Re: DUL/DUL+ redesign to improve DNS cache hit ratio [SA v. MTA]
David F. Skoll d...@roaringpenguin.com wrote: On Tue, 05 Jul 2011 23:26:16 +0200 Andrzej Adam Filip andrzej.fi...@gmail.com wrote: Would you recommend redesigning (mainly) DUL/DUL+ DNSBL lists to improve DNS cache hit ratio? No, not really. The poor cache hit ratio doesn't seem to be a problem in practice (most people were surprised by the results). If you have a high-enough lookup volume that it does become a problem, you just arrange to obtain (or buy) the data and run a local authoritative name server. You are most likely right in case of SA asking all configured DNSBL to generate spam score - improvement of some/minority DNS cache hit ration would not be impressive in improving overall preference. *BUT* It may improve performance e.g. in case of hundredths mail servers in a data/co-location center using shared forwarder and rejecting on first DNSBL hit. Somehow I doubt buying data for such reseller configuration is legally encouraged by paid DNSBL operators. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Welcome to Lake Wobegon, where all the men are strong, the women are pretty, and the children are above-average. -- Garrison Keillor
RE: Lowering spam threshold
I think many people run with tag at 5.0 and discard at 10.0 I should have mentioned that we are running amavisd-new. I thought that was the de facto way of integrating spamassassin into a mail gateway, but reading this list reveals that most people probably doesn't do that. Makes me wonder if I am doing the wrong thing? Amavisd-new has further settings as to thresholds, and these are the ones I put in as of today (after reading other peoples tips here, thank you everybody): $sa_tag_level_deflt = -10; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.2; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 7.4; # spam level beyond which a DSN is not sent Does above scores make sense? -- Lars
Re: Lowering spam threshold
On 7/6/11 4:17 AM, Lars Jørgensen wrote: I think many people run with tag at 5.0 and discard at 10.0 I should have mentioned that we are running amavisd-new. I thought that was the de facto way of integrating spamassassin into a mail gateway, but reading this list reveals that most people probably doesn't do that. Makes me wonder if I am doing the wrong thing? Amavisd-new has further settings as to thresholds, and these are the ones I put in as of today (after reading other peoples tips here, thank you everybody): join the amavisd-new list. you will get direct answers to your questions from a very active, knoledgable group. (and, NO, don't lower your spam threshold.. SA rules are scored to assume a default of 5.0 to mark spam. ) if you are getting too much spam, then NORMAL SA assistance in SA group is your best bet. if amavisd issues including what those additional settings do, then the amavis group -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 *| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: DUL/DUL+ redesign to improve DNS cache hit ratio [SA v. MTA]
On Wed, 06 Jul 2011 08:15:47 +0200 Andrzej Adam Filip andrzej.fi...@gmail.com wrote: It may improve performance e.g. in case of hundredths mail servers in a data/co-location center using shared forwarder and rejecting on first DNSBL hit. Somehow I doubt buying data for such reseller configuration is legally encouraged by paid DNSBL operators. This is true. But it's also not in paid DNSBL operators interest to improve the hit ratio. If the cache hit ratio is improved too much, the DNSBL operators would be unable to detect heavy users and ask (threaten) them for money. :) In the limiting case, if the cache becomes *too* effective, the organization hosting the cache *is* effectively providing the whole data set to its users. Regards, David.
Re: FuzzyOCR
nobody? On Thu, Jun 23, 2011 at 1:56 PM, polloxx poll...@gmail.com wrote: Dear, after an apt-get upgrade FuzzyOCR has stopped working. I get the following error in the log: FuzzyOCR: 2011-06-22 17:00:38 [3057] /usr/bin/jpegtopnm: Returned [2048], skipping... System is a Debian Squeeze Running Spamassassin 3.3.1 and FuzzyOCR 3.6.0 Any idea?
