Re: ANN: ReturnPath rule renaming

2021-03-26 Thread John Hardin 

On Fri, 26 Mar 2021, Dave Wreski wrote:


Hi,


   RCVD_IN_RP_CERTIFIED -> RCVD_IN_VALIDITY_CERTIFIED
   RCVD_IN_RP_SAFE -> RCVD_IN_VALIDITY_SAFE
   RCVD_IN_RP_RNBL -> RCVD_IN_VALIDITY_RPBL

Please audit your local config for score overrides and meta rules depending 
on the old names.


I don't see that the VALIDITY rules exist yet. Will they be in tonight's 
update?


The change went in today, they should go through masscheck and be 
published tomorrow.


How do you recommend we manage the period where the old rules with our meta 
rules are not invalidated with the publishing of the new rules?


We could duplicate our rules with the old and new, but just wanted to see if 
there was a plan already for dealing with this.


I'd be a bit surprised if anyone was actually meta'ing them.

It's not a fatal lint error, you only see a warning if you run with -D. 
Duplicating any such rules now and cleaning up in a day or two is probably 
a reasonable approach.



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.org pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  ...to announce there must be no criticism of the President or to
  stand by the President right or wrong is not only unpatriotic and
  servile, but is morally treasonous to the American public.
  -- Theodore Roosevelt, 1918
---
 300 days since the first private commercial manned orbital mission (SpaceX)

Re: ANN: ReturnPath rule renaming

2021-03-26 Thread Dave Wreski 

Hi,


   RCVD_IN_RP_CERTIFIED -> RCVD_IN_VALIDITY_CERTIFIED
   RCVD_IN_RP_SAFE -> RCVD_IN_VALIDITY_SAFE
   RCVD_IN_RP_RNBL -> RCVD_IN_VALIDITY_RPBL

Please audit your local config for score overrides and meta rules 
depending on the old names.


I don't see that the VALIDITY rules exist yet. Will they be in tonight's 
update?


How do you recommend we manage the period where the old rules with our 
meta rules are not invalidated with the publishing of the new rules?


We could duplicate our rules with the old and new, but just wanted to 
see if there was a plan already for dealing with this.


dave

Re: ReturnPath rule renaming

2021-03-26 Thread John Hardin 

On Fri, 26 Mar 2021, Loren Wilton wrote:

In order to bring the SenderScore/ReturnPath DNS reputation and blocklist 
rules up-to-date with their current ownership and administration, the rules 
are being renamed:


  RCVD_IN_RP_CERTIFIED -> RCVD_IN_VALIDITY_CERTIFIED
  RCVD_IN_RP_SAFE -> RCVD_IN_VALIDITY_SAFE
  RCVD_IN_RP_RNBL -> RCVD_IN_VALIDITY_RPBL


John, you might add this text to the comment you made on Bug 6247. I read 
through you comment there, then went and scanned the entire comment stream in 
the bug (most all from 2009) to try to figure out what was being changed, and 
finally came up empty. There was no description of what the ownership change 
was, nor the administration change, nor any mention of what exactly had been 
changed in the rules.


I'll add that, but in my comment is mention of the SVN revision for the 
changes, and in bugzilla that's a hot link. All the changes are there.



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.org pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  ...to announce there must be no criticism of the President or to
  stand by the President right or wrong is not only unpatriotic and
  servile, but is morally treasonous to the American public.
  -- Theodore Roosevelt, 1918
---
 300 days since the first private commercial manned orbital mission (SpaceX)

Re: ReturnPath rule renaming

2021-03-26 Thread Loren Wilton 
In order to bring the SenderScore/ReturnPath DNS reputation and blocklist 
rules up-to-date with their current ownership and administration, the 
rules are being renamed:


  RCVD_IN_RP_CERTIFIED -> RCVD_IN_VALIDITY_CERTIFIED
  RCVD_IN_RP_SAFE -> RCVD_IN_VALIDITY_SAFE
  RCVD_IN_RP_RNBL -> RCVD_IN_VALIDITY_RPBL


John, you might add this text to the comment you made on Bug 6247. I read 
through you comment there, then went and scanned the entire comment stream 
in the bug (most all from 2009) to try to figure out what was being changed, 
and finally came up empty. There was no description of what the ownership 
change was, nor the administration change, nor any mention of what exactly 
had been changed in the rules.


