On 30.04.2012 17:49, Chad M Stewart wrote: > On Apr 30, 2012, at 3:12 AM, Stevan Bajić wrote: > >> On 30.04.2012 04:46, Chad M Stewart wrote: >>> I'd like to come up with a way where my users can forward mis-classified >>> messages to a single address, like fixme@ or correct@. I'm thinking that >>> the address would be directed at a script. The script would then do the >>> magic and then call dspam with the appropriate parameters. >>> >>> Wondering if anyone has some suggestions or been down this road before and >>> care to share? The part I'm stuck on right now how to figure out the >>> classification to pass to dspam, spam|innocent. I've thought about maybe >>> taking the signature and searching system.log for it, get the >>> classification from the entry and then obviously the classification must be >>> the other. >>> >>> Sound reasonable? >> Check the contrib directory -> >> http://dspam.git.sourceforge.net/git/gitweb.cgi?p=dspam/dspam;a=tree;f=contrib;hb=HEAD >> <- and tell me if something is popping into your eye. > Thank you, that might just come in handy. The difficult part remains, > getting the classification. > > My setup is that of a hosted service. My plan is to offer my clients the > ability to train via email or via a simple web interface. I'm going for them > only having to provide the signature(s) of the email. Then have scripts on > my servers figure out the classification, and then email back a confirmation > message that the messages were retrained accordingly. > > I'm brainstorming ideas of simply searching the system.log to taking the > necessary data from system.log every N minutes and loading it into another > mysql db. Then I could track the classification changes of a a given > signature for X period of time. > > While my system is in beta I'll go with two address spam@ and ham@ but I want > to get to a single address eventually. Working with signatures only and with single address could work. Currently you have the following classes in DSPAM: spam, innocent, whitelisted, blocklisted, blacklisted, virus, none
Some of them are not re-trainable from the WebUI but I think on the command line you can retrain them. Not all. Virus mails usually have no tokens assigned to the signature. So retraining there would be hard with just the signature. But at the end you probably want something like this to happen: class: source: should be: spam error innocent innocent error spam whitelisted error spam blocklisted error innocent blacklisted error innocent virus error innocent Technically speaking you could work with single address. Personally I don't think if this make so much sense for the end user. Anyway... the key for the success is to have an easy interface for retraining. Telling the end user to go on and copy paste signatures form a mail and send it to one retrain alias is IMHO not going to work in the long term. User hate doing that kind of things. Give them buttons for spam/ham or make it the way how the Dovecot Anti-Spam plugin is working (capturing drag/drop/move/etc from/to spam folder) is the way to go. Everything else (from my past experience) will soon or later lead to the point where user will just simply ignore the decision made by the anti-spam filter and continue working with the mail, regardless if the mail is classified as spam or as ham. They will delete spam mails in their inbox and they will move ham mails from the junk folder to the inbox. From time to time they will complain to a IT employee that the anti-spam filter is stupid and makes errors all the time and you can explain them that the filter needs to be trained and they will simply respond: "I did! I pressed button on the WebUI or I forwarded to the training address and nothing happened. Minutes later I got another mail with almost the same content and it was again falsely marked as spam. Our anti-spam filter is shit! I use at home Gmail/Hotmail/Yahoo/you_name_it and there it works all the time but here in the office it is shit!" As some one running an MTA for so many domains and/or many users you will soon learn that spammers are your enemy because they waste your resources. But you will learn too that your own end users are the one wasting your resources too and that there exists users that are advice resistant. Spammers are easier to handle. Just add good technology and there you go. End users? Well.... no comment! So the more you can automate and process without educating end users but (miss)using their way of working for your own (and their) benefit, the better for you. Maybe you don't see it right now that way but trust me that one day you will. I personally wish you nothing more than that you never experience this but I am afraid that you will. > > -Chad -- Kind Regards from Switzerland, Stevan Bajić ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
