Re: habeas - tainted white list
On 18-Dec-2009, at 00:24, Daryl C. W. O'Shea wrote: From the data we have from mass-checks we are erring a very small amount on the side of caution by not disabling the whitelists by default. I guess that the real issue that I have with the whole HABEAS thing is the magnitude of the default scores. −4 and −8 caused issues that would never have arisen had the defaults been −0.4 and −0.8. Or even −1 and −2. -- The fact is that camels are far more intelligent than dolphins. Footnote: Never trust a species that grins all the time. It's up to something. --Pyramids
Re: habeas - tainted white list
On fre 18 dec 2009 08:13:31 CET, Christian Brel wrote * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? see dnswl homepage, there is NONE, LOW, MED, HI, the above ip is now LOW, want to change it to NONE ? dont change the score in sa to fix a ip spammer -- xpoint http://www.unicom.com/pw/reply-to-harmful.html pgpQdHWaOXxcA.pgp Description: PGP digital signatur
Re: habeas - tainted white list
On Fri, 18 Dec 2009 02:24:45 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Reputation type rules (such as DNSWLs) are probably the only (or certainly one of the very few) types of rules that you can weight heavily negatively. This is due to the nature of an open source product (or even given enough time to game a closed source product). Content based rules are very often easily beaten. If we could have a body rule that looks for this mail is good and assign a -20 score we would. Clearly that would not work. With the kindest of respect, I have to disagree with this. If for argument sake five blocklists with no business {or other} relationship with Spamassassin flag an IP for spamming, then it's a good bet that they are correct and any perceived negativity is earned. How this impacts on Spamassassin is dependent on the scores set - which comes back to you and the developers - so the arguement not only has not legs, it has no arms either. Consider that blocklists are often universally trusted to be sat on the SMTP connection level ahead of Spamassassin, whereas the suggestion of doing that with Habeas as a whitelist would be pure comedy gold :-) Again, find me a commercial white list that wants to be included in SpamAssassin on a free for use basis and I'll pay for the phone call to talk to them. Seriously. I shake my head in utter disbelief at this comment, and I'm sure that Apache Sponsor Barracuda AKA 'emailreg.org' will have just pricked up their ears. I'm pretty sure I brought up the SA developers' *long* standing principle of being as safe as possible for the majority of users by erring on the side of missing spam rather than tagging ham while still putting out a useful product. It's a fair statement that in using an Antispam 'product' that blocks nothing and only assigns a score, the issue of having that score reduced in favour of a known commercial bulk mailer is undesirable. The statistics may have some interest but can be applied to show there is little cause to keep the rule at all if you so wish to bend it the other way. The key is this: I would *never* have known what HABEAS was if I had not seen the name in low scoring spam and asked why. It does not look like I'm the first to ask either. From the data we have from mass-checks we are erring a very small amount on the side of caution by not disabling the whitelists by default. It's a big fat favourable score to one organisation for 'erring a very small amount on the side of caution' don't you think? -4/-8 given the average 419 spam only scores 4-8 points. Forgive me but are Return Path pulling someones strings here as Puppet Masters? If everything is open and transparent give the default user the option to *enable* them and score them zero, unless - of course - there is some kind of logical reason for these mad scoring spam assisting rules that favour Return Path in the default set up? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On 18/12/2009 3:09 AM, LuKreme wrote: On 18-Dec-2009, at 00:24, Daryl C. W. O'Shea wrote: From the data we have from mass-checks we are erring a very small amount on the side of caution by not disabling the whitelists by default. I guess that the real issue that I have with the whole HABEAS thing is the magnitude of the default scores. −4 and −8 caused issues that would never have arisen had the defaults been −0.4 and −0.8. Or even −1 and −2. The scores have been decreased in the upcoming proposed release ruleset. Not to -0.4 and -0.8, but they're no longer -4 and -8. I'm sure that we'll get to (it's been -4 and -8 for years, we're not in a huge rush to do anything now) decreasing them in the 3.2.x sa-update ruleset also once we've firmed up an opinion of what they should be going forward. Please stop beating the -4 and -8 horse. We agree. Daryl
Re: habeas - tainted white list
On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Daryl Then fix it and show who really is in charge of this project? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On 18/12/2009 3:32 AM, Christian Brel wrote: On Fri, 18 Dec 2009 02:24:45 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Reputation type rules (such as DNSWLs) are probably the only (or certainly one of the very few) types of rules that you can weight heavily negatively. This is due to the nature of an open source product (or even given enough time to game a closed source product). Content based rules are very often easily beaten. If we could have a body rule that looks for this mail is good and assign a -20 score we would. Clearly that would not work. With the kindest of respect, I have to disagree with this. How the following text supports your disagreement I don't know. But I'll agree to disagree. If for argument sake five blocklists with no business {or other} relationship with Spamassassin flag an IP for spamming, then it's a good bet that they are correct and any perceived negativity is earned. How this impacts on Spamassassin is dependent on the scores set - which comes back to you and the developers - so the arguement not only has not legs, it has no arms either. Consider that blocklists are often universally trusted to be sat on the SMTP connection level ahead of Spamassassin, whereas the suggestion of doing that with Habeas as a whitelist would be pure comedy gold :-) Again, find me a commercial white list that wants to be included in SpamAssassin on a free for use basis and I'll pay for the phone call to talk to them. Seriously. I shake my head in utter disbelief at this comment, and I'm sure that Apache Sponsor Barracuda AKA 'emailreg.org' will have just pricked up their ears. So what if they do. We'll test it and judge it on stats (not random FPs or stories about friends who had a bad employment experience). If it works good it works good, if it doesn't we won't use it and they'll understand. I'm pretty sure I brought up the SA developers' *long* standing principle of being as safe as possible for the majority of users by erring on the side of missing spam rather than tagging ham while still putting out a useful product. It's a fair statement that in using an Antispam 'product' that blocks nothing and only assigns a score, the issue of having that score reduced in favour of a known commercial bulk mailer is undesirable. Just so I'm clear, are you equating all commercial bulk mail to spam? I would disagree if that is the case. You would likely disagree with me and then I would agree to disagree. The statistics may have some interest but can be applied to show there is little cause to keep the rule at all if you so wish to bend it the other way. I've already explained my rationale for keeping it. It's a small trade off to cover the unknown. Our ham corpus is not that large. The key is this: I would *never* have known what HABEAS was if I had not seen the name in low scoring spam and asked why. It does not look like I'm the first to ask either. You know, it's funny you mention it. I've found out about some blacklists, even ones now included in SpamAssassin, only because they caught one-to-one personal emails (that no-one could argue were commercial) of random people that I know (and who have inquired about the block). From the data we have from mass-checks we are erring a very small amount on the side of caution by not disabling the whitelists by default. It's a big fat favourable score to one organisation for 'erring a very small amount on the side of caution' don't you think? -4/-8 given the average 419 spam only scores 4-8 points. Again, we agree. We've changed it in the upcomming release and will surely backport it when we're done getting 3.3 out. It's been like this for years, I don't think we need to jump like crazy to change the 3.2 updates before we've even settled on a final score. Forgive me but are Return Path pulling someones strings here as Puppet Masters? I really wish they would. I sure could use the money. In 6 or so years of SA development I've netted me a total of... a $30 book (Thanks Dan!). If I were to sell that book I'd be a small way towards covering this month's costs for the sa-update mirrors I run out of my own pocket. If everything is open and transparent give the default user the option to *enable* them and score them zero, unless - of course - there is some kind of logical reason for these mad scoring spam assisting rules that favour Return Path in the default set up? I stand firm on my opinion that our principle of safe for most users is the logical reason for including DNSWLs. If you like you can transparently disable the DNSWLs. Daryl
Re: habeas - tainted white list
