have the whitelist rules in a meta such that they only hit 
>  when a blacklist rule doesn't, if this is a common enough problem.  It 
>  might also allow people to get past the high negative score for the 
>  whitelists.


 That sounds like a good idea to me...


Is there a way to pull stats on this concept from mass check results or would 
a new rule need to be checked in by a dev?


The latter. I can do that tonight or tomorrow.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: [sa] Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 11:40:40 -0800
"jdow"  wrote:

> From: "Charles Gregory" 
> Sent: Friday, 2009/December/18 09:18
> 
> 
> > On Fri, 18 Dec 2009, Christian Brel wrote:
> >>> Go read the archives, troll.
> >> All of them or do you have something specific, troll?
> > 
> > Fine, fine, pedant.
> > 
> > Go SEARCH the archives, troll.  :)
> 
> OK, (Problem Exists Between Monitor And Keyboard) Christian.
> {^_-}

Said the woman who is having layer 8 issues with the /dev/null <>
killfile LOL.

You have a real lot to say about what *I* think - do you do any
thinking of your own or just spit out the dummy at other people point
of view. How very sweet :-) Merry Christmas.
-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: habeas - tainted white list

[Rob McEwen]

R-Elists wrote:
> here is a chance for possible help in more areas than just this specific
> ruleset issue...
>
> i asked Rob some time ago if he could write a script that would check logs
> and report if a certain rule was effective or not by itself vrs if other
> rules hit with it and maybe that rule was not needed or could be lowered etc
> etc
>
> and if other rules hit with it, then we would see how effective that rule
> was and why and when etc etc
>
> i am guessing that you folks already have these tools or similar tools or
> help?
>   

This is still on my "to do" list, but duties with invaluement.com only
keep growing, so it is hard to prioritize this. But I find it hard to
believe that this doesn't already exist. All that is needed is a plug-in
that would copy to a specified directory all messages which hit on X
rule (and/or dnsbl). The plug-in would be able to (optionally) only take
action if the message scored either "at or above threshold" or "below
threshold". Then, whenever testing a new rule/dnsbl, simply score it at
0.01, point the plugin at that rule or dnsbl, and have it only act on
messages which scored "below threshold".

This would be extremely valuable for determining the following about a
new rule or DNSBL:

(1) How much spam the rule would have blocked if being used aggressively
(but was missed with the 0.01 score) and, therefore, made it to the
inbox during the testing phase because nothing else in production had
stopped it?

(2) How many legit messages would have been blocked with the use of this
rule or DNSBL? (FPs)

Of course, BOTH of those examples would consist of messages which scored
"below threshold" even while hitting on that new rule (given its 0.01
score). So it would be up to the e-mail administrator to then examine
the messages and judge for themselves whether these were FPs, or
would-have-missed-without-the-new-rule spams (aka corrected FNs).

If anyone ever develops such a plugin before I have time to, PLEASE let
me know!

-- 
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032

Re: [sa] Re: habeas - tainted white list

[jdow]

From: "Charles Gregory" 
Sent: Friday, 2009/December/18 09:21



On Fri, 18 Dec 2009, Jason Bertoch wrote:
Or we could have the whitelist rules in a meta such that they only hit 
when a blacklist rule doesn't, if this is a common enough problem.  It 
might also allow people to get past the high negative score for the 
whitelists.


Hm. I *like* that one!

- C


Then try it and report back to us if it works, how it works, and on
what basis you claim it works.

{^_^}

Re: [sa] Re: habeas - tainted white list

[jdow]

From: "Charles Gregory" 
Sent: Friday, 2009/December/18 09:18



On Fri, 18 Dec 2009, Christian Brel wrote:

Go read the archives, troll.

All of them or do you have something specific, troll?


Fine, fine, pedant.

Go SEARCH the archives, troll.  :)


OK, (Problem Exists Between Monitor And Keyboard) Christian.
{^_-}

Re: habeas - tainted white list

[jdow]

From: "John Hardin" 
Sent: Friday, 2009/December/18 08:07



On Fri, 18 Dec 2009, Christian Brel wrote:


On Fri, 18 Dec 2009 06:19:25 -0800 (PST)
John Hardin  wrote:


We understand your philosophical objection. Providing hard evidence
of FNs will go much further towards making your point than name
calling will.


The name calling being?


Alright, let me amend that: Providing hard evidence of FNs will go much 
further towards making your point - and getting the rules fixed in a 
useful manner - than will repeated accusations that the SA devs are taking 
bribes to weaken SA.


And phrasing it as a question doesn't make it any less of an accusation, 
given it keeps being repeated after reasonable explanations have been 
provided.


At the moment there's insufficient _hard data_ to support the contention 
that the reputation whitelists are assisting FNs to a great degree. The 
data from masscheck suggests the impact of the reputation whitelists is 
neutral to very slightly positive (in terms of reducing FPs). If you feel 
this isn't justified, if you're seeing a lot of FNs that can be laid at 
the feet of a reputation whitelist rule, then please feed that hard data 
into the masscheck corpora so that the scoring process can take it into 
account.


John, he is a teleological thinker. Epistemological arguments do not
mean a thing to him. Reality is consensual to him. He thinks he can
bend reality to his will and all spam will go away because he forced
somebody else to cripple a product.

Forget it, teleological thinkers are impervious to logic. Ignore the
twit.

{^_^} 

Re: OT Re: Museum piece...

[jdow]

From: "Gene Heskett" 
Sent: Friday, 2009/December/18 09:25



On Friday 18 December 2009, Per Jessen wrote:

hc...@mail.ewind.com wrote:

re: CP/M

No S-100 bus systems mentioned yet?

My first home computer was a Godbout S-100 bus system running a dual
8085/8088 CPU board. At that time, the future in operating systems was
going to be CP/M 86.


I'm surprised nobody has mentioned the ZX80/1 yet.  I've also got a
Newbrain stashed away somewhere, manuals, circuit diagrams an' all.

That's because the z-80 was only slightly less dain bramaged than the 
6502.


/Per Jessen, Zürich


Actually the 6502 was a handy little chip once prices dropped. On one
project we replaced a host of other chips with 6502s. They, plus a few
extra components, make nice glass TTYs. You can also use one as a very
flexible timer. It seems the guys in charge of the project went a
little overboard on the 6502s. But it did work, was reliable, and did
the job. For a 2-off design that's all you need.

You'll also find that the Z-80 design powers amazing amounts of gadgets
in theaters and theme parks. (Several Z-80s were "on set" and in use for
the animations in, for example, Team America, Harry Potter (I knew the
Mandrake root's lines from LONG before it hit theaters. ), Total
Recall, Chucky, and many others. (Gilderfluke makes some nice gadgets
based on modern Z-80ish CPUs.)

