Re: iXhash plugin and lists - feedback wanted
On Mon, Sep 29, 2008 at 03:40:08PM +0200, Yet Another Ninja wrote: > On 9/27/2008 5:27 PM, Vidar Tyldum Hansen wrote: >> On Mon, Aug 04, 2008 at 11:13:29PM +0200, Dirk Bonengel wrote: >>> Hi all, >>> >>> I'm the author of the iXhash plugin, a piece of code that computes a >>> variety of 'fuzzy checksums' along the lines of the NiXSpam project >>> (run by the German IT magazine iX). >> >> I would like to express my appreciation of your work. >> >>> I guess this list is the best place to ask those of you who use the >>> plugin for feedback. I'd appreciate any comments and information an >>> hit rates, FPs and such >> >> Stats for the last 12 hours: >> >> 70% hitrate on spam. >> 0,1% hitrate on ham. >> >> 3000 emails in corpus. >> > > 0.1% HAM hits seems unusually high. > would you please check what kind of hams these are? > > are they newsletter/bulk or empty messages with attachements, other types? That was too high, yes. My regex wasn't correct. The FP rate is actually 1/15000. The single FP I found was a "mailing list membership reminder" produced by a mailman installation. -- Vidar Tyldum Hansen [EMAIL PROTECTED]
Re: iXhash plugin and lists - feedback wanted
On Sat, Sep 27, 2008 at 05:27:52PM +0200, Vidar Tyldum Hansen wrote: > On Mon, Aug 04, 2008 at 11:13:29PM +0200, Dirk Bonengel wrote: > > Hi all, > > > > I'm the author of the iXhash plugin, a piece of code that computes a > > variety of 'fuzzy checksums' along the lines of the NiXSpam project (run > > by the German IT magazine iX). > > I would like to express my appreciation of your work. Also, I would like to hit my head against my desk for about an hour. Messed the sorting in Mutt and failed to notice the date on the origiginal message. Apologies to the list :) -- Vidar Tyldum Hansen
Re: iXhash plugin and lists - feedback wanted
On Mon, Aug 04, 2008 at 11:13:29PM +0200, Dirk Bonengel wrote: > Hi all, > > I'm the author of the iXhash plugin, a piece of code that computes a > variety of 'fuzzy checksums' along the lines of the NiXSpam project (run > by the German IT magazine iX). I would like to express my appreciation of your work. > I guess this list is the best place to ask those of you who use the > plugin for feedback. I'd appreciate any comments and information an hit > rates, FPs and such Stats for the last 12 hours: 70% hitrate on spam. 0,1% hitrate on ham. 3000 emails in corpus. To me, this is a very valuable service and I would be very sad to see it go away. -- Vidar Tyldum Hansen
BRBL hirate and accuracy [Re: New free blacklist: BRBL - Barracuda Reputation Block List]
On Sat, Sep 20, 2008 at 11:51:37PM -0700, Jeff Chan wrote:
> [Pardon the spam; thought this new blacklist might be worth at
> least trying.]
>
> Apparently Barracuda will be publishing a free-to-use sender
> blacklist called BRBL:
>
> http://www.barracudacentral.org/rbl
In case someone shares my interest in hitrates, here are the stats I
gathered from yesterdays email:
Spam in XBL:
66%
Spam in BRBL:
35%
Spam in both:
29%
Corpus:
My users are norwegian, server located in Norway.
2212 emails was tagged as spam. None of the emails passed as ham was hit
by either XEN or BRBL.