On fre 18 dec 2009 10:07:55 CET, Daryl C. W. O'Shea wrote If you like you can transparently disable the DNSWLs. or create a bug to have dnswl use trusted_networks from local.cf in spamassassin -- xpoint http://www.unicom.com/pw/reply-to-harmful.html pgpfoovQHfqN5.pgp Description: PGP digital signatur
Re: habeas - tainted white list
On Dec 18, 2009, at 1:32, Christian Brel brel.spamassassin091...@copperproductions.co.uk wrote: the issue of having that score reduced in favour of a known commercial bulk mailer is undesirable. The trouble is you seem to consider ALL commercial senders to be spammers. That's just not true.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 04:07:55 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: If everything is open and transparent give the default user the option to *enable* them and score them zero, unless - of course - there is some kind of logical reason for these mad scoring spam assisting rules that favour Return Path in the default set up? I stand firm on my opinion that our principle of safe for most users is the logical reason for including DNSWLs. Spamassassin is not something trivially installed like a piece of Microsoft junkware. In fact, it is nearly impossible to get it to do anything useful without reading lots of documents Daryl. Couple this with the fact it only *scores* mail - it does not block it - any mish mash of rules could be argued to be 'safe'. If it were deployed at the SMTP level where it was kicking out 55x's it may be a different story. So the 'safe' angle really has no legs. If you like you can transparently disable the DNSWLs. I found it much more useful to apply them as blocklists and give the a +4/+8 myself - but that's a personal choice. Thank you for your time Daryl. We don't agree - but I don't want to waste more of your personal time on this. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Dec 18, 2009, at 2:07, Daryl C. W. O'Shea spamassas...@dostech.ca wrote: I stand firm on my opinion that our principle of safe for most users is the logical reason for including DNSWLs. Just to be clear, despite my dislike of the HABEAS rules, I am not a tinfoil-hat nutter thinking there's some conspiracy. I even had quite good result with HABEAS way back when. My problems were purely a result of getting occasional waves of miss-classed spam getting through because of HABEAS. I might agree with some small portion of our resident troll's posts, but I am still a big fan of SA and an eagerly awaiting the release of 3.3.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 02:21:00 -0700 LuKreme krem...@kreme.com wrote: On Dec 18, 2009, at 1:32, Christian Brel brel.spamassassin091...@copperproductions.co.uk wrote: the issue of having that score reduced in favour of a known commercial bulk mailer is undesirable. The trouble is you seem to consider ALL commercial senders to be spammers. That's just not true. No, I don't. But I do consider many commercial emailers to abuse personal data for their own gain. To me it is spam if it does not directly relate to a transaction that I have instigated. If it's special offers, news or other marketing rubbish aimed at selling me something or telling me about new services - it's spam. We've moved on since the Tandy/Radio Shack days of data collected at the point of sale forever being used to abuse you forever more. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On fre 18 dec 2009 10:23:48 CET, Christian Brel wrote If you like you can transparently disable the DNSWLs. I found it much more useful to apply them as blocklists and give the a +4/+8 myself - but that's a personal choice. and No, hits=0.7 required=10.0 tests=SPF_SOFTFAIL is also a personal choice ? -- xpoint http://www.unicom.com/pw/reply-to-harmful.html pgpGhE5vLJfdh.pgp Description: PGP digital signatur
Re: habeas - tainted white list
On Fri, 18 Dec 2009 10:33:31 +0100 Benny Pedersen m...@junc.org wrote: On fre 18 dec 2009 10:23:48 CET, Christian Brel wrote If you like you can transparently disable the DNSWLs. I found it much more useful to apply them as blocklists and give the a +4/+8 myself - but that's a personal choice. and No, hits=0.7 required=10.0 tests=SPF_SOFTFAIL is also a personal choice ? For what I am doing, yes ;-) -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 02:29:56 -0700 LuKreme krem...@kreme.com wrote: I might agree with some small portion of our resident troll's posts, You need to resort to abuse for what particular reason? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: Cooperative data gathering project.
Henrik K wrote: Ok, while DNS would allow that, it would be a real waste of a protocol. Why would you want to make the sending party wait for a response that only adds delays and has no purpose? Simply send a UDP packet and be done with it. No TCP or DNS overhead. One or two lines of perl. DNS lookups are usually tried done with UDP first, but I agree, just use UDP. /Per Jessen, Zürich
Re: Sharing and merging bayes data?
Rajkumar S wrote on Fri, 18 Dec 2009 10:56:46 +0530: Is the file format of bayes db available some where? dbm, gdbm ... Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
ixHash / NixSpam downloadable lists
Hi, because of no external DNS resolution provided by my /provider/, i can not use network test in SA and am stuck with local test. :( I thought about work around a lot of time, but most network checks rely on DNS. I can only use HTTP(S) via proxy servers and SMTP via relay servers. So no rsync, too. The NixSpam project maintains downloadable lists for ixHash and NixSpam blacklist. http://www.ix.de/nixspam/nixspam.blackmatches http://www.heise.de/ix/nixspam/nixspam.cachematches The easiest way may be to generate local DNS zones for this, isn't it? Does anyone does this before and has a script? How does the resulting zone file look like? When I try to test with an entry from a today's list, i get no result: (http://www.kloth.net/services/nslookup.php) - DNS server handling your query: localhost DNS server's address: 127.0.0.1#53 Non-authoritative answer: *** Can't find 8c1897de6330c1cc6087ff36746299a9.ix.dnsbl.manitu.net: No answer Authoritative answers can be found from: ix.dnsbl.manitu.net origin = ix-dns01.dnsbl.manitu.net mail addr = please+remove.ixlab.de serial = 686076856 refresh = 10800 retry = 3600 expire = 604800 minimum = 60 - Thanks! Marc
Re: habeas - tainted white list
On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote: On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Daryl Then fix it and show who really is in charge of this project? It's been fixed. Don't you know how to use bugzilla? http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460r2=891459pathrev=891460 The new scores will come out in 3.3.0, RC1 is very soon... -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
Re: habeas - tainted white list
On Fri, 18 Dec 2009 06:49:41 -0600 Daniel J McDonald dan.mcdon...@austinenergy.com wrote: On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote: On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Daryl Then fix it and show who really is in charge of this project? It's been fixed. Don't you know how to use bugzilla? http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460r2=891459pathrev=891460 The new scores will come out in 3.3.0, RC1 is very soon... +score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0 +score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0 This is 'fixed'? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
dnswl.org does offer trusted_networks-formatted files (separated by our trust levels), but beware of bug 5931 for older versions of SA: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5931 -- Matthias Am 18.12.2009 um 10:17 schrieb Benny Pedersen: On fre 18 dec 2009 10:07:55 CET, Daryl C. W. O'Shea wrote If you like you can transparently disable the DNSWLs. or create a bug to have dnswl use trusted_networks from local.cf in spamassassin -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: habeas - tainted white list
Daryl C. W. O'Shea wrote: If we had more mass-check data from a wider number of mail recipients maybe it would change things, statistically, maybe it wouldn't. New mass-check contributors are always welcome. They take very little effort to manage once you've set it up (I ignore mine for years at a time). Is there a good howto for setting this up? /Per Jessen, Zürich
Re: OT Re: Museum piece...
On Fri, 18 Dec 2009, Gene Heskett wrote: I got to work for several months as a bench tech for an outfit building the first pair of the then smallest tv cameras in the world. Later I found out that one of those civies was Jacques Cousteau, 3 hours later had a contract to put those two cameras on the Trieste as soon as we could get the pressure cases built. Those were headed for the bottom of the Challenger Deep, 37,000+ feet in the big pond. Short story, we did, and they worked. And I think Gene wins. Bravo! That's a cool story. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: Sharing and merging bayes data?
On Fri, 18 Dec 2009 10:56:46 +0530 Rajkumar S rajkum...@asianetindia.com wrote: On Fri, Dec 18, 2009 at 9:29 AM, Matt Kettler mkettler...@verizon.net wrote: As you mentioned, you'd need a custom script (not wildly complicated for a good perl scripter, but beyond the bounds of someone with only crude scripting skills.) as well as historical copies of each database from the last merge. Is the file format of bayes db available some where? google did not turn up any thing. It would be great if some more information about how to go about merging the db can be posted. You can use sa-learn --backup to dump it to a text file, the format of that is pretty much self-explanatory. sa-learn --restore can load the merged file back into SA.