{^_-} 

RE: habeas - tainted white list

[Benny Pedersen]

On Fri 18 Dec 2009 07:42:55 PM CET, R-Elists wrote

or create a bug to have dnswl use trusted_networks from
local.cf in spamassassin

can you help me / us better understand what you are getting at here and why?


example:

trusted_networks 127.128.0.0/16

and then if 127.128.128.128 is listed in dnswl, make a rbl test that  
use firsttrusted to match it is remote listed in dnswl also, that  
means you agree its a whitelist ip, so if dnswl make some ip  
whitelisted, and its not in local.cf as trusted_networks it would not  
help you :)



something you already do or implement?


i currently not have the need to do it, but it is supported imho


i wish i knew a better way to ask the question(s) so that you could better
help us understand your thinking


i could tell more about cpm, not funny ? :)

nope, its just the OT thread i am inspired of, why none of them use  
perldoc more then fighting here about something that its easely fixed  
in local.cf


--
xpoint http://www.unicom.com/pw/reply-to-harmful.html


pgpoySiwwDGyZ.pgp
Description: PGP Digital Signature

Re: Whitelists in SA

[jdow]

From: "Charles Gregory" 
Sent: Friday, 2009/December/18 06:56



On Thu, 17 Dec 2009, jdow wrote:

It is a good thing this issue was raised. It led to appropriate mass
check runs. I expect that will lead to saner scoring within the SA
framework. If not and it bites me, THEN I'll raise the issue again.
Does that seem fair?


50_scores.cf:score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0
50_scores.cf:score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3
50_scores.cf:score HABEAS_CHECKED 0 -0.2 0 -0.2

Still no changes through the sa-update channel.
Is there a time delay in the masscheck results being applied?

- Charles


Yes, there is, Mr. Gregory. It exists between your monitor and your
keyboard.

{^_^}

Re: habeas - tainted white list

[jdow]

From: "John Hardin" 
Sent: Friday, 2009/December/18 06:12



On Fri, 18 Dec 2009, Christian Brel wrote:


On Fri, 18 Dec 2009 02:29:56 -0700
LuKreme  wrote:


I might agree with some small portion of our resident troll's posts,


You need to resort to abuse for what particular reason?


Repeatedly accusing the SA developers of fraudulent collusion is abusive. 
Don't be surprised if people are abusive in return.


He customizes one element of his installation to quite thoroughly
"pass a lot of spam" settings. Then he whines when something HE
calls spam gets through. He expects Return Path and emailreg.org
to read his mind. And he refuses to make the simple corrections at
his end that would solve it for him and leave the rest of the world
properly protected. (He is NOT properly protected with his score
configuration.)

Just off hand I think this describes his bona fides to utterly ignore.

I wonder if a variant build of Spam Assassin could tag messages
coming through the list with an X-ChristianBrel header. On the Wiki
it'd be explained as "Meaningless noise from a fugghead." (That's
a willfully self-destructive person.)

Of course, /dev/null works. At least I don't see HIS messages. And I
could simply /dev/null the topic. Morbid curiosity keeps me watching
the thread.

{^_^} 

Re: rule test repo updates?

[John Hardin]

On Fri, 18 Dec 2009, R-Elists wrote:


is this older link still working and keeping realtime track of updates?

http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/


Yeah, those links are valid. I just haven't committed anything in a while.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: habeas - tainted white list

[jdow]

From: "Daryl C. W. O'Shea" 
Sent: Friday, 2009/December/18 01:07

On 18/12/2009 3:32 AM, Christian Brel wrote:

On Fri, 18 Dec 2009 02:24:45 -0500
"Daryl C. W. O'Shea"  wrote:

...

From the data we have from mass-checks we are erring a very small
amount on the side of caution by not disabling the whitelists by
default.

It's a big fat favourable score to one organisation for 'erring a very
small amount on the side of caution' don't you think? -4/-8 given the
average 419 spam only scores 4-8 points.


Again, we agree.  We've changed it in the upcomming release and will
surely backport it when we're done getting 3.3 out.  It's been like this
for years, I don't think we need to jump like crazy to change the 3.2
updates before we've even settled on a final score.


I suppose it's not a whole lot of bother to change the 3.2 scores. But,
people who feel they have been bitten with a HABEAS score have probably
already overridden them.


If everything is open and transparent give the default user the option
to *enable* them and score them zero, unless - of course - there is
some kind of logical reason for these mad scoring spam assisting rules
that favour Return Path in the default set up?


I stand firm on my opinion that our principle of safe for most users is
the logical reason for including DNSWLs.


Indeed, HE is not the boss.


If you like you can transparently disable the DNSWLs.


Is he smart enough to do so?

{^_^}

Re: habeas - tainted white list

[Jason Bertoch]

John Hardin wrote:

On Fri, 18 Dec 2009, Jason Bertoch wrote:


Charles Gregory wrote:


 If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS
 should make note of this and remove the IP


Or we could have the whitelist rules in a meta such that they only hit 
when a blacklist rule doesn't, if this is a common enough problem.  It 
might also allow people to get past the high negative score for the 
whitelists.


That sounds like a good idea to me...



Is there a way to pull stats on this concept from mass check results or 
would a new rule need to be checked in by a dev?


/Jason

RE: habeas - tainted white list

[R-Elists]

> 
> In the absence of evidence to the contrary, yes.
> 
> If it's that big a problem for you in real life, then you 
> should be able to provide FNs to the masscheck corpora that 
> will _prove_ these scores are too generous.
> 
> We understand your philosophical objection. Providing hard 
> evidence of FNs will go much further towards making your 
> point than name calling will.
> 
> -- 
>   John Hardin 

John,

great!!!

here is a chance for possible help in more areas than just this specific
ruleset issue...

i asked Rob some time ago if he could write a script that would check logs
and report if a certain rule was effective or not by itself vrs if other
rules hit with it and maybe that rule was not needed or could be lowered etc
etc

and if other rules hit with it, then we would see how effective that rule
was and why and when etc etc

i am guessing that you folks already have these tools or similar tools or
help?

although i could probably come up with general logic flow and an algo for
this, i would not be able to hard codify and implement at this time...

yeah yeah, i know and im still working with PERL for dummies and will get
past the intro some time soon

 - rh

RE: habeas - tainted white list

[R-Elists]

 

> 
> Spamassassin is not something trivially installed like a 
> piece of Microsoft junkware. In fact, it is nearly impossible 
> to get it to do anything useful without reading lots of 
> documents Daryl. Couple this with the fact it only *scores* 
> mail - it does not block it - any mish mash of rules could be 
> argued to be 'safe'. If it were deployed at the SMTP level 
> where it was kicking out 55x's it may be a different story.
> So the 'safe' angle really has no legs.
> 

CB,

the thing is, some of us do have SA integrated in such a way as to reject
spam at SMTP time

that is one of the main reasons why we do not believe that UBE should be
given preference in SA as a *default*

in general, if legit companies with legit MOI lists and whatever other
*legit* email admin concerns cannot make simple emails that will not be
scored as spam and make into easily into people's email boxes then too bad.

way too much & way to frequent UBE junk.

