Re: habeas - tainted white list
On Dec 18, 2009, at 2:26 PM, Justin Mason wrote: it can be measured by finding the WL rule's page on ruleqa.spamassassin.org, then examining the OVERLAP section for overlaps with BL rules. I'd expect that most whitelist operators will automatically de-list any IP which appears on a respected blacklist, so it's likely there's some unseen feedback here as well. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: a.s.r (was Re: habeas - tainted white list)
On Mon, 21 Dec 2009, J.D. Falk wrote: That's IT! PORNOGRAPHIC DOCUMENTATION! Sorry. Already been tried. But no matter what we called it, the users still didn't appreciate their computers or network going down on them. :) - C PS. Let's not get started on how hard disks are smaller than flippy ones...
Re: habeas - tainted white list
On Sat, 19 Dec 2009, Res wrote: the only person here at present trolling is you, so for F's sake STFU and stop generating massive noise ratio (nod) Done. - C
Re: habeas - tainted white list
On 18-Dec-2009, at 00:24, Daryl C. W. O'Shea wrote: From the data we have from mass-checks we are erring a very small amount on the side of caution by not disabling the whitelists by default. I guess that the real issue that I have with the whole HABEAS thing is the magnitude of the default scores. −4 and −8 caused issues that would never have arisen had the defaults been −0.4 and −0.8. Or even −1 and −2. -- The fact is that camels are far more intelligent than dolphins. Footnote: Never trust a species that grins all the time. It's up to something. --Pyramids
Re: habeas - tainted white list
On fre 18 dec 2009 08:13:31 CET, Christian Brel wrote * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? see dnswl homepage, there is NONE, LOW, MED, HI, the above ip is now LOW, want to change it to NONE ? dont change the score in sa to fix a ip spammer -- xpoint http://www.unicom.com/pw/reply-to-harmful.html pgpQdHWaOXxcA.pgp Description: PGP digital signatur
Re: habeas - tainted white list
On Fri, 18 Dec 2009 02:24:45 -0500
Daryl C. W. O'Shea spamassas...@dostech.ca wrote:
Reputation type rules (such as DNSWLs) are probably the only (or
certainly one of the very few) types of rules that you can weight
heavily negatively. This is due to the nature of an open source
product (or even given enough time to game a closed source product).
Content based rules are very often easily beaten. If we could have a
body rule that looks for this mail is good and assign a -20 score
we would. Clearly that would not work.
With the kindest of respect, I have to disagree with this. If for
argument sake five blocklists with no business {or other} relationship
with Spamassassin flag an IP for spamming, then it's a good bet
that they are correct and any perceived negativity is earned. How this
impacts on Spamassassin is dependent on the scores set - which comes
back to you and the developers - so the arguement not only has not
legs, it has no arms either. Consider that blocklists are often
universally trusted to be sat on the SMTP connection level ahead of
Spamassassin, whereas the suggestion of doing that with Habeas as a
whitelist would be pure comedy gold :-)
Again, find me a commercial white list that wants to be included in
SpamAssassin on a free for use basis and I'll pay for the phone call
to talk to them. Seriously.
I shake my head in utter disbelief at this comment, and I'm sure that
Apache Sponsor Barracuda AKA 'emailreg.org' will have just pricked up
their ears.
I'm pretty sure I brought up the SA developers' *long* standing
principle of being as safe as possible for the majority of users by
erring on the side of missing spam rather than tagging ham while still
putting out a useful product.
It's a fair statement that in using an Antispam 'product' that blocks
nothing and only assigns a score, the issue of having that score
reduced in favour of a known commercial bulk mailer is undesirable.
The statistics may have some interest but can be applied to show there
is little cause to keep the rule at all if you so wish to bend it the
other way. The key is this: I would *never* have known what HABEAS was
if I had not seen the name in low scoring spam and asked why. It does
not look like I'm the first to ask either.
From the data we have from mass-checks we are erring a very small
amount on the side of caution by not disabling the whitelists by
default.
It's a big fat favourable score to one organisation for 'erring a very
small amount on the side of caution' don't you think? -4/-8 given the
average 419 spam only scores 4-8 points. Forgive me but are Return Path
pulling someones strings here as Puppet Masters?
If everything is open and transparent give the default user the option
to *enable* them and score them zero, unless - of course - there is
some kind of logical reason for these mad scoring spam assisting rules
that favour Return Path in the default set up?
--
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations.
Re: habeas - tainted white list
On 18/12/2009 3:09 AM, LuKreme wrote: On 18-Dec-2009, at 00:24, Daryl C. W. O'Shea wrote: From the data we have from mass-checks we are erring a very small amount on the side of caution by not disabling the whitelists by default. I guess that the real issue that I have with the whole HABEAS thing is the magnitude of the default scores. −4 and −8 caused issues that would never have arisen had the defaults been −0.4 and −0.8. Or even −1 and −2. The scores have been decreased in the upcoming proposed release ruleset. Not to -0.4 and -0.8, but they're no longer -4 and -8. I'm sure that we'll get to (it's been -4 and -8 for years, we're not in a huge rush to do anything now) decreasing them in the 3.2.x sa-update ruleset also once we've firmed up an opinion of what they should be going forward. Please stop beating the -4 and -8 horse. We agree. Daryl
Re: habeas - tainted white list
On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Daryl Then fix it and show who really is in charge of this project? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On 18/12/2009 3:32 AM, Christian Brel wrote:
On Fri, 18 Dec 2009 02:24:45 -0500
Daryl C. W. O'Shea spamassas...@dostech.ca wrote:
Reputation type rules (such as DNSWLs) are probably the only (or
certainly one of the very few) types of rules that you can weight
heavily negatively. This is due to the nature of an open source
product (or even given enough time to game a closed source product).
Content based rules are very often easily beaten. If we could have a
body rule that looks for this mail is good and assign a -20 score
we would. Clearly that would not work.
With the kindest of respect, I have to disagree with this.
How the following text supports your disagreement I don't know. But
I'll agree to disagree.
If for
argument sake five blocklists with no business {or other} relationship
with Spamassassin flag an IP for spamming, then it's a good bet
that they are correct and any perceived negativity is earned. How this
impacts on Spamassassin is dependent on the scores set - which comes
back to you and the developers - so the arguement not only has not
legs, it has no arms either. Consider that blocklists are often
universally trusted to be sat on the SMTP connection level ahead of
Spamassassin, whereas the suggestion of doing that with Habeas as a
whitelist would be pure comedy gold :-)
Again, find me a commercial white list that wants to be included in
SpamAssassin on a free for use basis and I'll pay for the phone call
to talk to them. Seriously.
I shake my head in utter disbelief at this comment, and I'm sure that
Apache Sponsor Barracuda AKA 'emailreg.org' will have just pricked up
their ears.
So what if they do. We'll test it and judge it on stats (not random FPs
or stories about friends who had a bad employment experience). If it
works good it works good, if it doesn't we won't use it and they'll
understand.
I'm pretty sure I brought up the SA developers' *long* standing
principle of being as safe as possible for the majority of users by
erring on the side of missing spam rather than tagging ham while still
putting out a useful product.
It's a fair statement that in using an Antispam 'product' that blocks
nothing and only assigns a score, the issue of having that score
reduced in favour of a known commercial bulk mailer is undesirable.
Just so I'm clear, are you equating all commercial bulk mail to spam? I
would disagree if that is the case. You would likely disagree with me
and then I would agree to disagree.
The statistics may have some interest but can be applied to show there
is little cause to keep the rule at all if you so wish to bend it the
other way.
I've already explained my rationale for keeping it. It's a small trade
off to cover the unknown. Our ham corpus is not that large.
The key is this: I would *never* have known what HABEAS was
if I had not seen the name in low scoring spam and asked why. It does
not look like I'm the first to ask either.