Re: FuzzyOCR
06/07/2011 04:53 ??, ?/? polloxx ??: nobody? You are try to reinstall it ? See the notes here http://fuzzyocr.own-hero.net/wiki/OSSpecificNotes On Thu, Jun 23, 2011 at 1:56 PM, polloxxpoll...@gmail.com wrote: Dear, after an apt-get upgrade FuzzyOCR has stopped working. I get the following error in the log: FuzzyOCR: 2011-06-22 17:00:38 [3057] /usr/bin/jpegtopnm: Returned [2048], skipping... System is a Debian Squeeze Running Spamassassin 3.3.1 and FuzzyOCR 3.6.0 Any idea? -- --- Don't send me documents in .doc , .docx, .xls, .ppt , .pptx . Send it with ODF format : .odt , .odp , .ods or .pdf . Try to use Open Document Format : http://el.libreoffice.org Save you money and use GNU/Linux Distro http://distrowatch.com/ -- First they ignore you, then they ridicule you, then they fight you,then you win!!! * Filipino - detected * Afrikaans * Albanian * Arabic * Belarusian * Bulgarian * Catalan * Chinese * Chinese (Simplified) * Chinese (Traditional) * Croatian * Czech * Danish * Dutch * English * Estonian * Filipino * Finnish * French * Galician * German * Greek * Hebrew * Haitian Creole * Hindi * Hungarian * Icelandic * Indonesian * Irish * Italian * Japanese * Korean * Latvian * Lithuanian * Macedonian * Malay * Maltese * Norwegian * Persian * Polish * Portuguese * Portuguese (Portugal) * Romanian * Russian * Serbian * Slovak * Slovenian * Spanish * Swahili * Swedish * Thai * Turkish * Ukrainian * Vietnamese * Welsh * Yiddish * Afrikaans * Albanian * Arabic * Belarusian * Bulgarian * Catalan * Chinese * Chinese (Simplified) * Chinese (Traditional) * Croatian * Czech * Danish * Dutch * English * Estonian * Filipino * Finnish * French * Galician * German * Greek * Hebrew * Haitian Creole * Hindi * Hungarian * Icelandic * Indonesian * Irish * Italian * Japanese * Korean * Latvian * Lithuanian * Macedonian * Malay * Maltese * Norwegian * Persian * Polish * Portuguese * Portuguese (Portugal) * Romanian * Russian * Serbian * Slovak * Slovenian * Spanish * Swahili * Swedish * Thai * Turkish * Ukrainian * Vietnamese * Welsh * Yiddish javascript:void(0);#
RE: Lowering spam threshold
On Wed, 6 Jul 2011, Lars Jørgensen wrote: $sa_tag2_level_deflt = 5.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.2; # triggers spam evasive actions (e.g. blocks mail) That seems a little aggressive to me. Personally I'd prefer a larger margin of error for FPs, and would set the discard level to 9 or 10 (unless the evasive actions include quarantine for review). -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- [People] are socialists because they are blinded by envy and ignorance.-- economist Ludwig von Mises (1881-1973) --- Tomorrow: Robert Heinlein's 104th birthday
Re: FuzzyOCR
On Wed, 6 Jul 2011, polloxx wrote: nobody? On Thu, Jun 23, 2011 at 1:56 PM, polloxx poll...@gmail.com wrote: Dear, after an apt-get upgrade FuzzyOCR has stopped working. I get the following error in the log: FuzzyOCR: 2011-06-22 17:00:38 [3057] /usr/bin/jpegtopnm: Returned [2048], skipping... System is a Debian Squeeze Running Spamassassin 3.3.1 and FuzzyOCR 3.6.0 Any idea? What happens when you try to run /usr/bin/jpegtopnm from the command line? What does the jpegtopnm man page say about that return code? Did apt-get change the jpegtopnm program? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- [People] are socialists because they are blinded by envy and ignorance.-- economist Ludwig von Mises (1881-1973) --- Tomorrow: Robert Heinlein's 104th birthday
Re: FuzzyOCR
Sergey, reinstall fuzzyocr did not help. What should I see in the OSSpecificNotes? On Wed, Jul 6, 2011 at 4:08 PM, Sergey Tsabolov (aka linuxman) serg...@greeklug.gr wrote: Στις 06/07/2011 04:53 μμ, ο/η polloxx έγραψε: nobody? You are try to reinstall it ? See the notes here http://fuzzyocr.own-hero.net/wiki/OSSpecificNotes On Thu, Jun 23, 2011 at 1:56 PM, polloxx poll...@gmail.com wrote: Dear, after an apt-get upgrade FuzzyOCR has stopped working. I get the following error in the log: FuzzyOCR: 2011-06-22 17:00:38 [3057] /usr/bin/jpegtopnm: Returned [2048], skipping... System is a Debian Squeeze Running Spamassassin 3.3.1 and FuzzyOCR 3.6.0 Any idea? -- --- Don't send me documents in .doc , .docx, .xls, .ppt , .pptx . Send it with ODF format : .odt , .odp , .ods or .pdf . Try to use Open Document Format : http://el.libreoffice.org Save you money and use GNU/Linux Distro http://distrowatch.com/ -- First they ignore you, then they ridicule you, then they fight you,then you win!!! Filipino - detected Afrikaans Albanian Arabic Belarusian Bulgarian Catalan Chinese Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Estonian Filipino Finnish French Galician German Greek Hebrew Haitian Creole Hindi Hungarian Icelandic Indonesian Irish Italian Japanese Korean Latvian Lithuanian Macedonian Malay Maltese Norwegian Persian Polish Portuguese Portuguese (Portugal) Romanian Russian Serbian Slovak Slovenian Spanish Swahili Swedish Thai Turkish Ukrainian Vietnamese Welsh Yiddish Afrikaans Albanian Arabic Belarusian Bulgarian Catalan Chinese Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Estonian Filipino Finnish French Galician German Greek Hebrew Haitian Creole Hindi Hungarian Icelandic Indonesian Irish Italian Japanese Korean Latvian Lithuanian Macedonian Malay Maltese Norwegian Persian Polish Portuguese Portuguese (Portugal) Romanian Russian Serbian Slovak Slovenian Spanish Swahili Swedish Thai Turkish Ukrainian Vietnamese Welsh Yiddish
Re: FuzzyOCR
John, Works fine at the CL. Nothing about the error. (It's a SA error I think) apt-get did not alter jpegtopnm. On Wed, Jul 6, 2011 at 4:40 PM, John Hardin jhar...@impsec.org wrote: On Wed, 6 Jul 2011, polloxx wrote: nobody? On Thu, Jun 23, 2011 at 1:56 PM, polloxx poll...@gmail.com wrote: Dear, after an apt-get upgrade FuzzyOCR has stopped working. I get the following error in the log: FuzzyOCR: 2011-06-22 17:00:38 [3057] /usr/bin/jpegtopnm: Returned [2048], skipping... System is a Debian Squeeze Running Spamassassin 3.3.1 and FuzzyOCR 3.6.0 Any idea? What happens when you try to run /usr/bin/jpegtopnm from the command line? What does the jpegtopnm man page say about that return code? Did apt-get change the jpegtopnm program? -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- [People] are socialists because they are blinded by envy and ignorance. -- economist Ludwig von Mises (1881-1973) --- Tomorrow: Robert Heinlein's 104th birthday
block all high importance priority email
Hello all, I get an assortment of domain changing high importance spam email (mostly sales stuff, some hip replacement info LOL) and want to know if it is possible to block all high priority stuff liek this. It has the red exclamation point when it arrives. I tried blocking most of the repeating domains but they vary them all the time. I host a small site and the host company has SpamAssassin to use from my control panel. I have 3 fields available to use. blacklist_from, required_score, and score. I usually update the blacklist_from field with *spm domain* and this works.but I want to block all the high priority junk that comes in. Can I do this with the limited fields I have?? Thanks in advance -- View this message in context: http://old.nabble.com/block-all-high-importance-priority-email-tp32005970p32005970.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: block all high importance priority email
Le 06/07/2011 17:44, tonym302 a écrit : I get an assortment of domain changing high importance spam email (mostly sales stuff, some hip replacement info LOL) and want to know if it is possible to block all high priority stuff liek this. It has the red exclamation point when it arrives. I tried blocking most of the repeating domains but they vary them all the time. I host a small site and the host company has SpamAssassin to use from my control panel. I have 3 fields available to use. blacklist_from, required_score, and score. I usually update the blacklist_from field with *spm domain* and this works.but I want to block all the high priority junk that comes in. Can I do this with the limited fields I have?? Thanks in advance This could be done easily with a custom rule (based on the values you're seeing for the X-Priority and/or X-MSMail-Priority headers, no doubt). However, by the sounds of it your host doesn't allow you to add rules, so you're out of luck. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages- www.tradoc.fr
Re: FuzzyOCR
On Wed, 6 Jul 2011, polloxx wrote: Works fine at the CL. OK. Just to be clear, you took a jpeg-format image file and used jpegtopnm to convert it to a pnm file, and got a correct .pnm image file out? Did you do this to verify the exit code from jpegtopnm: echo $? Nothing about the error. (It's a SA error I think) It looks to me like SA is just reporting an error code from jpegtopnm. I did some brief digging and couldn't find anything about that particular error code, it might take a look at the sources to learn what it means. apt-get did not alter jpegtopnm. Bummer, so much for the easy explanation... :) Do you have a sample message having an image attachment that you can run through SA manually to test things? If not, try to get one. It would be useful to see the debugging output of spamassassin where it's talking about fuzzyocr. Do you know how to run spamassassin in debug mode against a test message? On Wed, Jul 6, 2011 at 4:40 PM, John Hardin jhar...@impsec.org wrote: On Thu, Jun 23, 2011 at 1:56 PM, polloxx poll...@gmail.com wrote: after an apt-get upgrade FuzzyOCR has stopped working. I get the following error in the log: FuzzyOCR: 2011-06-22 17:00:38 [3057] /usr/bin/jpegtopnm: Returned [2048], skipping... What happens when you try to run /usr/bin/jpegtopnm from the command line? What does the jpegtopnm man page say about that return code? Did apt-get change the jpegtopnm program? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- I would buy a Mac today if I was not working at Microsoft. -- James Allchin, Microsoft VP of Platforms --- Tomorrow: Robert Heinlein's 104th birthday
RE: FuzzyOCR
after an apt-get upgrade FuzzyOCR has stopped working. I get the following error in the log: FuzzyOCR: 2011-06-22 17:00:38 [3057] /usr/bin/jpegtopnm: Returned [2048], skipping... I had this problem too, after upgrading SA to 3.3.x and FuzzyOCR to 3.6.0. Upgrading netpbm fixed it for me. System is a Debian Squeeze Running Spamassassin 3.3.1 and FuzzyOCR 3.6.0 Any idea? This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
Re: DUL/DUL+ redesign to improve DNS cache hit ratio [SA v. MTA]
David F. Skoll d...@roaringpenguin.com wrote: On Wed, 06 Jul 2011 08:15:47 +0200 Andrzej Adam Filip andrzej.fi...@gmail.com wrote: It may improve performance e.g. in case of hundredths mail servers in a data/co-location center using shared forwarder and rejecting on first DNSBL hit. Somehow I doubt buying data for such reseller configuration is legally encouraged by paid DNSBL operators. This is true. But it's also not in paid DNSBL operators interest to improve the hit ratio. If the cache hit ratio is improved too much, the DNSBL operators would be unable to detect heavy users and ask (threaten) them for money. :) In the limiting case, if the cache becomes *too* effective, the organization hosting the cache *is* effectively providing the whole data set to its users. To put it short: a) Only DNSBL listing net ranges (e.g. DUL/DUL+, network reputation) can be quite easily redesigned to improve DNS hit ratio (IMHO) b) Free of charge DNSBL would benefit the most c) In case of DUL list quality is not (IMHO) defined by big */16 entries (e.g. home ADSL ranges) that will generate most DNS cache hits -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu I do not believe that this generation of Americans is willing to resign itself to going to bed each night by the light of a Communist moon... -- Lyndon B. Johnson
Re: Lowering spam threshold
On 06/07/11 09:17, Lars Jørgensen wrote: I think many people run with tag at 5.0 and discard at 10.0 I should have mentioned that we are running amavisd-new. I thought that was the de facto way of integrating spamassassin into a mail gateway, but reading this list reveals that most people probably doesn't do that. Makes me wonder if I am doing the wrong thing? Amavisd-new has further settings as to thresholds, and these are the ones I put in as of today (after reading other peoples tips here, thank you everybody): $sa_tag_level_deflt = -10; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.2; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 7.4; # spam level beyond which a DSN is not sent Does above scores make sense? Yes, makes perfect sense to other amavisd-new users. I currently tag at 5.0 (the default SA score) and quarantine at 6.0. I also set the DSN cut-off level to be the same as quarantine as I don't want to send DSNs. If you are finding spam is getting through untagged with the default SA score of 5.0 then I would look to write some additional rules to target those spam that are getting through rather than lowering the score below the SA default of 5.0. This list can help you with that if you provide examples. Additionally, I have very carefully hand trained bayes with only confirmed spam/ham and tweaked the scores to be more representative of the faith I have in my bayes data. I find many cases where bayes alone will identify spam and have scored bayes_99 accordingly. The main problem I see with SA is that I reject all the easy spam (90%) at the smtp level so SA only really gets to see the more difficult and less obvious stuff. If SA saw all spam then the detection rates out of the box would be extremely high, but with only the more difficult samples to chew on detection rates inevitably drop and are artificially lowered. As a result it can appear that a lot of spam is getting through when in reality the overall percentage is still really small. That last 1% is just hard to catch without increasing the risk of false positives.
Re: FuzzyOCR
On 06/07/2011 06:34 μμ, polloxx wrote: John, Works fine at the CL. Nothing about the error. (It's a SA error I think) apt-get did not alter jpegtopnm. I think you need update you Debian repositories to newest and try to update packages. On Wed, Jul 6, 2011 at 4:40 PM, John Hardinjhar...@impsec.org wrote: On Wed, 6 Jul 2011, polloxx wrote: nobody? On Thu, Jun 23, 2011 at 1:56 PM, polloxxpoll...@gmail.com wrote: Dear, after an apt-get upgrade FuzzyOCR has stopped working. I get the following error in the log: FuzzyOCR: 2011-06-22 17:00:38 [3057] /usr/bin/jpegtopnm: Returned [2048], skipping... System is a Debian Squeeze Running Spamassassin 3.3.1 and FuzzyOCR 3.6.0 Any idea? What happens when you try to run /usr/bin/jpegtopnm from the command line? What does the jpegtopnm man page say about that return code? Did apt-get change the jpegtopnm program? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- [People] are socialists because they are blinded by envy and ignorance.-- economist Ludwig von Mises (1881-1973) --- Tomorrow: Robert Heinlein's 104th birthday -- -- Don't send me documents in .doc , .docx, .xls, .ppt . , .pptx Send it with ODF format : .odt , .odp , .ods or .pdf . Try to use Open Document Format : http://el.libreoffice.org/ Save you money use GNU/Linux Distro http://distrowatch.com/ - First they ignore you, then they ridicule you, then they fight you, then you win!!! * English - detected * Belarusian * Bulgarian * Czech * Danish * English * French * German * Greek * Haitian Creole * Italian * Polish * Russian * Serbian * Slovak * Slovenian * Spanish * Ukrainian * Belarusian * Bulgarian * Czech * Danish * English * French * German * Greek * Haitian Creole * Italian * Polish * Russian * Serbian * Slovak * Slovenian * Spanish * Ukrainian javascript:void(0);