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 02:29:56 -0700 LuKreme krem...@kreme.com wrote: I might agree with some small portion of our resident troll's posts, You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: habeas - tainted white list
On Fri, 2009-12-18 at 12:53 +, Christian Brel wrote: On Fri, 18 Dec 2009 06:49:41 -0600 Daniel J McDonald dan.mcdon...@austinenergy.com wrote: On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote: On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Daryl Then fix it and show who really is in charge of this project? It's been fixed. Don't you know how to use bugzilla? http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460r2=891459pathrev=891460 The new scores will come out in 3.3.0, RC1 is very soon... +score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0 +score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0 This is 'fixed'? Have you read the bugzilla entry? huge discussion about how to fix it properly. You also ignored the five rules removed and replaced by these two. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
Re: habeas - tainted white list
On Fri, 18 Dec 2009 06:12:06 -0800 (PST) John Hardin jhar...@impsec.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 02:29:56 -0700 LuKreme krem...@kreme.com wrote: I might agree with some small portion of our resident troll's posts, You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. That is your choice of words - not mine. It is interesting that when reasonable questions about the motivation for a bizarre part of SA is brought up, others are entitled to abuse the person with that point of view - but he must not respond to that abuse or runs the risk of the mob ganging up. It seems that *some* can alter subject lines to abuse, send abusive off-list mail, openly abuse etc, whilst others just have to sit and take it. When they are not happy to do that they are accused of trolling. Strikes me as cyber-bulling, but I've no intention of rising to it - it's all rather boring. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: ixHash / NixSpam downloadable lists
Marc Patermann wrote on Fri, 18 Dec 2009 12:21:21 +0100: When I try to test with an entry from a today's list, i get no result: (http://www.kloth.net/services/nslookup.php) That's a flaw in that service. I get 127.0.0.2. Isn't the OFD able to provide spam-free mail? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: habeas - tainted white list
On Thu, 17 Dec 2009, Christian Brel wrote: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Wow. People are running down ReturnPath and they don't even have a clear idea of what RP *does*? How lame is that? Oh. Beg pardon. It's Christian. Now I know for sure that he's Richard. Same lame hyperbole and straw man BS. (yawn) - Charles
Re: ixHash / NixSpam downloadable lists
Marc Patermann wrote: The NixSpam project maintains downloadable lists for ixHash and NixSpam blacklist. http://www.ix.de/nixspam/nixspam.blackmatches http://www.heise.de/ix/nixspam/nixspam.cachematches The easiest way may be to generate local DNS zones for this, isn't it? Does anyone does this before and has a script? How does the resulting zone file look like? Look up rbldnsd instead. /Per Jessen, Zürich
Re: OT Re: Museum piece...
hc...@mail.ewind.com wrote: re: CP/M No S-100 bus systems mentioned yet? My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. I'm surprised nobody has mentioned the ZX80/1 yet. I've also got a Newbrain stashed away somewhere, manuals, circuit diagrams an' all. /Per Jessen, Zürich
Re: Whitelists in SA
On Thu, 17 Dec 2009, jdow wrote: It is a good thing this issue was raised. It led to appropriate mass check runs. I expect that will lead to saner scoring within the SA framework. If not and it bites me, THEN I'll raise the issue again. Does that seem fair? 50_scores.cf:score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0 50_scores.cf:score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3 50_scores.cf:score HABEAS_CHECKED 0 -0.2 0 -0.2 Still no changes through the sa-update channel. Is there a time delay in the masscheck results being applied? - Charles
Re: habeas - tainted white list
On Fri, 18 Dec 2009 06:19:25 -0800 (PST) John Hardin jhar...@impsec.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 06:49:41 -0600 Daniel J McDonald dan.mcdon...@austinenergy.com wrote: On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote: On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Then fix it and show who really is in charge of this project? It's been fixed. Don't you know how to use bugzilla? http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460r2=891459pathrev=891460 The new scores will come out in 3.3.0, RC1 is very soon... +score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0 +score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0 This is 'fixed'? In the absence of evidence to the contrary, yes. If it's that big a problem for you in real life, then you should be able to provide FNs to the masscheck corpora that will _prove_ these scores are too generous. We understand your philosophical objection. Providing hard evidence of FNs will go much further towards making your point than name calling will. The name calling being? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 09:53:37 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Thu, 17 Dec 2009, Christian Brel wrote: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Wow. People are running down ReturnPath and they don't even have a clear idea of what RP *does*? How lame is that? Oh. Beg pardon. It's Christian. Now I know for sure that he's Richard. Same lame hyperbole and straw man BS. (yawn) - Charles I did ask for clarification as to if they earned money for assisting in the delivery of bulk, commercial email. I've not seen a reply yet to help me clarify this. I've been open and transparent about it and asked on list. But your abusive rebuttal is noted. Perhaps you can explain tome what they do and how they make their money? I would prefer to hear it from someone authorised to speak for RP - but please feel free to post something constructive. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: OT Re: Museum piece...
Benny Pedersen wrote: On fre 18 dec 2009 15:57:18 CET, Per Jessen wrote I'm surprised nobody has mentioned the ZX80/1 yet. or even spectrum hacked to run cpm :) I've also got a Newbrain stashed away somewhere, manuals, circuit diagrams an' all. add it to ebay if you want to sell it, if i remember newbrain has 2 z80 cpu ? I think the basic model had just one, but there's also an IO controller and one box more - there's a lot of Zilog hardware involved. /Per Jessen, Zürich
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: Why not default them to zero and include in the release notes/man that there are whitelists and they can *enable* them? Go read the archives, troll. - C
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: But they should not have to disable a whitelist that assists with the delivery of bulk commercial mail in an anti-spam application! If the sender is relying on such rules to keep the mailout under the radar then clearly there is something very wrong with that? Go read the archives, troll. - C
Re: habeas - tainted white list
On Fri, 18 Dec 2009 10:26:28 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: But they should not have to disable a whitelist that assists with the delivery of bulk commercial mail in an anti-spam application! If the sender is relying on such rules to keep the mailout under the radar then clearly there is something very wrong with that? Go read the archives, troll. - C All of them or do you have something specific, troll? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: Whitelists in SA
On Fri, 18 Dec 2009, Charles Gregory wrote: On Thu, 17 Dec 2009, jdow wrote: It is a good thing this issue was raised. It led to appropriate mass check runs. I expect that will lead to saner scoring within the SA framework. If not and it bites me, THEN I'll raise the issue again. Does that seem fair? 50_scores.cf:score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0 50_scores.cf:score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3 50_scores.cf:score HABEAS_CHECKED 0 -0.2 0 -0.2 Still no changes through the sa-update channel. There won't be until after 3.3.0 ships. Then changes to 3.2.x (including a possible 3.2.6 release) will be considered. As far as I know rule promotion and rescoring are not automatic for 3.2.x, it's still a manual process. All of the focus right now is on getting 3.3.0 out. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: Cooperative data gathering project.
Marc Perkel wrote: spam 1.2.3.4 example.com ham 5.6.7.8 example2.com Sending these one line TCP messages if fairly easy. Why use TCP for this? Establishing a connection channel for simple short mesages where a return code is not required introduces pointless overhead. It'd be much simpler using UDP instead. Regards /Jonas -- Jonas Eckerman Fruktträdet Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/
Re: Cooperative data gathering project.
Jason Haar wrote: Then the third filed is NONE. That's how I do it. But the idea is that any kind of daya can be collectively gathered and distributed. Instead of a TCP channel (which means software), what about using DNS? If the SA clients did RBL lookups that contained the details as part of the query, With any sane SpamAssassin setup for multiple users this wouldn't work. Any SA install except for very small mail flows should use a caching DNS server/proxy, preferably one that caches negative results. It's also a good idea if the caching server used for DNSL checks enforces a minimum TTL. This results in repeated queries not making it to the origin servers. Even if the origin server uses ridicilously low TTLs. The distributed caching nature of DNS is a reason why DNSLs are so efficient, but also one reason why DNS isn't suitable for everything. Regards /Jonas -- Jonas Eckerman Fruktträdet Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/
Re: Cooperative data gathering project.