You know, it's funny you mention it. I've found out about some
blacklists, even ones now included in SpamAssassin, only because they
caught one-to-one personal emails (that no-one could argue were
commercial) of random people that I know (and who have inquired about
the block).
From the data we have from mass-checks we are erring a very small
amount on the side of caution by not disabling the whitelists by
default.
It's a big fat favourable score to one organisation for 'erring a very
small amount on the side of caution' don't you think? -4/-8 given the
average 419 spam only scores 4-8 points.
Again, we agree. We've changed it in the upcomming release and will
surely backport it when we're done getting 3.3 out. It's been like this
for years, I don't think we need to jump like crazy to change the 3.2
updates before we've even settled on a final score.
Forgive me but are Return Path
pulling someones strings here as Puppet Masters?
I really wish they would. I sure could use the money. In 6 or so years
of SA development I've netted me a total of... a $30 book (Thanks Dan!).
If I were to sell that book I'd be a small way towards covering this
month's costs for the sa-update mirrors I run out of my own pocket.
If everything is open and transparent give the default user the option
to *enable* them and score them zero, unless - of course - there is
some kind of logical reason for these mad scoring spam assisting rules
that favour Return Path in the default set up?
I stand firm on my opinion that our principle of safe for most users is
the logical reason for including DNSWLs.
If you like you can transparently disable the DNSWLs.
Daryl
Re: habeas - tainted white list
On fre 18 dec 2009 10:07:55 CET, Daryl C. W. O'Shea wrote If you like you can transparently disable the DNSWLs. or create a bug to have dnswl use trusted_networks from local.cf in spamassassin -- xpoint http://www.unicom.com/pw/reply-to-harmful.html pgpfoovQHfqN5.pgp Description: PGP digital signatur
Re: habeas - tainted white list
On Dec 18, 2009, at 1:32, Christian Brel brel.spamassassin091...@copperproductions.co.uk wrote: the issue of having that score reduced in favour of a known commercial bulk mailer is undesirable. The trouble is you seem to consider ALL commercial senders to be spammers. That's just not true.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 04:07:55 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: If everything is open and transparent give the default user the option to *enable* them and score them zero, unless - of course - there is some kind of logical reason for these mad scoring spam assisting rules that favour Return Path in the default set up? I stand firm on my opinion that our principle of safe for most users is the logical reason for including DNSWLs. Spamassassin is not something trivially installed like a piece of Microsoft junkware. In fact, it is nearly impossible to get it to do anything useful without reading lots of documents Daryl. Couple this with the fact it only *scores* mail - it does not block it - any mish mash of rules could be argued to be 'safe'. If it were deployed at the SMTP level where it was kicking out 55x's it may be a different story. So the 'safe' angle really has no legs. If you like you can transparently disable the DNSWLs. I found it much more useful to apply them as blocklists and give the a +4/+8 myself - but that's a personal choice. Thank you for your time Daryl. We don't agree - but I don't want to waste more of your personal time on this. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Dec 18, 2009, at 2:07, Daryl C. W. O'Shea spamassas...@dostech.ca wrote: I stand firm on my opinion that our principle of safe for most users is the logical reason for including DNSWLs. Just to be clear, despite my dislike of the HABEAS rules, I am not a tinfoil-hat nutter thinking there's some conspiracy. I even had quite good result with HABEAS way back when. My problems were purely a result of getting occasional waves of miss-classed spam getting through because of HABEAS. I might agree with some small portion of our resident troll's posts, but I am still a big fan of SA and an eagerly awaiting the release of 3.3.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 02:21:00 -0700 LuKreme krem...@kreme.com wrote: On Dec 18, 2009, at 1:32, Christian Brel brel.spamassassin091...@copperproductions.co.uk wrote: the issue of having that score reduced in favour of a known commercial bulk mailer is undesirable. The trouble is you seem to consider ALL commercial senders to be spammers. That's just not true. No, I don't. But I do consider many commercial emailers to abuse personal data for their own gain. To me it is spam if it does not directly relate to a transaction that I have instigated. If it's special offers, news or other marketing rubbish aimed at selling me something or telling me about new services - it's spam. We've moved on since the Tandy/Radio Shack days of data collected at the point of sale forever being used to abuse you forever more. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On fre 18 dec 2009 10:23:48 CET, Christian Brel wrote If you like you can transparently disable the DNSWLs. I found it much more useful to apply them as blocklists and give the a +4/+8 myself - but that's a personal choice. and No, hits=0.7 required=10.0 tests=SPF_SOFTFAIL is also a personal choice ? -- xpoint http://www.unicom.com/pw/reply-to-harmful.html pgpGhE5vLJfdh.pgp Description: PGP digital signatur
Re: habeas - tainted white list
On Fri, 18 Dec 2009 10:33:31 +0100 Benny Pedersen m...@junc.org wrote: On fre 18 dec 2009 10:23:48 CET, Christian Brel wrote If you like you can transparently disable the DNSWLs. I found it much more useful to apply them as blocklists and give the a +4/+8 myself - but that's a personal choice. and No, hits=0.7 required=10.0 tests=SPF_SOFTFAIL is also a personal choice ? For what I am doing, yes ;-) -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 02:29:56 -0700 LuKreme krem...@kreme.com wrote: I might agree with some small portion of our resident troll's posts, You need to resort to abuse for what particular reason? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote: On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Daryl Then fix it and show who really is in charge of this project? It's been fixed. Don't you know how to use bugzilla? http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460r2=891459pathrev=891460 The new scores will come out in 3.3.0, RC1 is very soon... -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
Re: habeas - tainted white list
On Fri, 18 Dec 2009 06:49:41 -0600 Daniel J McDonald dan.mcdon...@austinenergy.com wrote: On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote: On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Daryl Then fix it and show who really is in charge of this project? It's been fixed. Don't you know how to use bugzilla? http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460r2=891459pathrev=891460 The new scores will come out in 3.3.0, RC1 is very soon... +score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0 +score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0 This is 'fixed'? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
dnswl.org does offer trusted_networks-formatted files (separated by our trust levels), but beware of bug 5931 for older versions of SA: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5931 -- Matthias Am 18.12.2009 um 10:17 schrieb Benny Pedersen: On fre 18 dec 2009 10:07:55 CET, Daryl C. W. O'Shea wrote If you like you can transparently disable the DNSWLs. or create a bug to have dnswl use trusted_networks from local.cf in spamassassin -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: habeas - tainted white list
Daryl C. W. O'Shea wrote: If we had more mass-check data from a wider number of mail recipients maybe it would change things, statistically, maybe it wouldn't. New mass-check contributors are always welcome. They take very little effort to manage once you've set it up (I ignore mine for years at a time). Is there a good howto for setting this up? /Per Jessen, Zürich
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 02:29:56 -0700 LuKreme krem...@kreme.com wrote: I might agree with some small portion of our resident troll's posts, You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: habeas - tainted white list
On Fri, 2009-12-18 at 12:53 +, Christian Brel wrote: On Fri, 18 Dec 2009 06:49:41 -0600 Daniel J McDonald dan.mcdon...@austinenergy.com wrote: On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote: On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Daryl Then fix it and show who really is in charge of this project? It's been fixed. Don't you know how to use bugzilla? http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460r2=891459pathrev=891460 The new scores will come out in 3.3.0, RC1 is very soon... +score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0 +score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0 This is 'fixed'? Have you read the bugzilla entry? huge discussion about how to fix it properly. You also ignored the five rules removed and replaced by these two. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
Re: habeas - tainted white list
