On Fri, 27 Aug 2010 09:46:51 -0700 Gary Funck <g...@intrepid.com> wrote:
> On 06/10/10 11:38:45, Bradley Giesbrecht wrote: > > I noticed an email that I did not send to myselff with the same "From" > > and "To" address and an "X-Dspam-Result: Whitelisted" header. > > I ran into this situation today. > > From u...@example.com Fri Aug 27 08:32:24 2010 > From: u...@example.com > Received: from mail.example.com (example.local [10.10.1.1]) > by localhost.local (8.14.4/8.14.4) with ESMTP id o7RFWOb9004675 > for <u...@localhost.local>; Fri, 27 Aug 2010 08:32:24 -0700 > Received: from 82.160.134.3 ([82.160.134.3]) > by mail.example.com (8.13.8/8.13.8) with ESMTP id o7RFWEtU015083 > for <u...@example.com>; Fri, 27 Aug 2010 08:32:19 -0700 > Date: Fri, 27 Aug 2010 08:32:14 -0700 > To: u...@example.com > Subject: u...@example.com V|AGRA \256 Official Seller -75% > X-Spam-Score: 34.306 (**********************************) > > DRUGS_ERECTILE,DRUGS_ERECTILE_OBFU,FUZZY_VPILL,HTML_IMAGE_ONLY_08,HTML_MESSAGE, > > HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,MISSING_DATE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB, > > RCVD_IN_XBL,RCVD_NUMERIC_HELO,RDNS_NONE,SUBJECT_NEEDS_ENCODING,TT_OBSCURED_VIAGRA, > > TVD_RCVD_IP,TVD_RCVD_IP4,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_WS_SURBL > X-DSPAM-Result: Whitelisted > X-DSPAM-Confidence: 0.5664 > X-DSPAM-Probability: 1.0000 > > Does DSPAM include the incoming IP address with the Sender's > email address, and then use that (sender, IP) pair to identify > the sender for the purposes of whitelisting? > No. DSPAM uses the whole "From" line to identify whitelisted entries. You can create the token by hand and query your backend to see what spam/innocent hits it has. # dspam_crc "from*u...@example.com" TOKEN: 'from*u...@example.com' CRC: 330966212412571206 Then lookup that token inside your DSPAM database: > select * from dspam_token_data where token='330966212412571206' Checking your email address in my setup results in: theia ~ # dspam_crc "From*Gary Funck <g...@intrepid.com>" TOKEN: 'From*Gary Funck <g...@intrepid.com>' CRC: 5069347935046341961 theia ~ # mysql --user=root --password=$(cat /root/.mysql.pwd) -e "select * from sysdb_dspam.dspam_token_data where token='5069347935046341961'" +-----+---------------------+-----------+---------------+------------+ | uid | token | spam_hits | innocent_hits | last_hit | +-----+---------------------+-----------+---------------+------------+ | 4 | 5069347935046341961 | 0 | 38 | 2010-08-27 | +-----+---------------------+-----------+---------------+------------+ theia ~ # > If not, it seems > that might help in the use case above. > > Is there a way to tell DSPAM about "trusted" IP addresses (in > a fashion similar to SpamAssassin)? > No. I planed to add something like that into DSPAM but never got the time to do so. > In the situation above, mail.example.com, is the domain's > mail server. Thus, the sender's IP address, 82.160.134.3, > can be reliably determined, and then combined with the sender's > IP address in ordere to form the (sender, IP) pair. > If DSPAM were able to follow the chain of Received headers > out to the last "trusted" IP address, then it could determine > the last known reliable IP address and use that when calculating > the Sender's identification for the purpose of white listing. > You are entering a mine field with that. Most admins out there would love to whitelist everyone and his dog in DSPAM. But DSPAM does not expose functions to the outside to do that. Off course one can manually add tokens with a high innocent count and whitelist that way. Anyway... I did not wanted to extend the whitelisting functionallity but wanted to introduce a "trusted network path" as an additional resource to identify trusted networks and use that as additional whitelisting mechanism. IMHO best would be to not extend by default the current whitelisting but add additional whitelisting possibilities AND allow the end user to choose if he/she wants to combine that FROM whitelisting with the TRUSTED NETWORK whitelist. -- Kind Regards from Switzerland, Stevan Bajić ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