 - rh

Re: OT Re: Museum piece...

[Per Jessen]

Benny Pedersen wrote:

> On Fri 18 Dec 2009 07:09:03 PM CET, Per Jessen wrote
>> Completely agree, but the ZX80/1 made computers very, very
>> affordable. I was 15 when I managed to convince my parents that I
>> desperately needed
>> one of those.  Back in 1981,
> 
> zx80 was 1980 imho, and had just 1k ram, and 8k rom, fully expandeble
> to a cpm system that is can run rc7000 software :)

Yeah, I started on the ZX81 - still have one with its 64K RAM expansion. 

>> I think it was about DKK1500, I'm not sure.
> 
> i still have danish books with that prise from that time
> 
>> It was a hell of a jump from the RC7000 with teletype and 32k
>> core memory we had at school.
> 
> i remember comet in multiuser setup with shared floppy disks, and
> printers or plotters, even some of them with some lego or fisher
> teknic electronik learning kits :)

The gymnasium I went to (Langkaer) was built in the mid-70s, and had
a "computer room" - top notch.  Except nobody used it - when I started
there in 1979, a couple of us got the keys to the room.  An RC7000 with
bootstrap switches, a teletype with papertype and -punch, 3 x 80x25
terminals, 2 x 8" floppy drives - heaven! Until the ZX81 came along.  I
think the next thing I got was the Newbrain, then an IBM PC, then IBM
mainframes around 1986.


/Per Jessen, Zürich

RE: habeas - tainted white list

[R-Elists]

 

> 
> or create a bug to have dnswl use trusted_networks from 
> local.cf in spamassassin
> 

Benny

can you help me / us better understand what you are getting at here and why?

something you already do or implement?

i wish i knew a better way to ask the question(s) so that you could better
help us understand your thinking

tia

 - rh

Re: [sa] Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 13:29:40 -0500 (EST)
Charles Gregory  wrote:

> On Fri, 18 Dec 2009, Christian Brel wrote:
> > Charles, you *are* speaking for J D Falk with his Auspices?
> 
> Hey, J D! Please post and give me your auspices.
> I'd love to see what this Troll posts if you say 'sure'. :)
> 
> - C


I was just under the impression that J D - who I actually rather
respect for the difficult balance he has to strike, was in the job of
reputation management and is a consummate professional, so I'm not
entirely sure he would put his reputation into your hands - but he may
as he has a wicked sense of humour.

But to put you out of your misery I would say;
"Thank you J.D."
"Thank you Charles".

Anything else I can help you with Charles, or are you done?
Merry Christmas


-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: [sa] Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 13:21:00 -0500 (EST)
Charles Gregory  wrote:

> On Fri, 18 Dec 2009, Christian Brel wrote:
> > There comes a time when you need to deal with that and move on. We
> > are all grown up now and not - like you say - '5 & 6 year old
> > children'.
> 
> Good. Then stop talking like them.
Perhaps you need to stop *acting* like them ;-)
> 
> > Please feel free to act like an adult and end the personal attacks,
> > or, act like a troll. It's your reputation ;-)
> 
> The man who got banned and had to fake a new user name is lecturing
> me on reputation? ROFLMAOUIPMP
> 
So two wrongs would make a right. I see. Yep, I'm laughing too :-)

> > Return Path:
> > "Today we are the world’s leading email deliverability services
> > company and our clients include Fortune 500 firms"
> 
> There. You now have the answer to your question. So stop asking it.
> (Finally)
I don't thing anyone was ever under the impression they were a charity
doing it for love. But that would be an assumption. After all, those
HABEAS 'oil can' rules are in Spamassassin for love and not money

> 
> > do you think this is a commercial enterprise or a charity?
> 
> Do I think you will ever ask any questions not already answered or
> obvious from the website?
> 
> - C
I apologise, that was rude of me. I was told *not* to assume something
even if it was obvious. So it's clear for the Archives;

Return Path is a commercial operation that makes money.
Return Path mail is eased through Spamassassin with negative scoring
rules.
Asking if any money changed hands for this position of privilege
provokes hostility.
Despite these rules benefiting the commercial interests of Return Path,
and not necessarily the users - and despite there being no fiscal
reward for Apache/Spamassassin - this state of affairs will remain.

Yep, I'm clear on that.

Most of this has been addressed by Daryl in grown up talk whilst you
were tucked up in your bed.

I would like to take this opportunity to thank you Charles, you've
really made me laugh this afternoon and I love you. X X X. You've been
really helpful and I'm glad you've become my friend :-) Have a Merry
Christmas.
-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: Whitelists in SA

[LuKreme]

On Dec 18, 2009, at 7:56, Charles Gregory  wrote:

Still no changes through the sa-update channel.
Is there a time delay in the masscheck results being applied?


It's already been stayed no changes to 3.2.5 will be made until 3.3 is  
done, hasn't it?

Re: habeas - tainted white list

[LuKreme]

On Dec 18, 2009, at 7:12, John Hardin  wrote:

On Fri, 18 Dec 2009, Christian Brel wrote:

On Fri, 18 Dec 2009 02:29:56 -0700
LuKreme  wrote:

I might agree with some small portion of our resident troll's posts,


You need to resort to abuse for what particular reason?


Repeatedly accusing the SA developers of fraudulent collusion is  
abusive. Don't be surprised if people are abusive in return.


I dunno. I don't consider Troll to be abusive. Descriptive, perhaps.



 "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
 does quite what I want. I wish Christopher Robin was here."
  -- Peter da Silva in a.s.r


That is truly brilliant. Not familiar with a.s.r though. Peter da  
Silva sounds familiar though. 

Re: [sa] Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Christian Brel wrote:

Charles, you *are* speaking for J D Falk with his Auspices?


Hey, J D! Please post and give me your auspices.
I'd love to see what this Troll posts if you say 'sure'. :)

- C

Re: [sa] Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Christian Brel wrote:

There comes a time when you need to deal with that and move on. We are
all grown up now and not - like you say - '5 & 6 year old children'.


Good. Then stop talking like them.


Please feel free to act like an adult and end the personal attacks, or,
act like a troll. It's your reputation ;-)


The man who got banned and had to fake a new user name is lecturing me on 
reputation? ROFLMAOUIPMP



Return Path:
"Today we are the world’s leading email deliverability services company
and our clients include Fortune 500 firms"


There. You now have the answer to your question. So stop asking it.
(Finally)


do you think this is a commercial enterprise or a charity?


Do I think you will ever ask any questions not already answered or obvious 
from the website?


- C

Re: OT Re: Museum piece...