On Fri, 18 Dec 2009 06:12:06 -0800 (PST) John Hardin jhar...@impsec.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 02:29:56 -0700 LuKreme krem...@kreme.com wrote: I might agree with some small portion of our resident troll's posts, You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. That is your choice of words - not mine. It is interesting that when reasonable questions about the motivation for a bizarre part of SA is brought up, others are entitled to abuse the person with that point of view - but he must not respond to that abuse or runs the risk of the mob ganging up. It seems that *some* can alter subject lines to abuse, send abusive off-list mail, openly abuse etc, whilst others just have to sit and take it. When they are not happy to do that they are accused of trolling. Strikes me as cyber-bulling, but I've no intention of rising to it - it's all rather boring. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Thu, 17 Dec 2009, Christian Brel wrote: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Wow. People are running down ReturnPath and they don't even have a clear idea of what RP *does*? How lame is that? Oh. Beg pardon. It's Christian. Now I know for sure that he's Richard. Same lame hyperbole and straw man BS. (yawn) - Charles
Re: habeas - tainted white list
On Fri, 18 Dec 2009 06:19:25 -0800 (PST) John Hardin jhar...@impsec.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 06:49:41 -0600 Daniel J McDonald dan.mcdon...@austinenergy.com wrote: On Fri, 2009-12-18 at 08:49 +, Christian Brel wrote: On Fri, 18 Dec 2009 03:44:32 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: Please stop beating the -4 and -8 horse. We agree. Then fix it and show who really is in charge of this project? It's been fixed. Don't you know how to use bugzilla? http://svn.apache.org/viewvc/spamassassin/trunk/rules/50_scores.cf?r1=891460r2=891459pathrev=891460 The new scores will come out in 3.3.0, RC1 is very soon... +score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0 +score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0 This is 'fixed'? In the absence of evidence to the contrary, yes. If it's that big a problem for you in real life, then you should be able to provide FNs to the masscheck corpora that will _prove_ these scores are too generous. We understand your philosophical objection. Providing hard evidence of FNs will go much further towards making your point than name calling will. The name calling being? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 09:53:37 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Thu, 17 Dec 2009, Christian Brel wrote: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Wow. People are running down ReturnPath and they don't even have a clear idea of what RP *does*? How lame is that? Oh. Beg pardon. It's Christian. Now I know for sure that he's Richard. Same lame hyperbole and straw man BS. (yawn) - Charles I did ask for clarification as to if they earned money for assisting in the delivery of bulk, commercial email. I've not seen a reply yet to help me clarify this. I've been open and transparent about it and asked on list. But your abusive rebuttal is noted. Perhaps you can explain tome what they do and how they make their money? I would prefer to hear it from someone authorised to speak for RP - but please feel free to post something constructive. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: Why not default them to zero and include in the release notes/man that there are whitelists and they can *enable* them? Go read the archives, troll. - C
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: But they should not have to disable a whitelist that assists with the delivery of bulk commercial mail in an anti-spam application! If the sender is relying on such rules to keep the mailout under the radar then clearly there is something very wrong with that? Go read the archives, troll. - C
Re: habeas - tainted white list
On Fri, 18 Dec 2009 10:26:28 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: But they should not have to disable a whitelist that assists with the delivery of bulk commercial mail in an anti-spam application! If the sender is relying on such rules to keep the mailout under the radar then clearly there is something very wrong with that? Go read the archives, troll. - C All of them or do you have something specific, troll? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 06:19:25 -0800 (PST) John Hardin jhar...@impsec.org wrote: We understand your philosophical objection. Providing hard evidence of FNs will go much further towards making your point than name calling will. The name calling being? Alright, let me amend that: Providing hard evidence of FNs will go much further towards making your point - and getting the rules fixed in a useful manner - than will repeated accusations that the SA devs are taking bribes to weaken SA. And phrasing it as a question doesn't make it any less of an accusation, given it keeps being repeated after reasonable explanations have been provided. At the moment there's insufficient _hard data_ to support the contention that the reputation whitelists are assisting FNs to a great degree. The data from masscheck suggests the impact of the reputation whitelists is neutral to very slightly positive (in terms of reducing FPs). If you feel this isn't justified, if you're seeing a lot of FNs that can be laid at the feet of a reputation whitelist rule, then please feed that hard data into the masscheck corpora so that the scoring process can take it into account. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: On he subject of Spammy whitelists... * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? I see these from time to time. This is what gave rise to my intial inquiry about the frequency with which whitelited servers are hacked. Ideally, the whitelist should have a mechanism for temporarily suspending IP's that have been hacked. Perhaps running a check of their list against internet blacklists would help? If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP - C
Re: habeas - tainted white list
Charles Gregory wrote: On Fri, 18 Dec 2009, Christian Brel wrote: On he subject of Spammy whitelists... * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? I see these from time to time. This is what gave rise to my intial inquiry about the frequency with which whitelited servers are hacked. Ideally, the whitelist should have a mechanism for temporarily suspending IP's that have been hacked. Perhaps running a check of their list against internet blacklists would help? If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists.
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. That is your choice of words - not mine. It is interesting that when reasonable questions about the motivation for a bizarre part of SA is brought up, others are entitled to abuse the person with that point of view - but he must not respond to that abuse or runs the risk of the mob ganging up. Now where have I heard this before...? Sounds so familiar. Ah! Right! Got it. My (then) 5 and 6 year old children arguing over who started it. - C PS. You did. No one calls you 'troll' until you act like one.
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: On Thu, 17 Dec 2009, Christian Brel wrote: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Wow. People are running down ReturnPath and they don't even have a clear idea of what RP *does*? How lame is that? I did ask for clarification as to if they earned money for assisting in the delivery of bulk, commercial email. I've not seen a reply yet to help me clarify this. Read the archives, troll. Perhaps you can explain tome what they do and how they make their money? I would prefer to hear it from someone authorised to speak for RP - but please feel free to post something constructive. Get it right from Return Path themselves: http://www.returnpath.net/ - C
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: Go read the archives, troll. All of them or do you have something specific, troll? Fine, fine, pedant. Go SEARCH the archives, troll. :) - C
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Jason Bertoch wrote: Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. Hm. I *like* that one! - C
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 12:18:46 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: Go read the archives, troll. All of them or do you have something specific, troll? Fine, fine, pedant. Go SEARCH the archives, troll. :) - C Perhaps I can help you understand why the question was asked on list. Yesterday, J D Falk of Return Path said; Return Path is not an ESP by any of the common definitions. http://en.wikipedia.org/wiki/ESP (No wonder you're confused.) To which I asked J D Falk: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Which is perfectly fair, direct and reasonable. There is a like for like sarcastic ending, just as J D Provided. Now, I've not seen J D follow up to that, unless you have elected yourself to his spokesperson and qualified to answer for him? The alternative would be you are just spoiling for an argument and fit the 'troll' definition rather well: a troll is someone who posts ...with the primary intent of provoking But please, carry on - it suits you. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 12:03:38 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. That is your choice of words - not mine. It is interesting that when reasonable questions about the motivation for a bizarre part of SA is brought up, others are entitled to abuse the person with that point of view - but he must not respond to that abuse or runs the risk of the mob ganging up. Now where have I heard this before...? Sounds so familiar. Ah! Right! Got it. My (then) 5 and 6 year old children arguing over who started it. - C PS. You did. No one calls you 'troll' until you act like one. And this pointless post you have just made is ?not? trolling to provoke a reaction? I apologise if at some point in the past I've hurt your feelings or made you look small. Sincerely. There comes a time when you need to deal with that and move on. We are all grown up now and not - like you say - '5 6 year old children'. Please feel free to act like an adult and end the personal attacks, or, act like a troll. It's your reputation ;-) BTW: Return Path: Today we are the world’s leading email deliverability services company and our clients include Fortune 500 firms do you think this is a commercial enterprise or a charity? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: Go SEARCH the archives, troll. :) Perhaps I can help you understand why the question was asked on list. It's obvious as to why. You failed to read previous postings that answered the question the first time(s) you (or someone else) asked it Return Path is not an ESP by any of the common definitions. http://en.wikipedia.org/wiki/ESP (No wonder you're confused.) To which I asked J D Falk: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Now, I've not seen J D follow up to that, unless you have elected yourself to his spokesperson and qualified to answer for him? Hint: No wonder you're confused refers to your question or am I confused? So you have *quoted* his follow up and pretended that it was *before* your useless, repeated question. And then you claim that you have 'not seen' the follow up you quote? ROFLMAO! I ammend my request one more time: Go SEARCH the archive IN CHRONOLOGICAL ORDER, troll. - C