Per Jessen wrote: DNS lookups are usually tried done with UDP first, Sure, DNS usually uses UDP, but the DNS resolver also waits for an answer, wich is simply a waste of time when the sender doesn't need the answer. Add to this that resolving one address may result in multiple queries and that a DNS answer often containes more that the queried info and you get more overhead. but I agree, just use UDP. Absolutely. Imo, the approach suggested by Marc is a text-book example of when to use UDP. (And if more security is needed the easiest way would be to simple limit access to approved IP addresses.) Regards /Jonas -- Jonas Eckerman Fruktträdet Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 06:19:25 -0800 (PST) John Hardin jhar...@impsec.org wrote: We understand your philosophical objection. Providing hard evidence of FNs will go much further towards making your point than name calling will. The name calling being? Alright, let me amend that: Providing hard evidence of FNs will go much further towards making your point - and getting the rules fixed in a useful manner - than will repeated accusations that the SA devs are taking bribes to weaken SA. And phrasing it as a question doesn't make it any less of an accusation, given it keeps being repeated after reasonable explanations have been provided. At the moment there's insufficient _hard data_ to support the contention that the reputation whitelists are assisting FNs to a great degree. The data from masscheck suggests the impact of the reputation whitelists is neutral to very slightly positive (in terms of reducing FPs). If you feel this isn't justified, if you're seeing a lot of FNs that can be laid at the feet of a reputation whitelist rule, then please feed that hard data into the masscheck corpora so that the scoring process can take it into account. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: On he subject of Spammy whitelists... * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? I see these from time to time. This is what gave rise to my intial inquiry about the frequency with which whitelited servers are hacked. Ideally, the whitelist should have a mechanism for temporarily suspending IP's that have been hacked. Perhaps running a check of their list against internet blacklists would help? If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP - C
Re: habeas - tainted white list
Charles Gregory wrote: On Fri, 18 Dec 2009, Christian Brel wrote: On he subject of Spammy whitelists... * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? I see these from time to time. This is what gave rise to my intial inquiry about the frequency with which whitelited servers are hacked. Ideally, the whitelist should have a mechanism for temporarily suspending IP's that have been hacked. Perhaps running a check of their list against internet blacklists would help? If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists.
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. That is your choice of words - not mine. It is interesting that when reasonable questions about the motivation for a bizarre part of SA is brought up, others are entitled to abuse the person with that point of view - but he must not respond to that abuse or runs the risk of the mob ganging up. Now where have I heard this before...? Sounds so familiar. Ah! Right! Got it. My (then) 5 and 6 year old children arguing over who started it. - C PS. You did. No one calls you 'troll' until you act like one.
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: On Thu, 17 Dec 2009, Christian Brel wrote: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Wow. People are running down ReturnPath and they don't even have a clear idea of what RP *does*? How lame is that? I did ask for clarification as to if they earned money for assisting in the delivery of bulk, commercial email. I've not seen a reply yet to help me clarify this. Read the archives, troll. Perhaps you can explain tome what they do and how they make their money? I would prefer to hear it from someone authorised to speak for RP - but please feel free to post something constructive. Get it right from Return Path themselves: http://www.returnpath.net/ - C
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: OT Re: Museum piece...
On Friday 18 December 2009, jdow wrote: From: Gene Heskett gene.hesk...@verizon.net Sent: Thursday, 2009/December/17 21:21 [...] Now, if you want to get me rolling about an incompetent computer company just mention GRiD and their Compass not really a laptop computer. Even the bugs were themselves buggy. (We had to own 6 of them to keep 5 running most of the time. The displays went out regularly. And the OS would lock up at peculiar times just because it felt like it when trying to talk to an HPIB device. (It had built in HPIB to talk to its disk drive etc.) Wikipiddle accuses it of being a laptop. All I can do is snicker about that assertion. Then they continue the phrase to call it a computer. Admittedly it was, on brief occasions, a computer. But it spent too much time emulating a doorstop to be worthy of its price. {^_^} ROTFL, thanks Joanne. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp There is something in the pang of change More than the heart can bear, Unhappiness remembering happiness. -- Euripides
rule test repo updates?
is this older link still working and keeping realtime track of updates? http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/ specifically this link http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/ since i have been watching these devels thanks - rh
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: Go read the archives, troll. All of them or do you have something specific, troll? Fine, fine, pedant. Go SEARCH the archives, troll. :) - C
Re: OT Re: Museum piece...
On Friday 18 December 2009, John Hardin wrote: On Fri, 18 Dec 2009, Gene Heskett wrote: I got to work for several months as a bench tech for an outfit building the first pair of the then smallest tv cameras in the world. Later I found out that one of those civies was Jacques Cousteau, 3 hours later had a contract to put those two cameras on the Trieste as soon as we could get the pressure cases built. Those were headed for the bottom of the Challenger Deep, 37,000+ feet in the big pond. Short story, we did, and they worked. And I think Gene wins. Bravo! That's a cool story. Thanks John. I have in my 75 years of history, several examples of being in the right place, at the right time, due purely by serendipity. But I think we have wasted enough of this lists tolerance for off-topic posts by now. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Who is John Galt?
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Jason Bertoch wrote: Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. Hm. I *like* that one! - C
Re: OT Re: Museum piece...
On Friday 18 December 2009, Per Jessen wrote: hc...@mail.ewind.com wrote: re: CP/M No S-100 bus systems mentioned yet? My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. I'm surprised nobody has mentioned the ZX80/1 yet. I've also got a Newbrain stashed away somewhere, manuals, circuit diagrams an' all. That's because the z-80 was only slightly less dain bramaged than the 6502. /Per Jessen, Zürich -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp A day without sunshine is like a day without orange juice.
Re: OT Re: Museum piece...
R-Elists wrote: as far as museum pieces go, i submit that my first was an Apple 2E if i remember correctly.. BRUN BEERRUN was an interesting game, or something to that effect... ;-) ...and (snore) i also programmed a helicopter to fly across the top and drop a bomb on a space invader and go boom... wow huh? My first computer was an Apple II+. Black case made by Bell Howell. It had a cassette drive and connected to the TV for video. It had a couple of paddle controllers that we used to play Breakout and Pong. I have no idea how much (little) memory it had. I think we eventually added a 5.25 floppy to it. I remember typing in games in Basic from a couple of books full of Basic games. -- Bowie
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 12:18:46 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: Go read the archives, troll. All of them or do you have something specific, troll? Fine, fine, pedant. Go SEARCH the archives, troll. :) - C Perhaps I can help you understand why the question was asked on list. Yesterday, J D Falk of Return Path said; Return Path is not an ESP by any of the common definitions. http://en.wikipedia.org/wiki/ESP (No wonder you're confused.) To which I asked J D Falk: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Which is perfectly fair, direct and reasonable. There is a like for like sarcastic ending, just as J D Provided. Now, I've not seen J D follow up to that, unless you have elected yourself to his spokesperson and qualified to answer for him? The alternative would be you are just spoiling for an argument and fit the 'troll' definition rather well: a troll is someone who posts ...with the primary intent of provoking But please, carry on - it suits you. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 12:03:38 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. That is your choice of words - not mine. It is interesting that when reasonable questions about the motivation for a bizarre part of SA is brought up, others are entitled to abuse the person with that point of view - but he must not respond to that abuse or runs the risk of the mob ganging up. Now where have I heard this before...? Sounds so familiar. Ah! Right! Got it. My (then) 5 and 6 year old children arguing over who started it. - C PS. You did. No one calls you 'troll' until you act like one. And this pointless post you have just made is ?not? trolling to provoke a reaction? I apologise if at some point in the past I've hurt your feelings or made you look small. Sincerely. There comes a time when you need to deal with that and move on. We are all grown up now and not - like you say - '5 6 year old children'. Please feel free to act like an adult and end the personal attacks, or, act like a troll. It's your reputation ;-) BTW: Return Path: Today we are the world’s leading email deliverability services company and our clients include Fortune 500 firms do you think this is a commercial enterprise or a charity? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: Go SEARCH the archives, troll. :) Perhaps I can help you understand why the question was asked on list. It's obvious as to why. You failed to read previous postings that answered the question the first time(s) you (or someone else) asked it Return Path is not an ESP by any of the common definitions. http://en.wikipedia.org/wiki/ESP (No wonder you're confused.) To which I asked J D Falk: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Now, I've not seen J D follow up to that, unless you have elected yourself to his spokesperson and qualified to answer for him? Hint: No wonder you're confused refers to your question or am I confused? So you have *quoted* his follow up and pretended that it was *before* your useless, repeated question. And then you claim that you have 'not seen' the follow up you quote? ROFLMAO! I ammend my request one more time: Go SEARCH the archive IN CHRONOLOGICAL ORDER, troll. - C
Re: OT Re: Museum piece...