[Benny Pedersen]

On Fri 18 Dec 2009 07:09:03 PM CET, Per Jessen wrote

Completely agree, but the ZX80/1 made computers very, very affordable. I
was 15 when I managed to convince my parents that I desperately needed
one of those.  Back in 1981,


zx80 was 1980 imho, and had just 1k ram, and 8k rom, fully expandeble  
to a cpm system that is can run rc7000 software :)



I think it was about DKK1500, I'm not
sure.


i still have danish books with that prise from that time


It was a hell of a jump from the RC7000 with teletype and 32k
core memory we had at school.


i remember comet in multiuser setup with shared floppy disks, and  
printers or plotters, even some of them with some lego or fisher  
teknic electronik learning kits :)


--
xpoint http://www.unicom.com/pw/reply-to-harmful.html


pgpad0maaBCSX.pgp
Description: PGP Digital Signature

Re: [sa] Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 13:00:05 -0500 (EST)
Charles Gregory  wrote:

> On Fri, 18 Dec 2009, Christian Brel wrote:
> >> Go SEARCH the archives, troll.  :)
> > Perhaps I can help you understand why the question was asked on
> > list.
> 
> It's obvious as to why. You failed to read previous postings that
> answered the question the first time(s) you (or someone else) asked
> it
> 
> > "Return Path is not an ESP by any of the common definitions.
> > http://en.wikipedia.org/wiki/ESP
> > (No wonder you're confused.)"
> > To which I asked J D Falk:
> > "Would it be rude of me to ask how you make your money? Is it from
> > the provision and delivery of bulk commercial email or am I
> > confused?" Now, I've not seen J D follow up to that, unless you
> > have elected yourself to his spokesperson and qualified to answer
> > for him?
> 
> Hint: "No wonder you're confused" refers to your question "or am I 
> confused?" So you have *quoted* his follow up and pretended that it
> was *before* your useless, repeated question. And then you claim that
> you have 'not seen' the follow up you quote? ROFLMAO!
> 
> I ammend my request one more time:
> 
> Go SEARCH the archive IN CHRONOLOGICAL ORDER, troll.
> 
> - C

Charles, you *are* speaking for J D Falk with his
Auspices? No? Then you are trolling - keep going. I love it when you
are angry ;-)

-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: OT Re: Museum piece...

[Per Jessen]

Gene Heskett wrote:

> On Friday 18 December 2009, Per Jessen wrote:
>>hc...@mail.ewind.com wrote:
>>> re: CP/M
>>>
>>> No S-100 bus systems mentioned yet?
>>>
>>> My first home computer was a Godbout S-100 bus system running a dual
>>> 8085/8088 CPU board. At that time, the future in operating systems
>>> was going to be CP/M 86.
>>
>>I'm surprised nobody has mentioned the ZX80/1 yet.  I've also got a
>>Newbrain stashed away somewhere, manuals, circuit diagrams an' all.
>>
> That's because the z-80 was only slightly less dain bramaged than the
> 6502.

Completely agree, but the ZX80/1 made computers very, very affordable. I
was 15 when I managed to convince my parents that I desperately needed
one of those.  Back in 1981, I think it was about DKK1500, I'm not
sure.  It was a hell of a jump from the RC7000 with teletype and 32k
core memory we had at school.


/Per Jessen, Zürich

Re: [sa] Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Christian Brel wrote:

Go SEARCH the archives, troll.  :)

Perhaps I can help you understand why the question was asked on list.


It's obvious as to why. You failed to read previous postings that answered 
the question the first time(s) you (or someone else) asked it



"Return Path is not an ESP by any of the common definitions.
http://en.wikipedia.org/wiki/ESP
(No wonder you're confused.)"
To which I asked J D Falk:
"Would it be rude of me to ask how you make your money? Is it from the
provision and delivery of bulk commercial email or am I confused?"
Now, I've not seen J D follow up to that, unless you have elected
yourself to his spokesperson and qualified to answer for him?


Hint: "No wonder you're confused" refers to your question "or am I 
confused?" So you have *quoted* his follow up and pretended that it was 
*before* your useless, repeated question. And then you claim that you have 
'not seen' the follow up you quote? ROFLMAO!


I ammend my request one more time:

Go SEARCH the archive IN CHRONOLOGICAL ORDER, troll.

- C

Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 12:03:38 -0500 (EST)
Charles Gregory  wrote:

> On Fri, 18 Dec 2009, Christian Brel wrote:
> >>> You need to resort to abuse for what particular reason?
> >> Repeatedly accusing the SA developers of fraudulent collusion is
> >> abusive. Don't be surprised if people are abusive in return.
> > That is your choice of words - not mine. It is interesting that
> > when reasonable questions about the motivation for a bizarre part
> > of SA is brought up, others are entitled to abuse the person with
> > that point of view - but he must not respond to that abuse or runs
> > the risk of the mob ganging up.
> 
> Now where have I heard this before...?   Sounds so familiar.
> 
> Ah! Right! Got it.
> My (then) 5 and 6 year old children arguing over who "started it".
> 
> - C
> PS. You did. No one calls you 'troll' until you act like one.

And this pointless post you have just made is ?not? trolling to provoke
a reaction? I apologise if at some point in the past I've hurt your
feelings or made you look small. Sincerely.

There comes a time when you need to deal with that and move on. We are
all grown up now and not - like you say - '5 & 6 year old children'.

Please feel free to act like an adult and end the personal attacks, or,
act like a troll. It's your reputation ;-)

BTW:
Return Path:
"Today we are the world’s leading email deliverability services company
and our clients include Fortune 500 firms" do you think this is a
commercial enterprise or a charity?


-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: [sa] Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 12:18:46 -0500 (EST)
Charles Gregory  wrote:

> On Fri, 18 Dec 2009, Christian Brel wrote:
> >> Go read the archives, troll.
> > All of them or do you have something specific, troll?
> 
> Fine, fine, pedant.
> 
> Go SEARCH the archives, troll.  :)
> 
> - C
Perhaps I can help you understand why the question was asked on list.
Yesterday, J D Falk of Return Path said;

"Return Path is not an ESP by any of the common definitions.
http://en.wikipedia.org/wiki/ESP
(No wonder you're confused.)"

To which I asked J D Falk:
"Would it be rude of me to ask how you make your money? Is it from the
provision and delivery of bulk commercial email or am I confused?"

Which is perfectly fair, direct and reasonable. There is a like for
like sarcastic ending, just as J D Provided.

Now, I've not seen J D follow up to that, unless you have elected
yourself to his spokesperson and qualified to answer for him? The
alternative would be you are just spoiling for an argument and fit the
'troll' definition rather well:

"a troll is someone who posts ...with the primary intent of provoking"

But please, carry on - it suits you.

-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: OT Re: Museum piece...