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 13:00:05 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: Go SEARCH the archives, troll. :) Perhaps I can help you understand why the question was asked on list. It's obvious as to why. You failed to read previous postings that answered the question the first time(s) you (or someone else) asked it Return Path is not an ESP by any of the common definitions. http://en.wikipedia.org/wiki/ESP (No wonder you're confused.) To which I asked J D Falk: Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? Now, I've not seen J D follow up to that, unless you have elected yourself to his spokesperson and qualified to answer for him? Hint: No wonder you're confused refers to your question or am I confused? So you have *quoted* his follow up and pretended that it was *before* your useless, repeated question. And then you claim that you have 'not seen' the follow up you quote? ROFLMAO! I ammend my request one more time: Go SEARCH the archive IN CHRONOLOGICAL ORDER, troll. - C Charles, you *are* speaking for J D Falk with his Auspices? No? Then you are trolling - keep going. I love it when you are angry ;-) -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: There comes a time when you need to deal with that and move on. We are all grown up now and not - like you say - '5 6 year old children'. Good. Then stop talking like them. Please feel free to act like an adult and end the personal attacks, or, act like a troll. It's your reputation ;-) The man who got banned and had to fake a new user name is lecturing me on reputation? ROFLMAOUIPMP Return Path: Today we are the world’s leading email deliverability services company and our clients include Fortune 500 firms There. You now have the answer to your question. So stop asking it. (Finally) do you think this is a commercial enterprise or a charity? Do I think you will ever ask any questions not already answered or obvious from the website? - C
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, Christian Brel wrote: Charles, you *are* speaking for J D Falk with his Auspices? Hey, J D! Please post and give me your auspices. I'd love to see what this Troll posts if you say 'sure'. :) - C
Re: habeas - tainted white list
On Dec 18, 2009, at 7:12, John Hardin jhar...@impsec.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: On Fri, 18 Dec 2009 02:29:56 -0700 LuKreme krem...@kreme.com wrote: I might agree with some small portion of our resident troll's posts, You need to resort to abuse for what particular reason? Repeatedly accusing the SA developers of fraudulent collusion is abusive. Don't be surprised if people are abusive in return. I dunno. I don't consider Troll to be abusive. Descriptive, perhaps. Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r That is truly brilliant. Not familiar with a.s.r though. Peter da Silva sounds familiar though.
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 13:21:00 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: There comes a time when you need to deal with that and move on. We are all grown up now and not - like you say - '5 6 year old children'. Good. Then stop talking like them. Perhaps you need to stop *acting* like them ;-) Please feel free to act like an adult and end the personal attacks, or, act like a troll. It's your reputation ;-) The man who got banned and had to fake a new user name is lecturing me on reputation? ROFLMAOUIPMP So two wrongs would make a right. I see. Yep, I'm laughing too :-) Return Path: Today we are the world’s leading email deliverability services company and our clients include Fortune 500 firms There. You now have the answer to your question. So stop asking it. (Finally) I don't thing anyone was ever under the impression they were a charity doing it for love. But that would be an assumption. After all, those HABEAS 'oil can' rules are in Spamassassin for love and not money do you think this is a commercial enterprise or a charity? Do I think you will ever ask any questions not already answered or obvious from the website? - C I apologise, that was rude of me. I was told *not* to assume something even if it was obvious. So it's clear for the Archives; Return Path is a commercial operation that makes money. Return Path mail is eased through Spamassassin with negative scoring rules. Asking if any money changed hands for this position of privilege provokes hostility. Despite these rules benefiting the commercial interests of Return Path, and not necessarily the users - and despite there being no fiscal reward for Apache/Spamassassin - this state of affairs will remain. Yep, I'm clear on that. Most of this has been addressed by Daryl in grown up talk whilst you were tucked up in your bed. I would like to take this opportunity to thank you Charles, you've really made me laugh this afternoon and I love you. X X X. You've been really helpful and I'm glad you've become my friend :-) Have a Merry Christmas. -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 13:29:40 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: On Fri, 18 Dec 2009, Christian Brel wrote: Charles, you *are* speaking for J D Falk with his Auspices? Hey, J D! Please post and give me your auspices. I'd love to see what this Troll posts if you say 'sure'. :) - C I was just under the impression that J D - who I actually rather respect for the difficult balance he has to strike, was in the job of reputation management and is a consummate professional, so I'm not entirely sure he would put his reputation into your hands - but he may as he has a wicked sense of humour. But to put you out of your misery I would say; Thank you J.D. Thank you Charles. Anything else I can help you with Charles, or are you done? Merry Christmas -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
RE: habeas - tainted white list
or create a bug to have dnswl use trusted_networks from local.cf in spamassassin Benny can you help me / us better understand what you are getting at here and why? something you already do or implement? i wish i knew a better way to ask the question(s) so that you could better help us understand your thinking tia - rh
RE: habeas - tainted white list
In the absence of evidence to the contrary, yes. If it's that big a problem for you in real life, then you should be able to provide FNs to the masscheck corpora that will _prove_ these scores are too generous. We understand your philosophical objection. Providing hard evidence of FNs will go much further towards making your point than name calling will. -- John Hardin John, great!!! here is a chance for possible help in more areas than just this specific ruleset issue... i asked Rob some time ago if he could write a script that would check logs and report if a certain rule was effective or not by itself vrs if other rules hit with it and maybe that rule was not needed or could be lowered etc etc and if other rules hit with it, then we would see how effective that rule was and why and when etc etc i am guessing that you folks already have these tools or similar tools or help? although i could probably come up with general logic flow and an algo for this, i would not be able to hard codify and implement at this time... yeah yeah, i know and im still working with PERL for dummies and will get past the intro some time soon - rh
Re: habeas - tainted white list
John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? /Jason
Re: habeas - tainted white list
From: Daryl C. W. O'Shea spamassas...@dostech.ca
Sent: Friday, 2009/December/18 01:07
On 18/12/2009 3:32 AM, Christian Brel wrote:
On Fri, 18 Dec 2009 02:24:45 -0500
Daryl C. W. O'Shea spamassas...@dostech.ca wrote:
...
From the data we have from mass-checks we are erring a very small
amount on the side of caution by not disabling the whitelists by
default.
It's a big fat favourable score to one organisation for 'erring a very
small amount on the side of caution' don't you think? -4/-8 given the
average 419 spam only scores 4-8 points.
Again, we agree. We've changed it in the upcomming release and will
surely backport it when we're done getting 3.3 out. It's been like this
for years, I don't think we need to jump like crazy to change the 3.2
updates before we've even settled on a final score.
I suppose it's not a whole lot of bother to change the 3.2 scores. But,
people who feel they have been bitten with a HABEAS score have probably
already overridden them.
If everything is open and transparent give the default user the option
to *enable* them and score them zero, unless - of course - there is
some kind of logical reason for these mad scoring spam assisting rules
that favour Return Path in the default set up?
I stand firm on my opinion that our principle of safe for most users is
the logical reason for including DNSWLs.
Indeed, HE is not the boss.
If you like you can transparently disable the DNSWLs.
Is he smart enough to do so?
