On Apr 30, 2012, at 12:06 PM, Stevan Bajić wrote: > On 30.04.2012 17:49, Chad M Stewart wrote: >> On Apr 30, 2012, at 3:12 AM, Stevan Bajić wrote: >> >>> On 30.04.2012 04:46, Chad M Stewart wrote: >>>> I'd like to come up with a way where my users can forward mis-classified >>>> messages to a single address, like fixme@ or correct@. I'm thinking that >>>> the address would be directed at a script. The script would then do the >>>> magic and then call dspam with the appropriate parameters. >>>> >>>> Wondering if anyone has some suggestions or been down this road before and >>>> care to share? The part I'm stuck on right now how to figure out the >>>> classification to pass to dspam, spam|innocent. I've thought about maybe >>>> taking the signature and searching system.log for it, get the >>>> classification from the entry and then obviously the classification must >>>> be the other. >>>> >>>> Sound reasonable? >>> Check the contrib directory -> >>> http://dspam.git.sourceforge.net/git/gitweb.cgi?p=dspam/dspam;a=tree;f=contrib;hb=HEAD >>> <- and tell me if something is popping into your eye. >> Thank you, that might just come in handy. The difficult part remains, >> getting the classification. >> >> My setup is that of a hosted service. My plan is to offer my clients the >> ability to train via email or via a simple web interface. I'm going for >> them only having to provide the signature(s) of the email. Then have >> scripts on my servers figure out the classification, and then email back a >> confirmation message that the messages were retrained accordingly. >> >> I'm brainstorming ideas of simply searching the system.log to taking the >> necessary data from system.log every N minutes and loading it into another >> mysql db. Then I could track the classification changes of a a given >> signature for X period of time. >> >> While my system is in beta I'll go with two address spam@ and ham@ but I >> want to get to a single address eventually. > Working with signatures only and with single address could work. > Currently you have the following classes in DSPAM: > spam, innocent, whitelisted, blocklisted, blacklisted, virus, none > > Some of them are not re-trainable from the WebUI but I think on the > command line you can retrain them. Not all. Virus mails usually have no > tokens assigned to the signature. So retraining there would be hard with > just the signature. > > But at the end you probably want something like this to happen: > class: source: should be: > spam error innocent > innocent error spam > whitelisted error spam > blocklisted error innocent > blacklisted error innocent > virus error innocent >
Looks right. > > Technically speaking you could work with single address. Personally I > don't think if this make so much sense for the end user. Anyway... the > key for the success is to have an easy interface for retraining. Telling > the end user to go on and copy paste signatures form a mail and send it > to one retrain alias is IMHO not going to work in the long term. User > hate doing that kind of things. Give them buttons for spam/ham or make > it the way how the Dovecot Anti-Spam plugin is working (capturing > drag/drop/move/etc from/to spam folder) is the way to go. In my model I have zero access to end user's mailboxes. Thus why I was thinking that training via web interface or via email would work. You're right a single button is easier. To get that in my scenario means I'll have to hire someone to write a plugin for Outlook. Then the Exchange user can click one button and have the message automatically forwarded off to the single address for fixing. I could have plugins written for other clients as well. Though that could be a support nightmare. > Everything > else (from my past experience) will soon or later lead to the point > where user will just simply ignore the decision made by the anti-spam > filter and continue working with the mail, regardless if the mail is > classified as spam or as ham. They will delete spam mails in their inbox > and they will move ham mails from the junk folder to the inbox. From > time to time they will complain to a IT employee that the anti-spam > filter is stupid and makes errors all the time and you can explain them > that the filter needs to be trained and they will simply respond: "I > did! I pressed button on the WebUI or I forwarded to the training > address and nothing happened. Minutes later I got another mail with > almost the same content and it was again falsely marked as spam. Our > anti-spam filter is shit! I use at home Gmail/Hotmail/Yahoo/you_name_it > and there it works all the time but here in the office it is shit!" People can be lazy, myself included. So the easier it is the more likely people are to do it. > > As some one running an MTA for so many domains and/or many users you > will soon learn that spammers are your enemy because they waste your > resources. But you will learn too that your own end users are the one > wasting your resources too and that there exists users that are advice > resistant. Spammers are easier to handle. Just add good technology and > there you go. End users? Well.... no comment! I've been a postmaster since '95. The tripe that goes via email is amazing. I've seen so much of it, it boggles my mind. :-) > > So the more you can automate and process without educating end users but > (miss)using their way of working for your own (and their) benefit, the > better for you. Maybe you don't see it right now that way but trust me > that one day you will. I personally wish you nothing more than that you > never experience this but I am afraid that you will. I agree and am using restriction classes within postfix. I have 100+ addresses that are inoculation caliber addresses. Those addresses have minimal smtp level checks enforced, so they get the maximum amount of spam. They are opted out of dspam. Mail to them is saved off to a directory where I'll have a script pickup and pass to dspam as an inoculation message for the global user I've defined, who is then in a merged group. -Chad ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