[Bowie Bailey]

R-Elists wrote:
> as far as museum pieces go, i submit that my first was an Apple 2E if i
> remember correctly..
>
> BRUN BEERRUN
>
> was an interesting game, or something to that effect...   ;-)
>
> ...and (snore) i also programmed a helicopter to fly across the top and drop
> a bomb on a "space invader" and go boom...
>
> wow huh?
>   

My first computer was an Apple II+.  Black case made by Bell & Howell. 
It had a cassette drive and connected to the TV for video. It had a
couple of paddle controllers that we used to play Breakout and Pong.  I
have no idea how much (little) memory it had.  I think we eventually
added a 5.25 floppy to it.  I remember typing in games in Basic from a
couple of books full of Basic games.

-- 
Bowie

Re: OT Re: Museum piece...

[Gene Heskett]

On Friday 18 December 2009, Per Jessen wrote:
>hc...@mail.ewind.com wrote:
>> re: CP/M
>>
>> No S-100 bus systems mentioned yet?
>>
>> My first home computer was a Godbout S-100 bus system running a dual
>> 8085/8088 CPU board. At that time, the future in operating systems was
>> going to be CP/M 86.
>
>I'm surprised nobody has mentioned the ZX80/1 yet.  I've also got a
>Newbrain stashed away somewhere, manuals, circuit diagrams an' all.
>
That's because the z-80 was only slightly less dain bramaged than the 6502.
>
>/Per Jessen, Zürich
>


-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.


A day without sunshine is like a day without orange juice.

Re: [sa] Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Jason Bertoch wrote:
Or we could have the whitelist rules in a meta such that they only hit 
when a blacklist rule doesn't, if this is a common enough problem.  It 
might also allow people to get past the high negative score for the 
whitelists.


Hm. I *like* that one!

- C

Re: OT Re: Museum piece...

[Gene Heskett]

On Friday 18 December 2009, John Hardin wrote:
>On Fri, 18 Dec 2009, Gene Heskett wrote:
>> I got to work for several months as a bench tech for an outfit building
>> the first pair of the then smallest tv cameras in the world.
>>
>> Later I found out that one of those civies was Jacques Cousteau,
>>
>> 3 hours later had a contract to put those two cameras on the Trieste as
>> soon as we could get the pressure cases built.  Those were headed for
>> the bottom of the Challenger Deep, 37,000+ feet in the big pond.  Short
>> story, we did, and they worked.
>
>And I think Gene wins. Bravo! That's a cool story.

Thanks John.  I have in my 75 years of history, several examples of being in 
the right place, at the right time, due purely by serendipity.  But I think 
we have wasted enough of this lists tolerance for off-topic posts by now.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.


Who is John Galt?

Re: [sa] Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Christian Brel wrote:

Go read the archives, troll.

All of them or do you have something specific, troll?


Fine, fine, pedant.

Go SEARCH the archives, troll.  :)

- C

rule test repo updates?

[R-Elists]

is this older link still working and keeping realtime track of updates?

http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/

specifically this link

http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/

since i have been watching these devels

thanks

 - rh

Re: OT Re: Museum piece...

[Gene Heskett]

On Friday 18 December 2009, jdow wrote:
>From: "Gene Heskett" 
>Sent: Thursday, 2009/December/17 21:21
[...]
>
>Now, if you want to "get me rolling" about an incompetent computer
>company just mention GRiD and their Compass not really a laptop computer.
>Even the bugs were themselves buggy. (We had to own 6 of them to keep 5
>running most of the time. The displays went out regularly. And the OS
>would lock up at peculiar times "just because it felt like it" when
>trying to talk to an HPIB device. (It had built in HPIB to talk to its
>disk drive etc.) Wikipiddle accuses it of being a laptop. All I can do
>is snicker about that assertion. Then they continue the phrase to call
>it a computer. Admittedly it was, on brief occasions, a computer. But
>it spent too much time emulating a doorstop to be worthy of its price.
>
>{^_^}
>
ROTFL, thanks Joanne.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.


There is something in the pang of change
More than the heart can bear,
Unhappiness remembering happiness.
-- Euripides

Re: habeas - tainted white list

[John Hardin]

On Fri, 18 Dec 2009, Jason Bertoch wrote:


Charles Gregory wrote:


 If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS
 should make note of this and remove the IP


Or we could have the whitelist rules in a meta such that they only hit 
when a blacklist rule doesn't, if this is a common enough problem.  It 
might also allow people to get past the high negative score for the 
whitelists.


That sounds like a good idea to me...

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: [sa] Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Christian Brel wrote:

On Thu, 17 Dec 2009, Christian Brel wrote:

Would it be rude of me to ask how you make your money? Is it from
the provision and delivery of bulk commercial email or am I
confused?

Wow. People are running down ReturnPath and they don't even have a
clear idea of what RP *does*? How lame is that?

I did ask for clarification as to if they earned money for assisting in
the delivery of bulk, commercial email. I've not seen a reply yet to
help me clarify this.


Read the archives, troll.


Perhaps you can explain tome what they do and how they make their
money? I would prefer to hear it from someone authorised to speak for
RP - but please feel free to post something constructive.


Get it right from Return Path themselves:
http://www.returnpath.net/

- C

Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Christian Brel wrote:

You need to resort to abuse for what particular reason?

Repeatedly accusing the SA developers of fraudulent collusion is
abusive. Don't be surprised if people are abusive in return.

That is your choice of words - not mine. It is interesting that  when
reasonable questions about the motivation for a bizarre part of SA is
brought up, others are entitled to abuse the person with that point of
view - but he must not respond to that abuse or runs the risk of the
mob ganging up.


Now where have I heard this before...?   Sounds so familiar.

Ah! Right! Got it.
My (then) 5 and 6 year old children arguing over who "started it".

- C
PS. You did. No one calls you 'troll' until you act like one.

Re: habeas - tainted white list

[Jason Bertoch]

Charles Gregory wrote:

On Fri, 18 Dec 2009, Christian Brel wrote:

On he subject of Spammy whitelists...
* -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
low
*  trust
*  [212.159.7.100 listed in list.dnswl.org]
Yet the same IP is on and off SORBS and part of an ongoing spam
problem. Perhaps this can be reviewed and given a zero score by default?


I see these from time to time. This is what gave rise to my intial 
inquiry about the frequency with which whitelited servers are hacked. 
Ideally, the whitelist should have a mechanism for temporarily 
suspending IP's that have been hacked. Perhaps running a check of their 
list against internet blacklists would help? If a spammer gets an IP 
blacklisted, at the least DNSWL and HABEAS should make note of this and 
remove the IP




Or we could have the whitelist rules in a meta such that they only hit 
when a blacklist rule doesn't, if this is a common enough problem.  It 
might also allow people to get past the high negative score for the 
whitelists.

Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Christian Brel wrote:

On he subject of Spammy whitelists...
* -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
low
*  trust
*  [212.159.7.100 listed in list.dnswl.org]
Yet the same IP is on and off SORBS and part of an ongoing spam
problem. Perhaps this can be reviewed and given a zero score by default?