--
Vidar Tyldum Hansen
Re: Configuring SA as frontend to Exchange
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henry Kwan: > Hi, > > Have been running SA on CentOS for a few years now and everything has been > working great. But the powers that be want to move to Exchange so I am trying > to plan a SA frontend that feeds the Exchange server. Been there! > As I was thinking over how SA works now and how it might work in the my future > setup, I was wondering how you would feed unmarked spam to the SA frontend? > Since email is passed through to Exchange, it isn't stored on the SA server > anymore like it is now. Or would I be limited to just having SA autolearn? Thought quickly over this and figured IMAP-support on the Exchange might give me the necessary interface to do this. However, I started out with autolearning and the results were just fantastic so I didn't give it more thought. > Also, if anyone has some good links to setting up a SA frontend to Exchange, > that would be much appreciated. I don't have any links, but I could summarize what I did to make this work (got it running with 2 clients at the moment, one with Exchange 2007 and one with Exchange 2003). My goal was to have SA fully integrated with Exchange so that the junk-folder was put to good use. I hate spending time looking for 'missing' emails that actually never was sent. I'm just doing a rough summary of my process on 2007: - Use LDAP to check the recipients against Exchange/AD (remember the proxyAddress attribute) - On the SA-machine I use Postfix and header_checks after the message is scanned by amavisd-new to map the amavisd-new-headers to the SCL-headers Exchange recognizes. (Hint: 'prepend') - Define the SA-machine as an internal server (so it trusts the SCL-headers) - Enable Junk-folder for the users via OWA (http://gsexdev.blogspot.com/2007/07/turning-on-filter-junk-email-in.html) - Define a receive-connector for the SA-machine (allow anonymous access, retrict to SA-machine only) - Install the antispam agents on the Exchange server (http://support.microsoft.com/kb/555924) - Define spam thresholds for Exchange (http://technet.microsoft.com/en-us/library/bb123559.aspx) Some work must go into the thought of translating SA scores to SCL-levels and if you wish to have a cutoff level. My only grief is that some users doesn't seem to grasp the idea of a junk folder and constantly complain about spam in it. One user even made up a summary of all the dirty words contained in these spams and asked me to block them. Duh. Bet there are plenty of ways to do this, but I found this approach gave me a fully integrated solution. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFH/lCqsJJnSzEQqpgRAq3FAJ9Gx7qQTA1i9751XgibyEONJcek2gCfdBKS tWhrgLWkZ2GqaiPcjci2OUQ= =wAkk -END PGP SIGNATURE-
Re: problem in updating the spam database with rulesdujour
ankush grover, 30.10.2006 13:04: > hey friends, > > I am using spamassassin 3.1.3 on Fc3 along with postfix + > mailscanner. I have configured rulesdujour to download latest spam > rules. When I tried to ran the rulesdujour script I got the following > errors at the end. > > > Lint output: [6769] warn: config: failed to parse line, skipping: > AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON > [6769] warn: config: failed to parse line, skipping: CONTACT: > [EMAIL PROTECTED] > [6769] warn: config: failed to parse line, skipping: AUTOBAN: Over 500 > *.cf requests in 48 hours period - Check your CRON > [6769] warn: config: failed to parse line, skipping: CONTACT: > [EMAIL PROTECTED] > [6769] warn: config: failed to parse line, skipping: AUTOBAN: Over 500 > *.cf requests in 48 hours period - Check your CRON > [6769] warn: config: failed to parse line, skipping: CONTACT: > [EMAIL PROTECTED] Have you checked your cron like the error suggests? Seems you are flooding the servers. How often is rdj ran? Have you 'tested' a lot? -- Cheers Vidar Tyldum Hansen
Re: Problem with SQL-based AWL
Michael Parker, 03.11.2004 15:01: On Wed, Nov 03, 2004 at 12:02:41PM +0100, Vidar Tyldum Hansen wrote: --- SA config --- auto_whitelist_db_modules Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn DBI:mysql:spamassassin:localhost user_awl_sql_username spamassassin user_awl_sql_password ** user_awl_sql_table awl use_auto_whitelist 1 --- End SA config --- Go back and read sql/README.awl the above is not a correct config for turning on AWL SQL. Thank you. In my humble defence ;): Since I installed using CPAN and didn't posess the source tree I relied on http://spamassassin.apache.org/full/3.0.x/dist/, which for some reason isn't complete. -- Cheers Vidar Tyldum Hansen signature.asc Description: OpenPGP digital signature
Problem with SQL-based AWL
I am invoking SA through amavisd-new (thoug the problem is sill there standalone), and have configured SA to use SQL-based bayes. Trying to get AWL working with SQL proves to be a bit of a problem: debug: lock: 11090 created /var/spool/amavis/.spamassassin/auto-whitelist.mutex debug: lock: 11090 trying to get lock on /var/spool/amavis/.spamassassin/auto-whitelist with 30 timeout debug: lock: 11090 link to /var/spool/amavis/.spamassassin/auto-whitelist.mutex: link ok debug: Tie-ing to DB file R/W in /var/spool/amavis/.spamassassin/auto-whitelist debug: open of AWL file failed: Can't locate object method "TIEHASH" via package "Mail::SpamAssassin::SQLBasedAddrList" at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/DBBasedAddrList.pm line 76. Both Mail::SpamAssassin::SQLBasedAddrList and Mail::SpamAssassin::DBBasedAddrList are installed and up-to-date according to CPAN. I even did a force install on them to be sure. I am not too familiar with Perl, but it looks more like a perl issue than misconfiguration. Am I missing a module? --- SA config --- auto_whitelist_db_modules Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn DBI:mysql:spamassassin:localhost user_awl_sql_username spamassassin user_awl_sql_password ** user_awl_sql_table awl use_auto_whitelist 1 --- End SA config --- -- Cheers Vidar Tyldum Hansen signature.asc Description: OpenPGP digital signature