{^_^}
Re: habeas - tainted white list
From: John Hardin jhar...@impsec.org
Sent: Friday, 2009/December/18 06:12
On Fri, 18 Dec 2009, Christian Brel wrote:
On Fri, 18 Dec 2009 02:29:56 -0700
LuKreme krem...@kreme.com wrote:
I might agree with some small portion of our resident troll's posts,
You need to resort to abuse for what particular reason?
Repeatedly accusing the SA developers of fraudulent collusion is abusive.
Don't be surprised if people are abusive in return.
He customizes one element of his installation to quite thoroughly
pass a lot of spam settings. Then he whines when something HE
calls spam gets through. He expects Return Path and emailreg.org
to read his mind. And he refuses to make the simple corrections at
his end that would solve it for him and leave the rest of the world
properly protected. (He is NOT properly protected with his score
configuration.)
Just off hand I think this describes his bona fides to utterly ignore.
I wonder if a variant build of Spam Assassin could tag messages
coming through the list with an X-ChristianBrel header. On the Wiki
it'd be explained as Meaningless noise from a fugghead. (That's
a willfully self-destructive person.)
Of course, /dev/null works. At least I don't see HIS messages. And I
could simply /dev/null the topic. Morbid curiosity keeps me watching
the thread.
{^_^}
RE: habeas - tainted white list
On Fri 18 Dec 2009 07:42:55 PM CET, R-Elists wrote or create a bug to have dnswl use trusted_networks from local.cf in spamassassin can you help me / us better understand what you are getting at here and why? example: trusted_networks 127.128.0.0/16 and then if 127.128.128.128 is listed in dnswl, make a rbl test that use firsttrusted to match it is remote listed in dnswl also, that means you agree its a whitelist ip, so if dnswl make some ip whitelisted, and its not in local.cf as trusted_networks it would not help you :) something you already do or implement? i currently not have the need to do it, but it is supported imho i wish i knew a better way to ask the question(s) so that you could better help us understand your thinking i could tell more about cpm, not funny ? :) nope, its just the OT thread i am inspired of, why none of them use perldoc more then fighting here about something that its easely fixed in local.cf -- xpoint http://www.unicom.com/pw/reply-to-harmful.html pgpoySiwwDGyZ.pgp Description: PGP Digital Signature
Re: habeas - tainted white list
From: John Hardin jhar...@impsec.org
Sent: Friday, 2009/December/18 08:07
On Fri, 18 Dec 2009, Christian Brel wrote:
On Fri, 18 Dec 2009 06:19:25 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
We understand your philosophical objection. Providing hard evidence
of FNs will go much further towards making your point than name
calling will.
The name calling being?
Alright, let me amend that: Providing hard evidence of FNs will go much
further towards making your point - and getting the rules fixed in a
useful manner - than will repeated accusations that the SA devs are taking
bribes to weaken SA.
And phrasing it as a question doesn't make it any less of an accusation,
given it keeps being repeated after reasonable explanations have been
provided.
At the moment there's insufficient _hard data_ to support the contention
that the reputation whitelists are assisting FNs to a great degree. The
data from masscheck suggests the impact of the reputation whitelists is
neutral to very slightly positive (in terms of reducing FPs). If you feel
this isn't justified, if you're seeing a lot of FNs that can be laid at
the feet of a reputation whitelist rule, then please feed that hard data
into the masscheck corpora so that the scoring process can take it into
account.
John, he is a teleological thinker. Epistemological arguments do not
mean a thing to him. Reality is consensual to him. He thinks he can
bend reality to his will and all spam will go away because he forced
somebody else to cripple a product.
Forget it, teleological thinkers are impervious to logic. Ignore the
twit.
{^_^}
Re: [sa] Re: habeas - tainted white list
From: Charles Gregory cgreg...@hwcn.org
Sent: Friday, 2009/December/18 09:18
On Fri, 18 Dec 2009, Christian Brel wrote:
Go read the archives, troll.
All of them or do you have something specific, troll?
Fine, fine, pedant.
Go SEARCH the archives, troll. :)
OK, (Problem Exists Between Monitor And Keyboard) Christian.
{^_-}
Re: [sa] Re: habeas - tainted white list
From: Charles Gregory cgreg...@hwcn.org
Sent: Friday, 2009/December/18 09:21
On Fri, 18 Dec 2009, Jason Bertoch wrote:
Or we could have the whitelist rules in a meta such that they only hit
when a blacklist rule doesn't, if this is a common enough problem. It
might also allow people to get past the high negative score for the
whitelists.
Hm. I *like* that one!
- C
Then try it and report back to us if it works, how it works, and on
what basis you claim it works.
{^_^}
Re: habeas - tainted white list
R-Elists wrote: here is a chance for possible help in more areas than just this specific ruleset issue... i asked Rob some time ago if he could write a script that would check logs and report if a certain rule was effective or not by itself vrs if other rules hit with it and maybe that rule was not needed or could be lowered etc etc and if other rules hit with it, then we would see how effective that rule was and why and when etc etc i am guessing that you folks already have these tools or similar tools or help? This is still on my to do list, but duties with invaluement.com only keep growing, so it is hard to prioritize this. But I find it hard to believe that this doesn't already exist. All that is needed is a plug-in that would copy to a specified directory all messages which hit on X rule (and/or dnsbl). The plug-in would be able to (optionally) only take action if the message scored either at or above threshold or below threshold. Then, whenever testing a new rule/dnsbl, simply score it at 0.01, point the plugin at that rule or dnsbl, and have it only act on messages which scored below threshold. This would be extremely valuable for determining the following about a new rule or DNSBL: (1) How much spam the rule would have blocked if being used aggressively (but was missed with the 0.01 score) and, therefore, made it to the inbox during the testing phase because nothing else in production had stopped it? (2) How many legit messages would have been blocked with the use of this rule or DNSBL? (FPs) Of course, BOTH of those examples would consist of messages which scored below threshold even while hitting on that new rule (given its 0.01 score). So it would be up to the e-mail administrator to then examine the messages and judge for themselves whether these were FPs, or would-have-missed-without-the-new-rule spams (aka corrected FNs). If anyone ever develops such a plugin before I have time to, PLEASE let me know! -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009 11:40:40 -0800
jdow j...@earthlink.net wrote:
From: Charles Gregory cgreg...@hwcn.org
Sent: Friday, 2009/December/18 09:18
On Fri, 18 Dec 2009, Christian Brel wrote:
Go read the archives, troll.
All of them or do you have something specific, troll?
Fine, fine, pedant.
Go SEARCH the archives, troll. :)
OK, (Problem Exists Between Monitor And Keyboard) Christian.
{^_-}
Said the woman who is having layer 8 issues with the /dev/null
killfile LOL.
You have a real lot to say about what *I* think - do you do any
thinking of your own or just spit out the dummy at other people point
of view. How very sweet :-) Merry Christmas.
--
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Jason Bertoch wrote: John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? The latter. I can do that tonight or tomorrow. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: habeas - tainted white list
On Fri, Dec 18, 2009 at 19:04, Jason Bertoch ja...@i6ix.com wrote: John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? it can be measured by finding the WL rule's page on ruleqa.spamassassin.org, then examining the OVERLAP section for overlaps with BL rules. -- --j.
