Robert A. Pickering Jr. wrote: > > Mike, > > I think it's a great idea as many ISPs use multiple servers. I'm a > little unclear however. Do you *always* take the last two domain > portions? So in the event of international domains like: > mx.someserver.com.uk. Would you just take com.uk, thereby allowing > everyone with a .com.uk extension to randomize? Since most of my spam > is from non-us domains (Brazil, Russia, Poland, Taiwan, China, etc.), it > would seem that taking the last two might not be enough, and perhaps > should be expanded to three. > > -Rob > > On Dec 14, 2006, at 3:42 PM, Mike Taczak wrote: > >> The company I work for is more concerned with removing all false >> positives than filtering absolutely every spam that comes though the >> system. This can usually be accomplished by using many reliable smaller >> carefully calibrated filtering techniques assuming our servers can >> support them and maintaining speed. We've found policyd invaluable in >> this sense. >> >> However, while we were looking at the HRP module, we were concerned >> about false positives for the valid email servers that may use more than >> X helo names. We've come up with a change that should prevent those >> false positives while still filtering many false servers. >> >> By using a truncated version of the received helo name (which is usually >> a domain name of some kind - we truncated by 2 periods. Example: >> mx1.subdomain.test.com becomes test.com) , the real email servers are >> less likely to be tagged as randomizing their helo names, while fake >> servers, which seem to rarely use subdomains on the same network anyway, >> are still filtered out albeit at a slightly lower rate. >> >> In the case of a helo name being an IP address, we added a condition to >> only do the truncation if the last character in the helo name is >> non-numeric so that IPs would still retain all the information. >> >> What do you think about incorporating this change into policyd? >> >> ~Mike
In my scenario, I wouldn't use this function. I use it as is. If you are going to submit a patch, please add a enable/disable feature. I think this is consistent with most of the other features as well within policyd. john ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
