Re[2]: [Declude.JunkMail] declude / spamassassin
I have spamassasin running on my unix servers. I want to use this as an external test for my imail/declude system as an external test. A Declude external test uses filtering logic outside Declude: it sends raw envelope and/or header data to a separate filtering system from Declude and returns the results to Declude so that they may be aggregated with the results of Declude's internal tests and other externals to create an overall weight. SPAMC32 is a Declude external test: it talks to a remote SpamAssassin SPAMD server and returns the results to Declude, with a sizable set of command-line options to reduce resource utilization. The overall bandwidth used by SPAMC32 + SPAMD in combination is essentially half that of a dedicated SpamAssassin server, since the message body need only be vectored in one direction from SPAMC32 to SPAMD and the numeric results returned -- as opposed to being transmitted completely to the SpamAssassin server, tagged, and then transmitted completely to Declude. A Declude _filter_ can scan the header of an incoming messages to check for inserted x- headers from earlier hops in your mail server farm. This is not an external test, but it can check for headers added by SpamAssassin or from any other preprocessor. As developer of SPAMC32, of course I endorse it! However, I understand that people have other reasons that make a non-integrated SpamAssassin equally viable (such as multiple *nix-based stages in their mailflow). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin
Thanks guys, I have it working now! BTW... any way to retrieve any info from SA with regards to test failed or weight? This info is not currently used by Declude, though it is accessible when you run SPAMC32 against a message from the command line. Declude Junkmail doesn't support the use of report files as in Declude Virus -- secondary files left behind by external tests whose results can then be parsed by the Declude for insertion in headers or weighting. If it did, it'd be straightforward to drop a report file for each message and have these integrated into the Declude log. Anyway, the next version of SPAMC32 is coming out very soon with the ability to consult a local SPAMC32 log file (rather than the main SPAMD log file) to check which individual SA rules failed for each message; this is a definite need. As for SPAMC32 inserting headers directly, this is technically simple, but I have purposely avoided implementing this functionality because it will add significant extra disk I/O to reread and alter the original message, rather than letting Declude add all of its headers at once when done processing. Plus, adding the names of 10, 20, or more SA rules to the message headers can be pretty sloppy. So, in sum, header insertion will likely be added as an optional command-line switch, but it's not as much of a priority as the local logging function. I will keep the list posted, as always. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] declude / spamassassin
Anyway, the next version of SPAMC32 is coming out very soon with the ability to consult a local SPAMC32 log file (rather than the main SPAMD log file) to check which individual SA rules failed for each message; this is a definite need. Thanks Sandy, I just wanted to make sure I wasn't missing anything. So, the only thing I will see in the headers is the total score SA results: X-RBL-Warning: SPAMASSASSIN: Message failed SPAMASSASSIN: 3. And declude scores only for the test group, like other tests in the global.cfg file? Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin - topic change
Well since you are working on the code - something that for me would be nice is a modification to your -e switch. What I would like to have happen is return the SA weight only after a threshold is met. For example with a setting of 5 an email of 4.99 would not be considered spam but anything above would and the total score would be passed. Hopefully I'm clear on this - I'm trying! Thanks for the consideration. I think I see your point. If you have the -lt option set, that'll be the low end of what's considered spam, and it's designed to accept a couple of decimal places, so you could pass '-lt 4.99'. The -e switch seems like it could be used concurrently to pass back the SPAMD weight, but by design -e will pass the SPAM weight no matter what else SPAMD or SPAMC32 thinks about the message (-e is designed to allow SPAMC32 to function as a 'weight' type test). So what you're asking for is a switch like -e, but which is more conditional, allowing the possible result codes: - 0, if -lt not met - SPAMD weight, if -lt met and SPAMD weight = -et value - -et value, if SPAMD weight -et value Sounds like a good option, and I can't think of a way of kludging that in one external test instance with the current switches (you could actually do it with multiple SPAMC32 runs -- don't!). I'll add it in. Thanks, Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin
The latest Declude's support bitmasked result codes. You might consider creating a user maintained map from tests failed in SA to bitmapped result codes returned to Declude. I'm not sure what the limit might be in Declude for the number of unique tests, but I have managed to use 16 so far without issue. It probably is limited to either 16 or 32 if it is limited. It might very well not be. Interesting possibility, and I can see the usefulness. . . would be a certain bandwidth saver vs. having different SPAMD instances (and different SPAMC32 runs) for different rulesets, but what you save in bandwidth might be offset be a nearly ridiculous amount of complexity on the client side. One SPAMD might have tens of rulesets and thousands of rules, so trying to bitmask to identify the rules would be pretty crazy. Bitmasking at the ruleset level would be doable, but you wouldn't get the actual offending RegEx line from that, just the file that contained it. Rather than trying to match result codes up to a matrix of all possible results, I think such a full-featured external test as SpamAssassin is really a better push for a dumb report.txt kind of feature, which could simply gulp up a TESTSFAILED-style string returned from SPAMC32 and either put it in the logs without inspection, put it into a Declude variable for further use, or whatever. In the meantime, SPAMC32's upcoming local logging by queuefile name should help immensely with tracking results by rule. Remember that SA has its own weighting features, so tweaking rule-level weights and inter-rule/inter-ruleset dependencies lets you do weight management like Declude's before returning an aggregate SPAMC32 weight. . . albeit at a management cost vs. doing as much as possible within Declude. I'd see bitmasking in the far future, though I can't see putting aside time for it right now. Thanks, Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin
I guess the speeds are much the same as quering a local DNS server for lookups. SA advocate though I am, I can't say that's the case. The speed of a UDP DNS lookup is far faster than a SPAMC32/SPAMD TCP connection for even a tiny message, due both to UDP vs. TCP differences and the amount of data sent for SMTP/MIME mail (i.e. the entire message, if it's = SPAMC32's max message size). The _response_ stage from DNS and SPAMD servers might be somewhat comparable in size and speed, but certainly not the request or processing stages. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] declude / spamassassin
The best config I have set is: SPAMASSASSIN externalnonzero e:\imail\declude\spamd\spamc32.exe -d 209.215.97.193 -r -lt 4 -et 6 -f 3 0 I 'think' so far that spamassassin only reports if SA's score is 4 or more, if so, I score it a 3 on the email test. I am still playing with the values to tune the system. I think your external test's behavior won't be what you expect. The -et switch won't be used without the -e switch, the -lt switch won't be used without the -ht switch, and the -r switch report isn't parsed by Declude, so what you're saying is the same as if you had no special switches at all: Just gimme a 0 if SPAMD says it's ham, and a 1 if SPAMD says it's spam. What did you want it to do? --Sandy A few more tests later, I have found the SA results of 1 to be spam, and my global.cfg line scores a hit at 3, this 3 gets added to the result of SA's 1 and therefore I get 4 points. Hummm... I was hoping to get the real score of SA, max of 10, and score that value against the email message for the weighting system. So, for now, it's ham or spam :) Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin
Of course SpamAssassin has a multitude of different tests and scores within those tests, and it isn't practical to do everything in bitmask fashion, but I could see some utility in separating out a bayesian test as BAYESIAN-LOW, BAYESIAN-MED and BAYESIAN-HIGH for instance, or lumping together multiple Nigerian/Advance Fee Fraud filters into one separate test trackable by Declude. I agree. It will be built, but not in the near term unless I have a (not atypical) fit and put it all in place in one long night this month. . . . --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