Gene Heskett wrote: On Friday 18 December 2009, Per Jessen wrote: hc...@mail.ewind.com wrote: re: CP/M No S-100 bus systems mentioned yet? My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. I'm surprised nobody has mentioned the ZX80/1 yet. I've also got a Newbrain stashed away somewhere, manuals, circuit diagrams an' all. That's because the z-80 was only slightly less dain bramaged than the 6502. Completely agree, but the ZX80/1 made computers very, very affordable. I was 15 when I managed to convince my parents that I desperately needed one of those. Back in 1981, I think it was about DKK1500, I'm not sure. It was a hell of a jump from the RC7000 with teletype and 32k core memory we had at school. /Per Jessen, Zürich
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 13:00:05 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: Go SEARCH the archives, troll. :) Perhaps I can help you understand why the question was asked on list. It's obvious as to why. You failed to read previous postings that answered the question the first time(s) you (or someone else) asked it Return Path is not an ESP by any of the common definitions. http://en.wikipedia.org/wiki/ESP (No wonder you're confused.) To which I asked J D Falk: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Now, I've not seen J D follow up to that, unless you have elected yourself to his spokesperson and qualified to answer for him? Hint: No wonder you're confused refers to your question or am I confused? So you have *quoted* his follow up and pretended that it was *before* your useless, repeated question. And then you claim that you have 'not seen' the follow up you quote? ROFLMAO! I ammend my request one more time: Go SEARCH the archive IN CHRONOLOGICAL ORDER, troll. - C Charles, you *are* speaking for J D Falk with his Auspices? No? Then you are trolling - keep going. I love it when you are angry ;-) -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: OT Re: Museum piece...
On Fri 18 Dec 2009 07:09:03 PM CET, Per Jessen wrote Completely agree, but the ZX80/1 made computers very, very affordable. I was 15 when I managed to convince my parents that I desperately needed one of those. Back in 1981, zx80 was 1980 imho, and had just 1k ram, and 8k rom, fully expandeble to a cpm system that is can run rc7000 software :) I think it was about DKK1500, I'm not sure. i still have danish books with that prise from that time It was a hell of a jump from the RC7000 with teletype and 32k core memory we had at school. i remember comet in multiuser setup with shared floppy disks, and printers or plotters, even some of them with some lego or fisher teknic electronik learning kits :) -- xpoint http://www.unicom.com/pw/reply-to-harmful.html pgpad0maaBCSX.pgp Description: PGP Digital Signature
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: There comes a time when you need to deal with that and move on. We are all grown up now and not - like you say - '5 6 year old children'. Good. Then stop talking like them. Please feel free to act like an adult and end the personal attacks, or, act like a troll. It's your reputation ;-) The man who got banned and had to fake a new user name is lecturing me on reputation? ROFLMAOUIPMP Return Path: Today we are the world’s leading email deliverability services company and our clients include Fortune 500 firms There. You now have the answer to your question. So stop asking it. (Finally) do you think this is a commercial enterprise or a charity? Do I think you will ever ask any questions not already answered or obvious from the website? - C
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: Charles, you *are* speaking for J D Falk with his Auspices? Hey, J D! Please post and give me your auspices. I'd love to see what this Troll posts if you say 'sure'. :) - C
Re: habeas - tainted white list
On Dec 18, 2009, at 7:12, John Hardin jhar...@impsec.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 02:29:56 -0700 LuKreme krem...@kreme.com wrote: I might agree with some small portion of our resident troll's posts, You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. I dunno. I don't consider Troll to be abusive. Descriptive, perhaps. Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r That is truly brilliant. Not familiar with a.s.r though. Peter da Silva sounds familiar though.
Re: Whitelists in SA
On Dec 18, 2009, at 7:56, Charles Gregory cgreg...@hwcn.org wrote: Still no changes through the sa-update channel. Is there a time delay in the masscheck results being applied? It's already been stayed no changes to 3.2.5 will be made until 3.3 is done, hasn't it?
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 13:21:00 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: There comes a time when you need to deal with that and move on. We are all grown up now and not - like you say - '5 6 year old children'. Good. Then stop talking like them. Perhaps you need to stop *acting* like them ;-) Please feel free to act like an adult and end the personal attacks, or, act like a troll. It's your reputation ;-) The man who got banned and had to fake a new user name is lecturing me on reputation? ROFLMAOUIPMP So two wrongs would make a right. I see. Yep, I'm laughing too :-) Return Path: Today we are the world’s leading email deliverability services company and our clients include Fortune 500 firms There. You now have the answer to your question. So stop asking it. (Finally) I don't thing anyone was ever under the impression they were a charity doing it for love. But that would be an assumption. After all, those HABEAS 'oil can' rules are in Spamassassin for love and not money do you think this is a commercial enterprise or a charity? Do I think you will ever ask any questions not already answered or obvious from the website? - C I apologise, that was rude of me. I was told *not* to assume something even if it was obvious. So it's clear for the Archives; Return Path is a commercial operation that makes money. Return Path mail is eased through Spamassassin with negative scoring rules. Asking if any money changed hands for this position of privilege provokes hostility. Despite these rules benefiting the commercial interests of Return Path, and not necessarily the users - and despite there being no fiscal reward for Apache/Spamassassin - this state of affairs will remain. Yep, I'm clear on that. Most of this has been addressed by Daryl in grown up talk whilst you were tucked up in your bed. I would like to take this opportunity to thank you Charles, you've really made me laugh this afternoon and I love you. X X X. You've been really helpful and I'm glad you've become my friend :-) Have a Merry Christmas. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 13:29:40 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: Charles, you *are* speaking for J D Falk with his Auspices? Hey, J D! Please post and give me your auspices. I'd love to see what this Troll posts if you say 'sure'. :) - C I was just under the impression that J D - who I actually rather respect for the difficult balance he has to strike, was in the job of reputation management and is a consummate professional, so I'm not entirely sure he would put his reputation into your hands - but he may as he has a wicked sense of humour. But to put you out of your misery I would say; Thank you J.D. Thank you Charles. Anything else I can help you with Charles, or are you done? Merry Christmas -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
RE: habeas - tainted white list
or create a bug to have dnswl use trusted_networks from local.cf in spamassassin Benny can you help me / us better understand what you are getting at here and why? something you already do or implement? i wish i knew a better way to ask the question(s) so that you could better help us understand your thinking tia - rh
Re: OT Re: Museum piece...
Benny Pedersen wrote: On Fri 18 Dec 2009 07:09:03 PM CET, Per Jessen wrote Completely agree, but the ZX80/1 made computers very, very affordable. I was 15 when I managed to convince my parents that I desperately needed one of those. Back in 1981, zx80 was 1980 imho, and had just 1k ram, and 8k rom, fully expandeble to a cpm system that is can run rc7000 software :) Yeah, I started on the ZX81 - still have one with its 64K RAM expansion. I think it was about DKK1500, I'm not sure. i still have danish books with that prise from that time It was a hell of a jump from the RC7000 with teletype and 32k core memory we had at school. i remember comet in multiuser setup with shared floppy disks, and printers or plotters, even some of them with some lego or fisher teknic electronik learning kits :) The gymnasium I went to (Langkaer) was built in the mid-70s, and had a computer room - top notch. Except nobody used it - when I started there in 1979, a couple of us got the keys to the room. An RC7000 with bootstrap switches, a teletype with papertype and -punch, 3 x 80x25 terminals, 2 x 8 floppy drives - heaven! Until the ZX81 came along. I think the next thing I got was the Newbrain, then an IBM PC, then IBM mainframes around 1986. /Per Jessen, Zürich
RE: habeas - tainted white list
In the absence of evidence to the contrary, yes. If it's that big a problem for you in real life, then you should be able to provide FNs to the masscheck corpora that will _prove_ these scores are too generous. We understand your philosophical objection. Providing hard evidence of FNs will go much further towards making your point than name calling will. -- John Hardin John, great!!! here is a chance for possible help in more areas than just this specific ruleset issue... i asked Rob some time ago if he could write a script that would check logs and report if a certain rule was effective or not by itself vrs if other rules hit with it and maybe that rule was not needed or could be lowered etc etc and if other rules hit with it, then we would see how effective that rule was and why and when etc etc i am guessing that you folks already have these tools or similar tools or help? although i could probably come up with general logic flow and an algo for this, i would not be able to hard codify and implement at this time... yeah yeah, i know and im still working with PERL for dummies and will get past the intro some time soon - rh
Re: habeas - tainted white list
John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? /Jason
Re: habeas - tainted white list
From: Daryl C. W. O'Shea spamassas...@dostech.ca Sent: Friday, 2009/December/18 01:07 On 18/12/2009 3:32 AM, Christian Brel wrote: On Fri, 18 Dec 2009 02:24:45 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: ... From the data we have from mass-checks we are erring a very small amount on the side of caution by not disabling the whitelists by default. It's a big fat favourable score to one organisation for 'erring a very small amount on the side of caution' don't you think? -4/-8 given the average 419 spam only scores 4-8 points. Again, we agree. We've changed it in the upcomming release and will surely backport it when we're done getting 3.3 out. It's been like this for years, I don't think we need to jump like crazy to change the 3.2 updates before we've even settled on a final score. I suppose it's not a whole lot of bother to change the 3.2 scores. But, people who feel they have been bitten with a HABEAS score have probably already overridden them. If everything is open and transparent give the default user the option to *enable* them and score them zero, unless - of course - there is some kind of logical reason for these mad scoring spam assisting rules that favour Return Path in the default set up? I stand firm on my opinion that our principle of safe for most users is the logical reason for including DNSWLs. Indeed, HE is not the boss. If you like you can transparently disable the DNSWLs. Is he smart enough to do so? {^_^}
Re: rule test repo updates?
On Fri, 18 Dec 2009, R-Elists wrote: is this older link still working and keeping realtime track of updates? http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/ Yeah, those links are valid. I just haven't committed anything in a while. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: habeas - tainted white list
From: John Hardin jhar...@impsec.org Sent: Friday, 2009/December/18 06:12 On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 02:29:56 -0700 LuKreme krem...@kreme.com wrote: I might agree with some small portion of our resident troll's posts, You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. He customizes one element of his installation to quite thoroughly pass a lot of spam settings. Then he whines when something HE calls spam gets through. He expects Return Path and emailreg.org to read his mind. And he refuses to make the simple corrections at his end that would solve it for him and leave the rest of the world properly protected. (He is NOT properly protected with his score configuration.) Just off hand I think this describes his bona fides to utterly ignore. I wonder if a variant build of Spam Assassin could tag messages coming through the list with an X-ChristianBrel header. On the Wiki it'd be explained as Meaningless noise from a fugghead. (That's a willfully self-destructive person.) Of course, /dev/null works. At least I don't see HIS messages. And I could simply /dev/null the topic. Morbid curiosity keeps me watching the thread. {^_^}
Re: Whitelists in SA
From: Charles Gregory cgreg...@hwcn.org Sent: Friday, 2009/December/18 06:56 On Thu, 17 Dec 2009, jdow wrote: It is a good thing this issue was raised. It led to appropriate mass check runs. I expect that will lead to saner scoring within the SA framework. If not and it bites me, THEN I'll raise the issue again. Does that seem fair? 50_scores.cf:score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0 50_scores.cf:score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3 50_scores.cf:score HABEAS_CHECKED 0 -0.2 0 -0.2 Still no changes through the sa-update channel. Is there a time delay in the masscheck results being applied? - Charles Yes, there is, Mr. Gregory. It exists between your monitor and your keyboard. {^_^}
RE: habeas - tainted white list
On Fri 18 Dec 2009 07:42:55 PM CET, R-Elists wrote or create a bug to have dnswl use trusted_networks from local.cf in spamassassin can you help me / us better understand what you are getting at here and why? example: trusted_networks 127.128.0.0/16 and then if 127.128.128.128 is listed in dnswl, make a rbl test that use firsttrusted to match it is remote listed in dnswl also, that means you agree its a whitelist ip, so if dnswl make some ip whitelisted, and its not in local.cf as trusted_networks it would not help you :) something you already do or implement? i currently not have the need to do it, but it is supported imho i wish i knew a better way to ask the question(s) so that you could better help us understand your thinking i could tell more about cpm, not funny ? :) nope, its just the OT thread i am inspired of, why none of them use perldoc more then fighting here about something that its easely fixed in local.cf -- xpoint http://www.unicom.com/pw/reply-to-harmful.html pgpoySiwwDGyZ.pgp Description: PGP Digital Signature
Re: OT Re: Museum piece...
From: Gene Heskett gene.hesk...@verizon.net Sent: Friday, 2009/December/18 09:25 On Friday 18 December 2009, Per Jessen wrote: hc...@mail.ewind.com wrote: re: CP/M No S-100 bus systems mentioned yet? My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. I'm surprised nobody has mentioned the ZX80/1 yet. I've also got a Newbrain stashed away somewhere, manuals, circuit diagrams an' all. That's because the z-80 was only slightly less dain bramaged than the 6502. /Per Jessen, Zürich Actually the 6502 was a handy little chip once prices dropped. On one project we replaced a host of other chips with 6502s. They, plus a few extra components, make nice glass TTYs. You can also use one as a very flexible timer. It seems the guys in charge of the project went a little overboard on the 6502s. But it did work, was reliable, and did the job. For a 2-off design that's all you need. You'll also find that the Z-80 design powers amazing amounts of gadgets in theaters and theme parks. (Several Z-80s were on set and in use for the animations in, for example, Team America, Harry Potter (I knew the Mandrake root's lines from LONG before it hit theaters. sigh), Total Recall, Chucky, and many others. (Gilderfluke makes some nice gadgets based on modern Z-80ish CPUs.) {^_-}
Re: habeas - tainted white list
From: John Hardin jhar...@impsec.org Sent: Friday, 2009/December/18 08:07 On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 06:19:25 -0800 (PST) John Hardin jhar...@impsec.org wrote: We understand your philosophical objection. Providing hard evidence of FNs will go much further towards making your point than name calling will. The name calling being? Alright, let me amend that: Providing hard evidence of FNs will go much further towards making your point - and getting the rules fixed in a useful manner - than will repeated accusations that the SA devs are taking bribes to weaken SA. And phrasing it as a question doesn't make it any less of an accusation, given it keeps being repeated after reasonable explanations have been provided. At the moment there's insufficient _hard data_ to support the contention that the reputation whitelists are assisting FNs to a great degree. The data from masscheck suggests the impact of the reputation whitelists is neutral to very slightly positive (in terms of reducing FPs). If you feel this isn't justified, if you're seeing a lot of FNs that can be laid at the feet of a reputation whitelist rule, then please feed that hard data into the masscheck corpora so that the scoring process can take it into account. John, he is a teleological thinker. Epistemological arguments do not mean a thing to him. Reality is consensual to him. He thinks he can bend reality to his will and all spam will go away because he forced somebody else to cripple a product. Forget it, teleological thinkers are impervious to logic. Ignore the twit. {^_^}
Re: [sa] Re: habeas - tainted white list
From: Charles Gregory cgreg...@hwcn.org Sent: Friday, 2009/December/18 09:18 On Fri, 18 Dec 2009, Christian Brel wrote: Go read the archives, troll. All of them or do you have something specific, troll? Fine, fine, pedant. Go SEARCH the archives, troll. :) OK, (Problem Exists Between Monitor And Keyboard) Christian. {^_-}
Re: [sa] Re: habeas - tainted white list
From: Charles Gregory cgreg...@hwcn.org Sent: Friday, 2009/December/18 09:21 On Fri, 18 Dec 2009, Jason Bertoch wrote: Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. Hm. I *like* that one! - C Then try it and report back to us if it works, how it works, and on what basis you claim it works. {^_^}
Re: habeas - tainted white list
R-Elists wrote: here is a chance for possible help in more areas than just this specific ruleset issue... i asked Rob some time ago if he could write a script that would check logs and report if a certain rule was effective or not by itself vrs if other rules hit with it and maybe that rule was not needed or could be lowered etc etc and if other rules hit with it, then we would see how effective that rule was and why and when etc etc i am guessing that you folks already have these tools or similar tools or help? This is still on my to do list, but duties with invaluement.com only keep growing, so it is hard to prioritize this. But I find it hard to believe that this doesn't already exist. All that is needed is a plug-in that would copy to a specified directory all messages which hit on X rule (and/or dnsbl). The plug-in would be able to (optionally) only take action if the message scored either at or above threshold or below threshold. Then, whenever testing a new rule/dnsbl, simply score it at 0.01, point the plugin at that rule or dnsbl, and have it only act on messages which scored below threshold. This would be extremely valuable for determining the following about a new rule or DNSBL: (1) How much spam the rule would have blocked if being used aggressively (but was missed with the 0.01 score) and, therefore, made it to the inbox during the testing phase because nothing else in production had stopped it? (2) How many legit messages would have been blocked with the use of this rule or DNSBL? (FPs) Of course, BOTH of those examples would consist of messages which scored below threshold even while hitting on that new rule (given its 0.01 score). So it would be up to the e-mail administrator to then examine the messages and judge for themselves whether these were FPs, or would-have-missed-without-the-new-rule spams (aka corrected FNs). If anyone ever develops such a plugin before I have time to, PLEASE let me know! -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 11:40:40 -0800 jdow j...@earthlink.net wrote: From: Charles Gregory cgreg...@hwcn.org Sent: Friday, 2009/December/18 09:18 On Fri, 18 Dec 2009, Christian Brel wrote: Go read the archives, troll. All of them or do you have something specific, troll? Fine, fine, pedant. Go SEARCH the archives, troll. :) OK, (Problem Exists Between Monitor And Keyboard) Christian. {^_-} Said the woman who is having layer 8 issues with the /dev/null killfile LOL. You have a real lot to say about what *I* think - do you do any thinking of your own or just spit out the dummy at other people point of view. How very sweet :-) Merry Christmas. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Jason Bertoch wrote: John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? The latter. I can do that tonight or tomorrow. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: Cooperative data gathering project.
On 12/19/2009 04:51 AM, Jonas Eckerman wrote: (And if more security is needed the easiest way would be to simple limit access to approved IP addresses.) Except that a token would enable one owner with multiple SA instances on separate networks to come across as one entity - that could be desirable too. It all depends on what you are trying to achieve of course. Also UDP means forgery is a bigger risk - so IP-based checks are less reliable. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: Cooperative data gathering project.
On Sat, 19 Dec 2009, Jason Haar wrote: On 12/19/2009 04:51 AM, Jonas Eckerman wrote: (And if more security is needed the easiest way would be to simple limit access to approved IP addresses.) Except that a token would enable one owner with multiple SA instances on separate networks to come across as one entity - that could be desirable too. It all depends on what you are trying to achieve of course. Also UDP means forgery is a bigger risk - so IP-based checks are less reliable. Right. You'd need to include an id/auth token in the UDP packet. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: [sa] Re: Whitelists in SA
On Fri, 18 Dec 2009, LuKreme wrote: It's already been stayed no changes to 3.2.5 will be made until 3.3 is done, hasn't it? Well, at this point, I respectfully bow, and take a step back, so as not to sound too demanding of our great volunteers (smile), but I believe in another of my posts I put forward the idea that design, testnig and implementation of rules should be a bit more 'frequent', drawing upon the model of ClamAV, with signatures being frequently released, even while the next major 'engine' update is in the works. I recognize, from the existence of such sites as 'rules du jour' that it has long been a practice for SA to release 'core' rule updates very infrequently. But with respect, I question whether that is still a good practice, particularly when an 'issue' raises concern over a particular set of scores, and it would *appear* that these updates require relatively little effort. So, to put it bluntly, I don't see how a couple of rules changes are worthy of being 'held back' by the entire push to SA 3.3. I would think that a few quick adjustments, and presumably a 'masscheck' would suffice, and new/revised rules could be released at least on a monthly basis without any serious concern for compromising the overall score balance that is the critical goal of SA updates? Or am I grossly mis-estimating the work-load? :) - C
Re: OT Re: Museum piece...
On Friday 18 December 2009, jdow wrote: From: Gene Heskett gene.hesk...@verizon.net Sent: Friday, 2009/December/18 09:25 On Friday 18 December 2009, Per Jessen wrote: hc...@mail.ewind.com wrote: re: CP/M No S-100 bus systems mentioned yet? My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. I'm surprised nobody has mentioned the ZX80/1 yet. I've also got a Newbrain stashed away somewhere, manuals, circuit diagrams an' all. That's because the z-80 was only slightly less dain bramaged than the 6502. /Per Jessen, Zürich Actually the 6502 was a handy little chip once prices dropped. On one project we replaced a host of other chips with 6502s. They, plus a few extra components, make nice glass TTYs. You can also use one as a very flexible timer. It seems the guys in charge of the project went a little overboard on the 6502s. But it did work, was reliable, and did the job. For a 2-off design that's all you need. True, for one or two-offs maybe. But it was short one very valuable addressing mode, and needed about 2 more , maybe 3, more 16 bit wide pointer registers before it could be said to compete with a 6809. Then when the Hitachi 6309's secrets were discovered, those of us with 6809 code in our dreams were ecstatic. Moto was too proud of the 6809, so it didn't get the design wins it should have. You'll also find that the Z-80 design powers amazing amounts of gadgets in theaters and theme parks. (Several Z-80s were on set and in use for the animations in, for example, Team America, Harry Potter (I knew the Mandrake root's lines from LONG before it hit theaters. sigh), Total Recall, Chucky, and many others. (Gilderfluke makes some nice gadgets based on modern Z-80ish CPUs.) I take that newer shrinks of the z-80 have fixed the ignore the $EB command (switch foreground/background registers) the earlier ones ignored about 10 to 20% of the time? Zilog told me to go pound sand when I called complaining about that bug in both of the chips I had at the time, Early 1982 IIRC. I never touched the chip again, but the one in a timex 1000 I bought the kids later either didn't suffer, or somehow managed to program around it. {^_-} -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Men take only their needs into consideration -- never their abilities. -- Napoleon Bonaparte
Re: habeas - tainted white list
On Fri, Dec 18, 2009 at 19:04, Jason Bertoch ja...@i6ix.com wrote: John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? it can be measured by finding the WL rule's page on ruleqa.spamassassin.org, then examining the OVERLAP section for overlaps with BL rules. -- --j.