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, jdow wrote: I suppose it's not a whole lot of bother to change the 3.2 scores. But, people who feel they have been bitten with a HABEAS score have probably already overridden them. Again, I make a note that my concern is for the thousands who install a 'pre-canned' Spamassassin install, with a wrapper to handle what happens to the messages, etc, etc. If you feel a slight chill at the notion of people operating mail servers with so little knowledge, I'm right there with you, but I *was* one of these people a few years ago. Stumbling and learning. Trial by fire. Fun way to learn. :) So the more that can be 'standardized' without jeopardizing flexibility, the better things can be :) If you like you can transparently disable the DNSWLs. Is he smart enough to do so? With out regard for who 'he' is, it is certain that *someone* out there is not that 'smart', and follows the 'recommendations' provided by their hosting provider for a 'standard' mail server setup. They will just want it to 'work' without any maintenance at all. And just to beat out the next inevitable argument, no, these people are not 'lazy'. They just literally don't know what they are doing. If someone doesn't pre-build the system properly, they end up running open relays. Yes, THOSE people. :( - C
Re: [sa] Re: habeas - tainted white list
On Fri, 18 Dec 2009, John Hardin wrote: Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? The latter. I can do that tonight or tomorrow. Thanks John. As always I am stifled by being unable to generate a decent ham corpus (privacy regs). So my thanks for being able to test out these wild ideas. Hope this ones works! :) - C
Re: [sa] Re: habeas - tainted white list
From: Charles Gregory cgreg...@hwcn.org
Sent: Friday, 2009/December/18 13:46
On Fri, 18 Dec 2009, jdow wrote:
I suppose it's not a whole lot of bother to change the 3.2 scores. But,
people who feel they have been bitten with a HABEAS score have probably
already overridden them.
Again, I make a note that my concern is for the thousands who install a
'pre-canned' Spamassassin install, with a wrapper to handle what happens
to the messages, etc, etc. If you feel a slight chill at the notion of
people operating mail servers with so little knowledge, I'm right there
with you, but I *was* one of these people a few years ago. Stumbling and
learning. Trial by fire. Fun way to learn. :)
So the more that can be 'standardized' without jeopardizing flexibility,
the better things can be :)
If you like you can transparently disable the DNSWLs.
Is he smart enough to do so?
With out regard for who 'he' is, it is certain that *someone* out there is
not that 'smart', and follows the 'recommendations' provided by their
hosting provider for a 'standard' mail server setup. They will just want
it to 'work' without any maintenance at all.
And just to beat out the next inevitable argument, no, these people are
not 'lazy'. They just literally don't know what they are doing. If someone
doesn't pre-build the system properly, they end up running open relays.
Yes, THOSE people. :(
Once 3.3 is out the problem is solved if they have a distro that reviews
and updates the packages it distributes. (Yes, that IS a big if, as with
regards to Fedora and ClamAV. {^_-}) If SpamAssassin is not updated what
makes you think the distro would have the automatic updates for the rules
enabled? I just don't see SpamAssassin as a suitable tool for a person
who is a perfectionist and not a tinkerer. (No tool is suitable for
such a person, for that matter.)
Updating 3.2 is probably not as important as getting 3.3 out. And given
the few number of complaints updating 3.2 is likely quite the opposite
of critical. Look how long it's been out before it took a nutcase to
start complaining leading to the discovery of this alleged problem.
(Even the respected Lukreme has not stated outright that the item for
which he showed scores was really confirmed spam as opposed to a
disgruntled user trying to get off a mailing list and not willing to
follow simple instructions for doing so.)
{o.o}
Re: habeas - tainted white list
On 18/12/2009 2:58 PM, John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: John Hardin wrote: On Fri, 18 Dec 2009, Jason Bertoch wrote: Charles Gregory wrote: If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. That sounds like a good idea to me... Is there a way to pull stats on this concept from mass check results or would a new rule need to be checked in by a dev? The latter. I can do that tonight or tomorrow. If you do it tonight it'll make tonight's --net enabled mass-check, otherwise it'll be another week before we have results. Daryl
Re: [sa] Re: habeas - tainted white list
On 18/12/2009 4:46 PM, Charles Gregory wrote: On Fri, 18 Dec 2009, jdow wrote: I suppose it's not a whole lot of bother to change the 3.2 scores. But, people who feel they have been bitten with a HABEAS score have probably already overridden them. Again, I make a note that my concern is for the thousands who install a 'pre-canned' Spamassassin install, with a wrapper to handle what happens to the messages, etc, etc. If you feel a slight chill at the notion of people operating mail servers with so little knowledge, I'm right there with you, but I *was* one of these people a few years ago. Stumbling and learning. Trial by fire. Fun way to learn. :) Interestingly this is one of the reasons why we err on the side of not-tagging mail. Daryl
Re: habeas - tainted white list
On 18/12/2009 8:35 AM, Per Jessen wrote: Daryl C. W. O'Shea wrote: If we had more mass-check data from a wider number of mail recipients maybe it would change things, statistically, maybe it wouldn't. New mass-check contributors are always welcome. They take very little effort to manage once you've set it up (I ignore mine for years at a time). Is there a good howto for setting this up? Other than a clean corpus, it doesn't take much more effort: http://wiki.apache.org/spamassassin/NightlyMassCheck Daryl
Re: habeas - tainted white list
On 18/12/2009 2:44 PM, Rob McEwen wrote: R-Elists wrote: here is a chance for possible help in more areas than just this specific ruleset issue... i asked Rob some time ago if he could write a script that would check logs and report if a certain rule was effective or not by itself vrs if other rules hit with it and maybe that rule was not needed or could be lowered etc Well it doesn't report to alert people that a rule may not make much of a difference in the scheme of things, you can infer the information from ruleqa's score map output. Daryl
Re: habeas - tainted white list
On Fri, 18 Dec 2009, Justin Mason wrote: Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. it can be measured by finding the WL rule's page on ruleqa.spamassassin.org, then examining the OVERLAP section for overlaps with BL rules. As of last weekend's network masscheck: T_RCVD_IN_RP_CERTIFIED SPAM% 0.0851 126 of 148025 messages HAM%0.3738 746 of 199558 messages S/O 0.63 RANK0.185 overlap spam: 60% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_BRBL; overlap spam: 58% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_ZEN; overlap spam: 26% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_SORBS; T_RCVD_IN_RP_CERTIFIED SPAM% 0.0851 126 of 148025 messages HAM%0.3738 746 of 199558 messages S/O 0.185 RANK 0.63 overlap spam: 60% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_BRBL; overlap spam: 58% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_ZEN; overlap spam: 26% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_SORBS; Test rules committed. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: habeas - tainted white list
On Fri, 18 Dec 2009, John Hardin wrote: On Fri, 18 Dec 2009, Justin Mason wrote: Or we could have the whitelist rules in a meta such that they only hit when a blacklist rule doesn't, if this is a common enough problem. It might also allow people to get past the high negative score for the whitelists. it can be measured by finding the WL rule's page on ruleqa.spamassassin.org, then examining the OVERLAP section for overlaps with BL rules. As of last weekend's network masscheck: T_RCVD_IN_RP_CERTIFIED SPAM% 0.0851 126 of 148025 messages HAM%0.3738 746 of 199558 messages S/O 0.63 RANK0.185 overlap spam: 60% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_BRBL; overlap spam: 58% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_ZEN; overlap spam: 26% of T_RCVD_IN_RP_CERTIFIED hits also hit __RCVD_IN_SORBS; T_RCVD_IN_RP_CERTIFIED SPAM% 0.0851 126 of 148025 messages HAM%0.3738 746 of 199558 messages S/O 0.185 RANK 0.63 Frack. T_RCVD_IN_RP_SAFE SPAM% 0.0851 126 of 148025 messages HAM%2.1367 4264 of 199558 messages S/O 0.038 RANK0.80 overlap spam: 60% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_BRBL; overlap spam: 58% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_ZEN; overlap spam: 26% of T_RCVD_IN_RP_SAFE hits also hit __RCVD_IN_SORBS; -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 7 days until Christmas
Re: [sa] Re: habeas - tainted white list
the only person here at present trolling is you, so for F's sake STFU and stop generating massive noise ratio On Fri, 18 Dec 2009, Charles Gregory wrote: On Fri, 18 Dec 2009, Christian Brel wrote: Charles, you *are* speaking for J D Falk with his Auspices? Hey, J D! Please post and give me your auspices. I'd love to see what this Troll posts if you say 'sure'. :) - C -- Res What does Windows have that Linux doesn't? - One hell of a lot of bugs!