I see these from time to time. This is what gave rise to my intial inquiry 
about the frequency with which whitelited servers are hacked. Ideally, the 
whitelist should have a mechanism for temporarily suspending IP's that 
have been hacked. Perhaps running a check of their list against internet 
blacklists would help? If a spammer gets an IP blacklisted, at the least 
DNSWL and HABEAS should make note of this and remove the IP


- C

Re: habeas - tainted white list

[John Hardin]

On Fri, 18 Dec 2009, Christian Brel wrote:


On Fri, 18 Dec 2009 06:19:25 -0800 (PST)
John Hardin  wrote:


We understand your philosophical objection. Providing hard evidence
of FNs will go much further towards making your point than name
calling will.


The name calling being?


Alright, let me amend that: Providing hard evidence of FNs will go much 
further towards making your point - and getting the rules fixed in a 
useful manner - than will repeated accusations that the SA devs are taking 
bribes to weaken SA.


And phrasing it as a question doesn't make it any less of an accusation, 
given it keeps being repeated after reasonable explanations have been 
provided.


At the moment there's insufficient _hard data_ to support the contention 
that the reputation whitelists are assisting FNs to a great degree. The 
data from masscheck suggests the impact of the reputation whitelists is 
neutral to very slightly positive (in terms of reducing FPs). If you feel 
this isn't justified, if you're seeing a lot of FNs that can be laid at 
the feet of a reputation whitelist rule, then please feed that hard data 
into the masscheck corpora so that the scoring process can take it into 
account.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: Cooperative data gathering project.

[Jonas Eckerman]

Per Jessen wrote:


DNS lookups are usually tried done with UDP first,


Sure, DNS usually uses UDP, but the DNS resolver also waits for an 
answer, wich is simply a waste of time when the sender doesn't need the 
answer.


Add to this that resolving one address may result in multiple queries 
and that a DNS answer often containes more that the queried info and you 
get more overhead.


> but I agree, just use UDP.

Absolutely. Imo, the approach suggested by Marc is a text-book example 
of when to use UDP.


(And if more security is needed the easiest way would be to simple limit 
access to approved IP addresses.)


Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

Re: Cooperative data gathering project.

[Jonas Eckerman]

Jason Haar wrote:

Then the third filed is NONE. That's how I do it. But the idea is that 
any kind of daya can be collectively gathered and distributed.




Instead of a TCP channel (which means software), what about using DNS? 
If the SA clients did RBL lookups that contained the details as part of 
the query,


With any sane SpamAssassin setup for multiple users this wouldn't work.

Any SA install except for very small mail flows should use a caching DNS 
 server/proxy, preferably one that caches negative results. It's also a 
good idea if the caching server used for DNSL checks enforces a minimum TTL.


This results in repeated queries not making it to the origin servers. 
Even if the origin server uses ridicilously low TTLs.


The distributed caching nature of DNS is a reason why DNSLs are so 
efficient, but also one reason why DNS isn't suitable for everything.


Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

Re: Cooperative data gathering project.

[Jonas Eckerman]

Marc Perkel wrote:


spam 1.2.3.4 example.com
ham 5.6.7.8 example2.com



Sending these one line TCP messages if fairly easy.


Why use TCP for this? Establishing a connection channel for simple short 
mesages where a return code is not required introduces pointless overhead.


It'd be much simpler using UDP instead.

Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

Re: Whitelists in SA

[John Hardin]

On Fri, 18 Dec 2009, Charles Gregory wrote:


On Thu, 17 Dec 2009, jdow wrote:

 It is a good thing this issue was raised. It led to appropriate mass
 check runs. I expect that will lead to saner scoring within the SA
 framework. If not and it bites me, THEN I'll raise the issue again.
 Does that seem fair?


50_scores.cf:score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0
50_scores.cf:score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3
50_scores.cf:score HABEAS_CHECKED 0 -0.2 0 -0.2

Still no changes through the sa-update channel.


There won't be until after 3.3.0 ships. Then changes to 3.2.x (including a 
possible 3.2.6 release) will be considered.


As far as I know rule promotion and rescoring are not automatic for 3.2.x, 
it's still a manual process. All of the focus right now is on getting 
3.3.0 out.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 10:26:28 -0500 (EST)
Charles Gregory  wrote:

> On Fri, 18 Dec 2009, Christian Brel wrote:
> > But they should not have to disable a whitelist that assists
> > with the delivery of bulk commercial mail in an anti-spam
> > application! If the sender is relying on such rules to keep the
> > mailout under the radar then clearly there is something very wrong
> > with that?
> 
> Go read the archives, troll.
> 
> - C
> 
All of them or do you have something specific, troll?

-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Christian Brel wrote:

But they should not have to disable a whitelist that assists
with the delivery of bulk commercial mail in an anti-spam application!
If the sender is relying on such rules to keep the mailout under the
radar then clearly there is something very wrong with that?


Go read the archives, troll.

- C

Re: habeas - tainted white list

[Charles Gregory]

On Fri, 18 Dec 2009, Christian Brel wrote:

Why not default them to zero and include in the release notes/man that
there are whitelists and they can *enable* them?


Go read the archives, troll.

- C

Re: OT Re: Museum piece...

[Per Jessen]

Benny Pedersen wrote:

> On fre 18 dec 2009 15:57:18 CET, Per Jessen wrote
> 
>> I'm surprised nobody has mentioned the ZX80/1 yet.
> 
> or even spectrum hacked to run cpm :)
> 
>> I've also got a Newbrain stashed away somewhere, manuals, circuit
>> diagrams an' all.
> 
> add it to ebay if you want to sell it, if i remember newbrain has 2
> z80 cpu ?

I think the basic model had just one, but there's also an IO controller
and one box more - there's a lot of Zilog hardware involved.


/Per Jessen, Zürich

Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 09:53:37 -0500 (EST)
Charles Gregory  wrote:

> On Thu, 17 Dec 2009, Christian Brel wrote:
> > Would it be rude of me to ask how you make your money? Is it from
> > the provision and delivery of bulk commercial email or am I
> > confused?
> 
> Wow. People are running down ReturnPath and they don't even have a
> clear idea of what RP *does*? How lame is that?
> 
> Oh. Beg pardon. It's Christian. Now I know for sure that he's Richard.
> Same lame hyperbole and straw man BS.
> 
> (yawn)
> 
> - Charles
I did ask for clarification as to if they earned money for assisting in
the delivery of bulk, commercial email. I've not seen a reply yet to
help me clarify this. I've been open and transparent about it and asked
on list. But your abusive rebuttal is noted. 


Perhaps you can explain tome what they do and how they make their
money? I would prefer to hear it from someone authorised to speak for
RP - but please feel free to post something constructive.

-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: OT Re: Museum piece...

[Benny Pedersen]

On fre 18 dec 2009 15:57:18 CET, Per Jessen wrote


I'm surprised nobody has mentioned the ZX80/1 yet.


or even spectrum hacked to run cpm :)

I've also got a Newbrain stashed away somewhere, manuals, circuit  
diagrams an' all.


add it to ebay if you want to sell it, if i remember newbrain has 2 z80 cpu ?