   Loren

CHAOS: Version 1.1.0

2021-03-26 Thread Jared Hall 

A new version of CHAOS.pm is available: https://github.com/telecom2k3/CHAOS

The module can run in Tag mode, AutoISP mode, and Manual mode.  As per 
RW et al, there is greater utility in being able to score the rules.  
Just the ability to name rules for differing Eval conditions is useful.


Uni-Babble rules now fully encompass the LATIN-1 Unicode character sets 
(LATIN-1 and LATIN-1 SUPPLEMENT).  This function should work in any 
North American, South American, Australian, and Western European 
country.  Uni-Babble rules also should work in Israel and all Arabic 
countries, and in Greece.  The Orhodox Slav countries that are Cyrillic 
are also supported.


There is only partial support for LATIN-2 countries (defined by ISO 
8859-2 and ISO 8859-3).  Currently, these countries (Czech, Slovakia, 
Slovenia, Hungary, etc) should increment the UniBabble codeset count by 
1, like from: eval:from_lookalike_unicode(1) to 
eval:from_lookalike_unicode(2) and from eval:subj_lookalike_unicode(1) 
to eval:subj_lookalike_unicode(2).


From the Changelog: https://github.com/telecom2k3/CHAOS/wiki/CHANGELOG


 Version 1.1.0

Released March 26, 2021. "Postreleasem Depression"


 New
 Features

 * Major release.
 * Added {chaos_mode}: Tag, Manual, AutoISP.
 * New Eval: check_to_public_name(), JR_CC_PUB_NONAME, many CC
   recipients without a name.
 * New Eval: check_to_public_name(), JR_TO_PUB_NONAME, many TO
   recipients without a name.
 * New Eval: eval:from_no_vowels(), JR_FROM_NO_VOWEL, From Name has
   words but no vowels.


 
Changed
 Functions

 * Changed mailer_check() to include the PHP Script detection.
 * mailer_check() rules are immutable and will generate Callout scores
   unless in Auto mode.
 * Remove Unbalanced Bracket rule. Callout rule from new
   check_for_brackets() has total count.
 * Rule JR_HAS_MANY_BRACKETS in check_for_brackets() changed to
   JR_SUBJ_BRACKETS in Auto mode.
 * Split Uni-Babble rules up into their individual parts.
 * Added ZIPX detection in Eval: id_attachments().
 * New X-Mailer callouts added to mailer_check()
 * New PHP Scripts added to mailter_check()


 
Uni-Babble
 Fixes

 * Complete integration of the LATIN and LATIN SUPPLEMENTAL codesets
   for Alphabet detection.
 * Fix for incorrect scoring of LATIN SUPPLEMENT characters.
 * Latin Digits can appear in multiple alphabets, so they are now
   ignored when matching Unicode codesets.


 General
 Fixes

 * Fixes for excessive Auto Scoring.
 * Changing references from Self-Scoring to Auto-Scoring.
 * Corrected Description field operation throughout the module.
 * Documentation corrections.
 * Removed timezones from Framed Words/Messages rule.
 * New Admin Fraud messages added.


-- Jared Hall

ANN: ReturnPath rule renaming

2021-03-26 Thread John Hardin 

All:

In order to bring the SenderScore/ReturnPath DNS reputation and blocklist 
rules up-to-date with their current ownership and administration, the 
rules are being renamed:


  RCVD_IN_RP_CERTIFIED -> RCVD_IN_VALIDITY_CERTIFIED
  RCVD_IN_RP_SAFE -> RCVD_IN_VALIDITY_SAFE
  RCVD_IN_RP_RNBL -> RCVD_IN_VALIDITY_RPBL

Please audit your local config for score overrides and meta rules 
depending on the old names.



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.org pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79