Re: [sa] Re: habeas - tainted white list
{side note}
Has anyone noticed how the thread 'emailreg.org - tainted white list'
has been left unchanged, despite the topic moving on to Habeas. Whilst
this is side splittingly funny if you do a search on emailreg.org and
see it in the archives, it's probably not fair to drag their name
through the mud when the topic has moved on?
I wonder how long the thread will be left at the new 're: habeas -
tainted white list'? How many will post using it? Or if those black
helicopters and MIB's will seek to put a stop to it?
--
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations.
Re: [sa] Re: habeas - tainted white list
From: Christian Brel brel.spamassassin091...@copperproductions.co.uk
Sent: Thursday, 2009/December/17 09:28
{side note}
Has anyone noticed how the thread 'emailreg.org - tainted white list'
has been left unchanged, despite the topic moving on to Habeas. Whilst
this is side splittingly funny if you do a search on emailreg.org and
see it in the archives, it's probably not fair to drag their name
through the mud when the topic has moved on?
I wonder how long the thread will be left at the new 're: habeas -
tainted white list'? How many will post using it? Or if those black
helicopters and MIB's will seek to put a stop to it?
I believe on the whole Warren Togami's posting about a whitelist
performance on a masscheck settles the affair. White lists are very
reliable. They are also very unnecessary within SpamAssassin. So
perhaps the whole topic can die.
I also note that the people complaining about the white lists seem
to leave out solid data. Were the spams really confirmed spams or
were they merely scored as spams? What scores hit that made them
score as spams? What kind of installation do you have? How many
emails a day are processed?
It's little details like that which prompt other people to look at
assertions somewhat askance or ignore them outright.
With my three personal accounts I have yet to see an email off this
list containing HABEAS, spam or ham, since this discussion began. I
guess I don't do business with HABEAS customers and no spammers have
pushed through anything from a HABEAS site. The mail volume is fairly
high (LKML and a couple other Linux lists). And the spam seems to be
suddenly up from 60-80 a day to the 90s/day. For those spammers who
are listening, I REALLY do not need Via-thingie-alis whether or not
it is from he Pf people. If I REALLY need to get it up I do a sexy
striptease or something like that. (The V thingie seems to be a new
feature of my spam bucket - 10 or more of them a day.)
{^_-}
RE: [sa] Re: habeas - tainted white list
I believe on the whole Warren Togami's posting about a
whitelist performance on a masscheck settles the affair.
White lists are very reliable. They are also very unnecessary
within SpamAssassin. So perhaps the whole topic can die.
I also note that the people complaining about the white lists
seem to leave out solid data. Were the spams really
confirmed spams or were they merely scored as spams? What
scores hit that made them score as spams? What kind of
installation do you have? How many emails a day are processed?
It's little details like that which prompt other people to
look at assertions somewhat askance or ignore them outright.
With my three personal accounts I have yet to see an email
off this list containing HABEAS, spam or ham, since this
discussion began. I guess I don't do business with HABEAS
customers and no spammers have pushed through anything from a
HABEAS site. The mail volume is fairly high (LKML and a
couple other Linux lists). And the spam seems to be suddenly
up from 60-80 a day to the 90s/day. For those spammers who
are listening, I REALLY do not need Via-thingie-alis whether
or not it is from he Pf people. If I REALLY need to get it up
I do a sexy striptease or something like that. (The V thingie
seems to be a new feature of my spam bucket - 10 or more of
them a day.)
{^_-}
JDow et al,
why do you say on the whole ? what is holding you back in your thinking
there?
...based upon Togami's data processing, the biggest thing that comes to mind
is this...
*IF* these or similar rulesets are not truly not making a difference one way
or the other, then why are they there?
why do we really need them or the other similar rulesets?
...and why should any rules such as these have a default SA installation
value other than zero and then educate admins in the documentation what to
do in regards to enabling and suggested scoring?
- rh
Re: habeas - tainted white list
On Thu, 17 Dec 2009 12:21:37 -0700
J.D. Falk jdfalk-li...@cybernothing.org wrote:
On Dec 16, 2009, at 8:11 AM, Christian Brel wrote:
It's also fair to say any ESP such as Return Path taking money to
deliver mail should be optimising it {or offering advice on
optimisation) so it does *not* score high. Otherwise what are their
customers paying them for?
Return Path is not an ESP by any of the common definitions.
http://en.wikipedia.org/wiki/ESP
(No wonder you're confused.)
--
J.D. Falk jdf...@returnpath.net
Return Path Inc
Would it be rude of me to ask how you make your money? Is it from the
provision and delivery of bulk commercial email or am I confused?
--
This e-mail and any attachments may form pure opinion and may not have
any factual foundation. Please check any details provided to satisfy
yourself as to suitability or accuracy of any information provided.
Data Protection: Unless otherwise requested we may pass the information
you have provided to other partner organisations.
Re: [sa] Re: habeas - tainted white list
From: R-Elists list...@abbacomm.net
Sent: Thursday, 2009/December/17 11:21
I believe on the whole Warren Togami's posting about a
whitelist performance on a masscheck settles the affair.
White lists are very reliable. They are also very unnecessary
within SpamAssassin. So perhaps the whole topic can die.
I also note that the people complaining about the white lists
seem to leave out solid data. Were the spams really
confirmed spams or were they merely scored as spams? What
scores hit that made them score as spams? What kind of
installation do you have? How many emails a day are processed?
It's little details like that which prompt other people to
look at assertions somewhat askance or ignore them outright.
With my three personal accounts I have yet to see an email
off this list containing HABEAS, spam or ham, since this
discussion began. I guess I don't do business with HABEAS
customers and no spammers have pushed through anything from a
HABEAS site. The mail volume is fairly high (LKML and a
couple other Linux lists). And the spam seems to be suddenly
up from 60-80 a day to the 90s/day. For those spammers who
are listening, I REALLY do not need Via-thingie-alis whether
or not it is from he Pf people. If I REALLY need to get it up
I do a sexy striptease or something like that. (The V thingie
seems to be a new feature of my spam bucket - 10 or more of
them a day.)
{^_-}
JDow et al,
why do you say on the whole ? what is holding you back in your thinking
there?
...based upon Togami's data processing, the biggest thing that comes to
mind
is this...
*IF* these or similar rulesets are not truly not making a difference one
way
or the other, then why are they there?
why do we really need them or the other similar rulesets?
...and why should any rules such as these have a default SA installation
value other than zero and then educate admins in the documentation what
to
do in regards to enabling and suggested scoring?
I read Warren's note to indicate their scores were being made sensible
in line with what the masscheck indicates. If they are 100% effective and
only 1% needed the score would be very low despite the accuracy. That makes
sense as a starting point. Then it's up to the administrators to put in
their custom rules to account for effects like one person's spam is
another person's ham, and I don't want to bother to unsubscribe, I'll
just declare this list spam.
The tools might be good as an SMTP transaction time test, though. Use a
positive hit as a gateway through the greylisting wall, perhaps. It might
put a small fraction of a percent more load on SpamAssassin. But it might
be worthwhile.
Heck, I'm only administering a two person net here and I take the time
to learn the tools I am using and write useful configurations for them.
Somebody paid to do this should do no less. Otherwise, do something
silly and purchase a Barracuda if the boss is too dumb to pay you to
do it right.