--
xpoint http://www.unicom.com/pw/reply-to-harmful.html


pgp2Kz8F0bv0l.pgp
Description: PGP digital signatur

Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 06:19:25 -0800 (PST)
John Hardin  wrote:

> On Fri, 18 Dec 2009, Christian Brel wrote:
> 
> > On Fri, 18 Dec 2009 06:49:41 -0600
> > Daniel J McDonald  wrote:
> >
> >> On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote:
> >>> On Fri, 18 Dec 2009 03:44:32 -0500
> >>> "Daryl C. W. O'Shea"  wrote:
> >>>
>  Please stop beating the -4 and -8 horse.  We agree.
> >>>
> >>> Then fix it and show who really is in charge of this project?
> >>
> >> It's been fixed.  Don't you know how to use bugzilla?
> >>
> >> http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460&r2=891459&pathrev=891460
> >>
> >> The new scores will come out in 3.3.0, RC1 is very soon...
> >
> > +score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0
> > +score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0
> >
> > This is 'fixed'?
> 
> In the absence of evidence to the contrary, yes.
> 
> If it's that big a problem for you in real life, then you should be
> able to provide FNs to the masscheck corpora that will _prove_ these
> scores are too generous.
> 
> We understand your philosophical objection. Providing hard evidence
> of FNs will go much further towards making your point than name
> calling will.
> 
The name calling being?


-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: Whitelists in SA

[Charles Gregory]

On Thu, 17 Dec 2009, jdow wrote:

It is a good thing this issue was raised. It led to appropriate mass
check runs. I expect that will lead to saner scoring within the SA
framework. If not and it bites me, THEN I'll raise the issue again.
Does that seem fair?


50_scores.cf:score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0
50_scores.cf:score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3
50_scores.cf:score HABEAS_CHECKED 0 -0.2 0 -0.2

Still no changes through the sa-update channel.
Is there a time delay in the masscheck results being applied?

- Charles

Re: OT Re: Museum piece...

[Per Jessen]

hc...@mail.ewind.com wrote:

> re: CP/M
> 
> No S-100 bus systems mentioned yet?
> 
> My first home computer was a Godbout S-100 bus system running a dual
> 8085/8088 CPU board. At that time, the future in operating systems was
> going to be CP/M 86.

I'm surprised nobody has mentioned the ZX80/1 yet.  I've also got a
Newbrain stashed away somewhere, manuals, circuit diagrams an' all. 


/Per Jessen, Zürich

Re: ixHash / NixSpam downloadable lists

[Per Jessen]

Marc Patermann wrote:

> The NixSpam project maintains downloadable lists for ixHash and
> NixSpam blacklist.
> http://www.ix.de/nixspam/nixspam.blackmatches
> http://www.heise.de/ix/nixspam/nixspam.cachematches
> 
> The easiest way may be to generate local DNS zones for this, isn't it?
> Does anyone does this before and has a script?
> How does the resulting zone file look like?

Look up rbldnsd instead. 


/Per Jessen, Zürich

Re: habeas - tainted white list

[Charles Gregory]

On Thu, 17 Dec 2009, Christian Brel wrote:

Would it be rude of me to ask how you make your money? Is it from the
provision and delivery of bulk commercial email or am I confused?


Wow. People are running down ReturnPath and they don't even have a clear 
idea of what RP *does*? How lame is that?


Oh. Beg pardon. It's Christian. Now I know for sure that he's Richard.
Same lame hyperbole and straw man BS.

(yawn)

- Charles

Re: ixHash / NixSpam downloadable lists

[Kai Schaetzl]

Marc Patermann wrote on Fri, 18 Dec 2009 12:21:21 +0100:

> When I try to test with an entry from a today's list, i get no result:
> (http://www.kloth.net/services/nslookup.php)

That's a flaw in that service. I get 127.0.0.2.
Isn't the OFD able to provide spam-free mail?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 06:12:06 -0800 (PST)
John Hardin  wrote:

> On Fri, 18 Dec 2009, Christian Brel wrote:
> 
> > On Fri, 18 Dec 2009 02:29:56 -0700
> > LuKreme  wrote:
> >
> >> I might agree with some small portion of our resident troll's
> >> posts,
> >
> > You need to resort to abuse for what particular reason?
> 
> Repeatedly accusing the SA developers of fraudulent collusion is
> abusive. Don't be surprised if people are abusive in return.
> 

That is your choice of words - not mine. It is interesting that  when
reasonable questions about the motivation for a bizarre part of SA is
brought up, others are entitled to abuse the person with that point of
view - but he must not respond to that abuse or runs the risk of the
mob ganging up.

It seems that *some* can alter subject lines to abuse, send abusive
off-list mail, openly abuse etc, whilst others just have to sit and
take it. When they are not happy to do that they are accused of
trolling. Strikes me as cyber-bulling, but I've no intention of rising
to it - it's all rather boring.

-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: habeas - tainted white list

[John Hardin]

On Fri, 18 Dec 2009, Christian Brel wrote:


On Fri, 18 Dec 2009 06:49:41 -0600
Daniel J McDonald  wrote:


On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote:

On Fri, 18 Dec 2009 03:44:32 -0500
"Daryl C. W. O'Shea"  wrote:


Please stop beating the -4 and -8 horse.  We agree.


Then fix it and show who really is in charge of this project?


It's been fixed.  Don't you know how to use bugzilla?

http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460&r2=891459&pathrev=891460

The new scores will come out in 3.3.0, RC1 is very soon...


+score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0
+score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0

This is 'fixed'?


In the absence of evidence to the contrary, yes.

If it's that big a problem for you in real life, then you should be able 
to provide FNs to the masscheck corpora that will _prove_ these scores are 
too generous.


We understand your philosophical objection. Providing hard evidence of FNs 
will go much further towards making your point than name calling will.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: habeas - tainted white list

[Daniel J McDonald]

On Fri, 2009-12-18 at 12:53 +, Christian Brel wrote:
> On Fri, 18 Dec 2009 06:49:41 -0600
> Daniel J McDonald  wrote:
> 
> > On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote:
> > > On Fri, 18 Dec 2009 03:44:32 -0500
> > > "Daryl C. W. O'Shea"  wrote:
> > > 
> > > > Please stop beating the -4 and -8 horse.  We agree.
> > > > 
> > > > Daryl
> > > > 
> > > > 
> > > 
> > > Then fix it and show who really is in charge of this project?
> > > 
> > It's been fixed.  Don't you know how to use bugzilla?
> > 
> > http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460&r2=891459&pathrev=891460
> > 
> > The new scores will come out in 3.3.0, RC1 is very soon...
> > 
> 
> +score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0
> +score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0
> 
> This is 'fixed'? 

Have you read the bugzilla entry?  huge discussion about how to fix it
properly.  You also ignored the five rules removed and replaced by these
two.