Re: [sa] Re: Whitelists in SA
On Fri, 18 Dec 2009, Charles Gregory wrote: I recognize, from the existence of such sites as 'rules du jour' that it has long been a practice for SA to release 'core' rule updates very infrequently. But with respect, I question whether that is still a good practice, particularly when an 'issue' raises concern over a particular set of scores, and it would *appear* that these updates require relatively little effort. We hope to get rule scoring and publication much more automated - i.e., if a rule in the sandbox works well based on the automated masschecks, it would be automatically scored and published via sa-update. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, jdow wrote: I suppose it's not a whole lot of bother to change the 3.2 scores. But, people who feel they have been bitten with a HABEAS score have probably already overridden them. Again, I make a note that my concern is for the thousands who install a 'pre-canned' Spamassassin install, with a wrapper to handle what happens to the messages, etc, etc. If you feel a slight chill at the notion of people operating mail servers with so little knowledge, I'm right there with you, but I *was* one of these people a few years ago. Stumbling and learning. Trial by fire. Fun way to learn. :) So the more that can be 'standardized' without jeopardizing flexibility, the better things can be :) If you like you can transparently disable the DNSWLs. Is he smart enough to do so? With out regard for who 'he' is, it is certain that *someone* out there is not that 'smart', and follows the 'recommendations' provided by their hosting provider for a 'standard' mail server setup. They will just want it to 'work' without any maintenance at all. And just to beat out the next inevitable argument, no, these people are not 'lazy'. They just literally don't know what they are doing. If someone doesn't pre-build the system properly, they end up running open relays. Yes, THOSE people. :( - C
Re: [sa] Re: Whitelists in SA
On Fri, 18 Dec 2009, jdow wrote: On Thu, 17 Dec 2009, jdow wrote: Still no changes through the sa-update channel. Is there a time delay in the masscheck results being applied? Yes, there is, Mr. Gregory. It exists between your monitor and your keyboard. There is a one inch gap between those two. Perhaps you meant CHAIR and keyboard? ;) - C
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, John Hardin wrote: Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? The latter. I can do that tonight or tomorrow. Thanks John. As always I am stifled by being unable to generate a decent ham corpus (privacy regs). So my thanks for being able to test out these wild ideas. Hope this ones works! :) - C
Re: [sa] Re: Whitelists in SA
On Fri, 18 Dec 2009, John Hardin wrote: We hope to get rule scoring and publication much more automated - i.e., if a rule in the sandbox works well based on the automated masschecks, it would be automatically scored and published via sa-update. Music to my ears. I will wait (semi-)patiently. Thanks. - C
Re: [sa] Re: habeas - tainted white list
From: Charles Gregory cgreg...@hwcn.org Sent: Friday, 2009/December/18 13:46 On Fri, 18 Dec 2009, jdow wrote: I suppose it's not a whole lot of bother to change the 3.2 scores. But, people who feel they have been bitten with a HABEAS score have probably already overridden them. Again, I make a note that my concern is for the thousands who install a 'pre-canned' Spamassassin install, with a wrapper to handle what happens to the messages, etc, etc. If you feel a slight chill at the notion of people operating mail servers with so little knowledge, I'm right there with you, but I *was* one of these people a few years ago. Stumbling and learning. Trial by fire. Fun way to learn. :) So the more that can be 'standardized' without jeopardizing flexibility, the better things can be :) If you like you can transparently disable the DNSWLs. Is he smart enough to do so? With out regard for who 'he' is, it is certain that *someone* out there is not that 'smart', and follows the 'recommendations' provided by their hosting provider for a 'standard' mail server setup. They will just want it to 'work' without any maintenance at all. And just to beat out the next inevitable argument, no, these people are not 'lazy'. They just literally don't know what they are doing. If someone doesn't pre-build the system properly, they end up running open relays. Yes, THOSE people. :( Once 3.3 is out the problem is solved if they have a distro that reviews and updates the packages it distributes. (Yes, that IS a big if, as with regards to Fedora and ClamAV. {^_-}) If SpamAssassin is not updated what makes you think the distro would have the automatic updates for the rules enabled? I just don't see SpamAssassin as a suitable tool for a person who is a perfectionist and not a tinkerer. (No tool is suitable for such a person, for that matter.) Updating 3.2 is probably not as important as getting 3.3 out. And given the few number of complaints updating 3.2 is likely quite the opposite of critical. Look how long it's been out before it took a nutcase to start complaining leading to the discovery of this alleged problem. (Even the respected Lukreme has not stated outright that the item for which he showed scores was really confirmed spam as opposed to a disgruntled user trying to get off a mailing list and not willing to follow simple instructions for doing so.) {o.o}
Re: [sa] Re: Whitelists in SA
From: Charles Gregory cgreg...@hwcn.org Sent: Friday, 2009/December/18 13:49 On Fri, 18 Dec 2009, jdow wrote: On Thu, 17 Dec 2009, jdow wrote: Still no changes through the sa-update channel. Is there a time delay in the masscheck results being applied? Yes, there is, Mr. Gregory. It exists between your monitor and your keyboard. There is a one inch gap between those two. Perhaps you meant CHAIR and keyboard? ;) I should have guessed you've managed to short circuit the path through your brain. {O,o} -- Grinning, ducking, and running REAL fast that way (Thanks for the straight line. {^_-})
Re: Dear Santa
On Wed, Dec 16, 2009 at 15:31, R-Elists list...@abbacomm.net wrote: Axb PS: If JM posts a link to his Amazon wishlist, maybe we can all help him decorate the new place :-) +1 hey, if you all insist ;) http://www.amazon.com/registry/wishlist/1M0UDEXT6A3I7 https://www.amazon.co.uk/registry/wishlist/1G7S5QV025EOX thanks! it might help persuade my wife that I need to get that server reinstalled ;) -- --j.
Re: [sa] Re: Whitelists in SA
On 12/18/2009 04:56 PM, Charles Gregory wrote: On Fri, 18 Dec 2009, John Hardin wrote: We hope to get rule scoring and publication much more automated - i.e., if a rule in the sandbox works well based on the automated masschecks, it would be automatically scored and published via sa-update. Music to my ears. I will wait (semi-)patiently. Thanks. - C Why wait, when you do relatively simple things to help make it happen? http://wiki.apache.org/spamassassin/NightlyMassCheck We can more frequently update rules if more people participate in the nightly masschecks. The current documentation is a bit of a confusing mess unfortunately. Warren
Re: habeas - tainted white list
On 18/12/2009 2:58 PM, John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? The latter. I can do that tonight or tomorrow. If you do it tonight it'll make tonight's --net enabled mass-check, otherwise it'll be another week before we have results. Daryl
Re: [sa] Re: Whitelists in SA
On 18/12/2009 5:13 PM, Warren Togami wrote: On 12/18/2009 04:56 PM, Charles Gregory wrote: On Fri, 18 Dec 2009, John Hardin wrote: We hope to get rule scoring and publication much more automated - i.e., if a rule in the sandbox works well based on the automated masschecks, it would be automatically scored and published via sa-update. Music to my ears. I will wait (semi-)patiently. Thanks. - C Why wait, when you do relatively simple things to help make it happen? http://wiki.apache.org/spamassassin/NightlyMassCheck We can more frequently update rules if more people participate in the nightly masschecks. The current documentation is a bit of a confusing mess unfortunately. Exactly! We have code to do this now. But I'm positive that we don't have a large and diverse enough ham corpus (on a daily basis, not the big turn out for the legacy re-score mass-checks) to trust it. Contributors are always welcome! Daryl
Re: [sa] Re: habeas - tainted white list
On 18/12/2009 4:46 PM, Charles Gregory wrote: On Fri, 18 Dec 2009, jdow wrote: I suppose it's not a whole lot of bother to change the 3.2 scores. But, people who feel they have been bitten with a HABEAS score have probably already overridden them. Again, I make a note that my concern is for the thousands who install a 'pre-canned' Spamassassin install, with a wrapper to handle what happens to the messages, etc, etc. If you feel a slight chill at the notion of people operating mail servers with so little knowledge, I'm right there with you, but I *was* one of these people a few years ago. Stumbling and learning. Trial by fire. Fun way to learn. :) Interestingly this is one of the reasons why we err on the side of not-tagging mail. Daryl
Re: habeas - tainted white list
On 18/12/2009 8:35 AM, Per Jessen wrote: Daryl C. W. O'Shea wrote: If we had more mass-check data from a wider number of mail recipients maybe it would change things, statistically, maybe it wouldn't. New mass-check contributors are always welcome. They take very little effort to manage once you've set it up (I ignore mine for years at a time). Is there a good howto for setting this up? Other than a clean corpus, it doesn't take much more effort: http://wiki.apache.org/spamassassin/NightlyMassCheck Daryl