{^_^}
Re: habeas - tainted white list
On 17/12/2009 2:21 PM, R-Elists wrote: ...based upon Togami's data processing, the biggest thing that comes to mind is this... *IF* these or similar rulesets are not truly not making a difference one way or the other, then why are they there? why do we really need them or the other similar rulesets? We can't and aren't really sure that they don't make a difference. Our ham corpus isn't really all that big. For the most part it's probably made up largely of types of mail that Return-Path wouldn't be dealing with on their lists. Clearly it's not containing much mail that Return-Path deals with. The corpus isn't big enough to say that most people (and most people aren't technical people, rather are just common Internet users) won't get mail that Return-Path doesn't deal with though. ...and why should any rules such as these have a default SA installation value other than zero and then educate admins in the documentation what to do in regards to enabling and suggested scoring? SA is designed to be safe for most users. Most as in general Internet users and safe as in it would rather not tag mail than tag it. IMO whitelists have a place in SA, even whitelists that we cannot determine due to a small corpus size whether or not they're actually making a difference... at least when based on our corpus there's no evidence that they're statistically and drastically causing a significant amount of spam to pass that otherwise wouldn't. We treat blacklists the same way. We include blacklists in the default install to stop spam. We include whitelists because of our core principle of being safe for most users in general. I think the current score changes are a good step. Another step may be including in the release notes that there are whitelists and that people may want to disable them by score whatever rules (a list of them) 0. BTW, I will not waste any cycles defending individual instances on spam getting by because of whitelists for the exact same reason that I do not do the same for ham that gets caught by whitelists. Daryl
Re: habeas - tainted white list
On Thu, 17 Dec 2009 15:51:35 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: I think the current score changes are a good step. Another step may be including in the release notes that there are whitelists and that people may want to disable them by score whatever rules (a list of them) 0. Why not default them to zero and include in the release notes/man that there are whitelists and they can *enable* them? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 09:46:03 +1300 Michael Hutchinson packetl...@ping.net.nz wrote: Everyone else started carrying on about the Habeas rules being present at all, when it is more than within their power to disable those rules. But they should not have to disable a whitelist that assists with the delivery of bulk commercial mail in an anti-spam application! If the sender is relying on such rules to keep the mailout under the radar then clearly there is something very wrong with that? The issues here are clear: *The inclusion of white list that pretty much favours a single commercial mail organisation. *The default score applied to that listed senders being hideously favourable(are there any other rules with such mad negative scores in the mix by default?) *The lack of any other commercial white lists from the competitors of Return Path being used in the product. I'm interested but equally suspicious as to why a small set of people involved in this anti-spam product are keen to try and move on from this and sweep it under the carpet. Could this be AssassinGate??? Lol. Buy what you want, but I'm not selling anything. Cheers, Mike -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
From: Christian Brel brel.spamassassin091...@copperproductions.co.uk
Sent: Thursday, 2009/December/17 22:11
On Thu, 17 Dec 2009 15:51:35 -0500
Daryl C. W. O'Shea spamassas...@dostech.ca wrote:
I think the current score changes are a good step. Another step may
be including in the release notes that there are whitelists and that
people may want to disable them by score whatever rules (a list of
them) 0.
Why not default them to zero and include in the release notes/man that
there are whitelists and they can *enable* them?
Because we enjoy tweaking the nose of idiots?
{O,o}- being wonked out silly, which is all you deserve.
Re: habeas - tainted white list
From: Christian Brel brel.spamassassin091...@copperproductions.co.uk
Sent: Thursday, 2009/December/17 22:22
On Fri, 18 Dec 2009 09:46:03 +1300
Michael Hutchinson packetl...@ping.net.nz wrote:
Everyone else started carrying on about the Habeas rules being
present at all, when it is more than within their power to disable
those rules.
But they should not have to disable a whitelist that assists
with the delivery of bulk commercial mail in an anti-spam application!
If the sender is relying on such rules to keep the mailout under the
radar then clearly there is something very wrong with that?
The issues here are clear:
*The inclusion of white list that pretty much favours a single
commercial mail organisation.
*The default score applied to that listed senders being hideously
favourable(are there any other rules with such mad negative scores in
the mix by default?)
*The lack of any other commercial white lists from the competitors of
Return Path being used in the product.
I'm interested but equally suspicious as to why a small set of people
involved in this anti-spam product are keen to try and move on from
this and sweep it under the carpet. Could this be AssassinGate??? Lol.
Christian, you sound, for all the world, as sensible as the idiots
who claim that 9/11 was organized by the White House or Israeli spies
or both. Maybe it's time you retired to the more conspiracy theory
friendly realm the Trufers maintain. You're for /dev/null here.
{^_^}
Re: habeas - tainted white list
On he subject of Spammy whitelists... * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On 18/12/2009 1:11 AM, Christian Brel wrote: On Thu, 17 Dec 2009 15:51:35 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: I think the current score changes are a good step. Another step may be including in the release notes that there are whitelists and that people may want to disable them by score whatever rules (a list of them) 0. Why not default them to zero and include in the release notes/man that there are whitelists and they can *enable* them? I'm pretty sure I brought up the SA developers' *long* standing principle of being as safe as possible for the majority of users by erring on the side of missing spam rather than tagging ham while still putting out a useful product. From the data we have from mass-checks we are erring a very small amount on the side of caution by not disabling the whitelists by default. If we had more mass-check data from a wider number of mail recipients maybe it would change things, statistically, maybe it wouldn't. New mass-check contributors are always welcome. They take very little effort to manage once you've set it up (I ignore mine for years at a time). Daryl
Re: habeas - tainted white list
On 18/12/2009 1:22 AM, Christian Brel wrote: The issues here are clear: *The inclusion of white list that pretty much favours a single commercial mail organisation. At present, to my knowledge Return Path is the only organization which has approached us for inclusion in SpamAssassin. We would more than welcome other commercial vendors provided that their lists are free for use by the majority of our users (like any blacklists we include) and that they provide reasonable good results (the same criteria for blacklists but s/spam/ham/). *The default score applied to that listed senders being hideously favourable(are there any other rules with such mad negative scores in the mix by default?) Reputation type rules (such as DNSWLs) are probably the only (or certainly one of the very few) types of rules that you can weight heavily negatively. This is due to the nature of an open source product (or even given enough time to game a closed source product). Content based rules are very often easily beaten. If we could have a body rule that looks for this mail is good and assign a -20 score we would. Clearly that would not work. I think that the new scores are inline with what is needed to correct the high scores that some of the wanted commercial crap currently scores at. I see stuff at upwards of 8 or more regularly. *The lack of any other commercial white lists from the competitors of Return Path being used in the product. Again, find me a commercial white list that wants to be included in SpamAssassin on a free for use basis and I'll pay for the phone call to talk to them. Seriously. I'm interested but equally suspicious as to why a small set of people involved in this anti-spam product are keen to try and move on from this and sweep it under the carpet. Could this be AssassinGate??? Lol. You do realize that there's only a small set of active developers, right? Daryl
Re: habeas - tainted white list
On 18/12/2009 2:13 AM, Christian Brel wrote: On he subject of Spammy whitelists... * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? Forgot individual occurrences of FPs or FNs. They're statistically meaningless. In last week's net-enabled mass-check the -1.0 score for RCVD_IN_DNSWL_LOW RBL caused only 10 of 148025 (0.00675%) spams to fall below 5.0 (and that could have happened with as small as a -0.1 score, I don't have data, so at approx -0.5 the same thing could have happened). On the other hand, it moved 101 of 199558 (0.05061%) hams below the 5.0 mark. That's an S/O of 0.035 which is pretty good (we wouldn't be questioning a spam hitting rule with an S/O of 0.965, at least not at a score of 1). http://ruleqa.spamassassin.org/20091212-r889898-n/RCVD_IN_DNSWL_LOW/detail Again, to anyone, if our statistics are way off from the reality our users are seeing we need more mass-check contributors. Daryl