-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com

Re: habeas - tainted white list

[John Hardin]

On Fri, 18 Dec 2009, Christian Brel wrote:


On Fri, 18 Dec 2009 02:29:56 -0700
LuKreme  wrote:


I might agree with some small portion of our resident troll's posts,


You need to resort to abuse for what particular reason?


Repeatedly accusing the SA developers of fraudulent collusion is abusive. 
Don't be surprised if people are abusive in return.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: Sharing and merging bayes data?

[RW]

On Fri, 18 Dec 2009 10:56:46 +0530
Rajkumar S  wrote:

> On Fri, Dec 18, 2009 at 9:29 AM, Matt Kettler
>  wrote:
> >  As you mentioned, you'd need a custom script  (not wildly
> > complicated for a good perl scripter, but beyond the bounds of
> > someone with only crude scripting skills.) as well as historical
> > copies of each database from the last merge.
> 
> Is the file format of bayes db available some where? google did not
> turn up any thing. It would be great if some more information about
> how to go about merging the db can be posted.

You can use "sa-learn" --backup to dump it to a text file, the format of
that is pretty much self-explanatory. sa-learn --restore can load the
merged file back into SA. 

Re: OT Re: Museum piece...

[John Hardin]

On Fri, 18 Dec 2009, Gene Heskett wrote:

I got to work for several months as a bench tech for an outfit building 
the first pair of the then smallest tv cameras in the world.



Later I found out that one of those civies was Jacques Cousteau,


3 hours later had a contract to put those two cameras on the Trieste as 
soon as we could get the pressure cases built.  Those were headed for 
the bottom of the Challenger Deep, 37,000+ feet in the big pond.  Short 
story, we did, and they worked.


And I think Gene wins. Bravo! That's a cool story.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
   -- Peter da Silva in a.s.r
---
 7 days until Christmas

Re: habeas - tainted white list

[Per Jessen]

Daryl C. W. O'Shea wrote:

> If we had more mass-check data from a wider number of mail recipients
> maybe it would change things, statistically, maybe it wouldn't.  New
> mass-check contributors are always welcome.  They take very little
> effort to manage once you've set it up (I ignore mine for years at a
> time).

Is there a good howto for setting this up? 


/Per Jessen, Zürich

Re: habeas - tainted white list

[Matthias Leisi]

dnswl.org does offer trusted_networks-formatted files (separated by our trust 
levels), but beware of bug 5931 for older versions of SA: 
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5931

-- Matthias
 
Am 18.12.2009 um 10:17 schrieb Benny Pedersen:

> On fre 18 dec 2009 10:07:55 CET, "Daryl C. W. O'Shea" wrote
>> If you like you can transparently disable the DNSWLs.
> 
> or create a bug to have dnswl use trusted_networks from local.cf in 
> spamassassin
> 
> -- 
> xpoint http://www.unicom.com/pw/reply-to-harmful.html

Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 06:49:41 -0600
Daniel J McDonald  wrote:

> On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote:
> > On Fri, 18 Dec 2009 03:44:32 -0500
> > "Daryl C. W. O'Shea"  wrote:
> > 
> > > Please stop beating the -4 and -8 horse.  We agree.
> > > 
> > > Daryl
> > > 
> > > 
> > 
> > Then fix it and show who really is in charge of this project?
> > 
> It's been fixed.  Don't you know how to use bugzilla?
> 
> http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460&r2=891459&pathrev=891460
> 
> The new scores will come out in 3.3.0, RC1 is very soon...
> 

+score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0
+score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0

This is 'fixed'? 

-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: habeas - tainted white list

[Daniel J McDonald]

On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote:
> On Fri, 18 Dec 2009 03:44:32 -0500
> "Daryl C. W. O'Shea"  wrote:
> 
> > Please stop beating the -4 and -8 horse.  We agree.
> > 
> > Daryl
> > 
> > 
> 
> Then fix it and show who really is in charge of this project?
> 
It's been fixed.  Don't you know how to use bugzilla?

http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460&r2=891459&pathrev=891460

The new scores will come out in 3.3.0, RC1 is very soon...

-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com

ixHash / NixSpam downloadable lists

[Marc Patermann]

Hi,

because of no external DNS resolution provided by my /provider/, i can 
not use network test in SA and am stuck with local test. :(


I thought about work around a lot of time, but most network checks rely 
on DNS. I can only use HTTP(S) via proxy servers and SMTP via relay 
servers. So no rsync, too.


The NixSpam project maintains downloadable lists for ixHash and NixSpam 
blacklist.

http://www.ix.de/nixspam/nixspam.blackmatches
http://www.heise.de/ix/nixspam/nixspam.cachematches

The easiest way may be to generate local DNS zones for this, isn't it?
Does anyone does this before and has a script?
How does the resulting zone file look like?

When I try to test with an entry from a today's list, i get no result:
(http://www.kloth.net/services/nslookup.php)
-
DNS server handling your query: localhost
 DNS server's address:  127.0.0.1#53

 Non-authoritative answer:
 *** Can't find 8c1897de6330c1cc6087ff36746299a9.ix.dnsbl.manitu.net: 
No answer


 Authoritative answers can be found from:
 ix.dnsbl.manitu.net
origin = ix-dns01.dnsbl.manitu.net
mail addr = please+remove.ixlab.de
serial = 686076856
refresh = 10800
retry = 3600
expire = 604800
minimum = 60
-

Thanks!

Marc

Re: Sharing and merging bayes data?

[Kai Schaetzl]

Rajkumar S wrote on Fri, 18 Dec 2009 10:56:46 +0530:

> Is the file format of bayes db available some where?

dbm, gdbm ...

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: Cooperative data gathering project.

[Per Jessen]

Henrik K wrote:

> Ok, while DNS would "allow" that, it would be a real waste of a
> protocol. Why would you want to make the sending party wait for a
> response that only adds delays and has no purpose? Simply send a UDP
> packet and be done with it. No TCP or DNS overhead. One or two lines
> of perl.

DNS lookups are usually tried done with UDP first, but I agree, just use
UDP. 


/Per Jessen, Zürich

Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 02:29:56 -0700
LuKreme  wrote:

> I might agree with some small portion of our resident troll's posts,  

You need to resort to abuse for what particular reason?

-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations. 

Re: habeas - tainted white list

[Christian Brel]

On Fri, 18 Dec 2009 10:33:31 +0100
Benny Pedersen  wrote:

> On fre 18 dec 2009 10:23:48 CET, Christian Brel wrote
> 
> >> If you like you can transparently disable the DNSWLs.
> > I found it much more useful to apply them as blocklists and give
> > the a +4/+8 myself - but that's a personal choice.
> 
> and "No, hits=0.7 required=10.0 tests=SPF_SOFTFAIL" is also a
> personal choice ?
> 
For what I am doing, yes ;-)

-- 
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations.