Re: updates.spamassassin.org not resolving
My bad, actually thought updates.spamassassin.org was one of the mirrored-by urls but it is sa-update.spamassassin.org > On 23 Jul 2021, at 14:35, Kevin A. McGrail wrote: > > TL;DR: Everything looks good to me.
updates.spamassassin.org not resolving
Hi updates.spamassassin.org is not resolving, tested with various DNS systems. Can the admins please check ? Kind Regards, Andrew
Re: updates.spamassassin.org not resolving
On 2021-07-23 06:54, Benny Pedersen wrote: On 2021-07-23 14:35, Kevin A. McGrail wrote: TL;DR: Everything looks good to me. +1 I think you are just doing DNS calls that are either invalid or look like you are trying to do discovery through recursion. For example: dig -t txt 0.0.4.updates.spamassassin.org [5] @ns2.pccc.com [2] why is specific version needed ?, rules updates works imho with all spamassassin versions if version is used in rule sets ? Today that is true, but as ClamAV has discovered, old versions sometimes behave badly in a way that can generate a lot of pain in the future. Having requests already going to versioned URLs provides a lot of options, for example, asking outdated versions to stay on outdated rulesets: 0.2.3.updates.spamassassin.org. 3600 IN TXT "895075" Which is better than feeding them a ruleset in a format that they won't understand, and can't meaningfully use while the current release gets new rulesets: 0.3.3.updates.spamassassin.org. 3600 IN TXT "1891700"
Re: Matching on X-Spam headers doesn't get a hit
Yea, it was more meant as a "we don't use postfix specifically". My fallback idea was also to do the filtering on the MTA we do use, instead of in SpamAssassin. That was just bad phrasing on my part. Sorry about that :) On 23/07/2021 16.51, jahli...@gmx.ch wrote: Martin, most MTA should have some filter capabilities. Maybe not all MTA have same powerful and efficient ways to perform such checks as postfix has ;-) iirc something like this should work for exim acl_smtp_data = check_message check_message: deny message = 'Outscatter detected' regex = ^X-Spam-Status:: YES accept But I would expect that check going over the whole message (same a the full check in SA) and not so targeted as a postfix header rule Cheers tobi On 7/23/21 11:23 AM, Martin Flygenring wrote: We don't run Postfix here, but we can probably look for it elsewhere in our stack instead. Thanks to everyone that answered :) On 23/07/2021 10.43, Laurent S. wrote: Hi, I know we are on the spamassassin mailing list, but another more radical way to block those is directly in postfix with a header_check before giving it to spamassassin /^X-Spam-Flag: Yes/ REJECT Outscatter /^X-(Spam|AES)-Category: (SPAM|PHISHING)/ REJECT Outscatter But as a forewarning, the rare FPs can get quite frustrating if you use this method. Cheers, Laurent On 22.07.21 21:31, RW wrote: On Thu, 22 Jul 2021 20:09:19 +0300 Henrik K wrote: On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote: On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote: Is there a limitation to SpamAssassin so it doesn't accept looking for the two X-Spam-headers, or can you spot why this rule isn't matching? SA removes all X-Spam-* headers from the message, it's not possible to match on them. ... except with a kludgy full rule that matches the whole pristine message: full X_SPAM_FOOBAR /^X-Spam-Foobar: xyz/m There's no perfect way of doing this. The above has the problem of going through the whole email, including big attachment. It can also match falsely inside the body. The test can be constrained within the headers, but that causes problems with the debug capture. This version captures a lot too much: full X_SPAM_FOOBAR /^(?:.+ )*X-Spam-Foobar: xyz/ This version capture nothing: full X_SPAM_FOOBAR /^(?=(?:.+ )*X-Spam-Foobar: xyz)/ I'd go for the latter. All of the above is untested. -- Martin Flygenring (maf) Systems Engineer, One.com
Re: Matching on X-Spam headers doesn't get a hit
Martin, most MTA should have some filter capabilities. Maybe not all MTA have same powerful and efficient ways to perform such checks as postfix has ;-) iirc something like this should work for exim acl_smtp_data = check_message check_message: deny message = 'Outscatter detected' regex = ^X-Spam-Status:: YES accept But I would expect that check going over the whole message (same a the full check in SA) and not so targeted as a postfix header rule Cheers tobi On 7/23/21 11:23 AM, Martin Flygenring wrote: > We don't run Postfix here, but we can probably look for it elsewhere > in our stack instead. > > > Thanks to everyone that answered :) > > > On 23/07/2021 10.43, Laurent S. wrote: >> Hi, >> >> I know we are on the spamassassin mailing list, but another more radical >> way to block those is directly in postfix with a header_check before >> giving it to spamassassin >> >> /^X-Spam-Flag: Yes/ REJECT Outscatter >> /^X-(Spam|AES)-Category: (SPAM|PHISHING)/ REJECT Outscatter >> >> But as a forewarning, the rare FPs can get quite frustrating if you use >> this method. >> >> Cheers, >> Laurent >> >> On 22.07.21 21:31, RW wrote: >>> On Thu, 22 Jul 2021 20:09:19 +0300 >>> Henrik K wrote: >>> On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote: > On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote: >> Is there a limitation to SpamAssassin so it doesn't accept >> looking for the two X-Spam-headers, or can you spot why this rule >> isn't matching? > SA removes all X-Spam-* headers from the message, it's not possible > to match on them. ... except with a kludgy full rule that matches the whole pristine message: full X_SPAM_FOOBAR /^X-Spam-Foobar: xyz/m >>> There's no perfect way of doing this. The above has the problem of >>> going through the whole email, including big attachment. It can also >>> match falsely inside the body. >>> >>> The test can be constrained within the headers, but that causes >>> problems >>> with the debug capture. >>> >>> This version captures a lot too much: >>> >>> full X_SPAM_FOOBAR /^(?:.+ > )*X-Spam-Foobar: xyz/ >>> >>> This version capture nothing: >>> >>> full X_SPAM_FOOBAR /^(?=(?:.+ > )*X-Spam-Foobar: xyz)/ >>> >>> I'd go for the latter. >>> >>> All of the above is untested. >>> OpenPGP_signature Description: OpenPGP digital signature
Re: updates.spamassassin.org not resolving
On 2021-07-23 14:35, Kevin A. McGrail wrote: TL;DR: Everything looks good to me. +1 I think you are just doing DNS calls that are either invalid or look like you are trying to do discovery through recursion. For example: dig -t txt 0.0.4.updates.spamassassin.org [5] @ns2.pccc.com [2] why is specific version needed ?, rules updates works imho with all spamassassin versions if version is used in rule sets ? ;; ANSWER SECTION: 0.0.4.updates.spamassassin.org [5]. 3600 IN CNAME 3.3.3.updates.spamassassin.org [6]. 3.3.3.updates.spamassassin.org [6]. 3600 IN TXT "1891700" hope 0.0.4 comes out soon so all problems in dns can be solved :=) still see the random dkim fails from fuglu while later testing in spamc/spamd gives pass dns test timeout not waiting for results ? to low ttl on origin zone for dkim domain, i cant figure out why yet
Re: updates.spamassassin.org not resolving
> updates.spamassassin.org gives no data, because it's empty: ouch, my bad. I would have expected NXDOMAIN for non existing, but just an 'empty' reply, because it exists but does not contain any RR is not what I expected. Then I tripped over the recursion warning. -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __
Re: updates.spamassassin.org not resolving
On 23.07.21 13:58, Andrew Colin Kissa wrote: updates.spamassassin.org is not resolving, tested with various DNS systems. Can the admins please check ? updates.spamassassin.org gives no data, because it's empty: % dig any updates.spamassassin.org @b.auth-ns.sonic.net. ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> any updates.spamassassin.org @b.auth-ns.sonic.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18417 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;updates.spamassassin.org. IN ANY ;; AUTHORITY SECTION: spamassassin.org. 3600IN SOA ns2.pccc.com. pmc.spamassassin.apache.org. 2021072305 7200 3600 604800 3600 ;; Query time: 130 msec ;; SERVER: 184.173.92.18#53(184.173.92.18) it has subdomains that do exist and have data tho. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows."
Re: updates.spamassassin.org not resolving
TL;DR: Everything looks good to me. I think you are just doing DNS calls that are either invalid or look like you are trying to do discovery through recursion. For example: dig -t txt 0.0.4.updates.spamassassin.org @ns2.pccc.com ;; ANSWER SECTION: 0.0.4.updates.spamassassin.org. 3600 IN CNAME 3.3.3.updates.spamassassin.org. 3.3.3.updates.spamassassin.org. 3600 IN TXT "1891700" Try that specific dig which would be an example of a real dig needed for an sa-update or something like an SOA pull, for example: dig -t soa spamassassin.org @ns2.pccc.com ;; ANSWER SECTION: spamassassin.org. 3600IN SOA ns2.pccc.com. pmc.spamassassin.apache.org. 2021072305 7200 3600 604800 3600 Regards, KAM -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Fri, Jul 23, 2021 at 8:26 AM Kevin A. McGrail wrote: > Let me take a look ASAP. > > On Fri, Jul 23, 2021, 08:03 Benoît Panizzon > wrote: > >> Hi Andrew >> >> dig + trace leads to primary DNS Server: >> >> spamassassin.org. 3600IN SOA ns2.pccc.com. >> pmc.spamassassin.apache.org. 2021072305 7200 3600 604800 3600 >> >> as published in the SOA record. >> >> BUT: >> >> ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ANY >> updates.spamassassin.org @ns2.pccc.com. ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3724 >> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 >> ;; WARNING: recursion requested but not available >> >> Looks that zone is NOT available on that primary DNS Server as my >> request is being denied because it is 'recursive'. >> >> Did they forget to pay? :-) >> >> -- >> Mit freundlichen Grüssen >> >> -Benoît Panizzon- @ HomeOffice und normal erreichbar >> -- >> I m p r o W a r e A G-Leiter Commerce Kunden >> __ >> >> Zurlindenstrasse 29 Tel +41 61 826 93 00 >> CH-4133 PrattelnFax +41 61 826 93 01 >> Schweiz Web http://www.imp.ch >> __- >> >
Re: updates.spamassassin.org not resolving
Let me take a look ASAP. On Fri, Jul 23, 2021, 08:03 Benoît Panizzon wrote: > Hi Andrew > > dig + trace leads to primary DNS Server: > > spamassassin.org. 3600IN SOA ns2.pccc.com. > pmc.spamassassin.apache.org. 2021072305 7200 3600 604800 3600 > > as published in the SOA record. > > BUT: > > ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ANY > updates.spamassassin.org @ns2.pccc.com. ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3724 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > Looks that zone is NOT available on that primary DNS Server as my > request is being denied because it is 'recursive'. > > Did they forget to pay? :-) > > -- > Mit freundlichen Grüssen > > -Benoît Panizzon- @ HomeOffice und normal erreichbar > -- > I m p r o W a r e A G-Leiter Commerce Kunden > __ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 PrattelnFax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > __ >
Re: updates.spamassassin.org not resolving
Hi Andrew dig + trace leads to primary DNS Server: spamassassin.org. 3600IN SOA ns2.pccc.com. pmc.spamassassin.apache.org. 2021072305 7200 3600 604800 3600 as published in the SOA record. BUT: ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ANY updates.spamassassin.org @ns2.pccc.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3724 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available Looks that zone is NOT available on that primary DNS Server as my request is being denied because it is 'recursive'. Did they forget to pay? :-) -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __
Re: CHAOS: v1.2.2: Of Documentation
On Fri, 2021-07-23 at 19:49 +1000, Noel Butler wrote: > I've still yet to see a list post explaining what this thing does > so no he has not answered all questions about it, the most common sense > thing of all time is if you advertise your wares, you at least tell > people WTF it does, you don't send them to some web site to find out > (which as some posters have indicated apparently does not even tell > you). > Yes, that is the same problem I have. I understand that CHAOS generates rules and has fancy ways of setting their scores but I've yet to understand: - why it was developed in the first place, i.e. what problem(s) does it solve that manually written rules fail to address? - what are its design principles? - what do its generated rules do that that can't be done with manually written rules? - how, if at all, does it test the rules it writes and what does it do with rules that either don't work as intended or hit ham instead of spam? - does it accept human input about what is spam and what is ham and if so, how is this input provided, maintained, and stored for future reference? IOW: - is it working entirely from messages found in the incoming mail stream? - what about the outbound mail stream? - does it use mail archives or spam collections to test the rules it generates Martin
Re: CHAOS: v1.2.2: Of Documentation
On Fri, Jul 23, 2021 at 08:16:56AM +0300, Henrik K wrote: > > > 2C) The initial release of CHAOS.pm did all kinds of scoring. One of the > > knocks I have about SpamAssassin is that is does not maintain counts of > > hits. > > My complaints about this go all the way back to 2010. Counts and Amounts. > > SA > > is great with Amounts. It sucks with Counts. To the SA Development crew's > > credit, somewhere along the way, tflags were added to allow that > > functionality > > in a very primitive fashion. Many people are happy with that. I'm just not > > one of them. > > ... > > I read somewhere, while looking at META rules that SA internally builds an > > array of the rules hit. That way, as rules hit, METAs are then > > appropriately > > updated. Gee, an array. Maybe we could add a count to that array if the > > user > > wishes to? I think that it is a lot of development; not so much the actual > > process of doing it, but updating all the User handling thereof. Alas, It > > is > > what it is *SIGH* > > There's zero actual information here. What exactly are you finding hard to > "count"? Looking at the emoji code for example, you are doing all sorts of funny stuff like creating dynamic rules with count names "The rulename, JR_SUBJ_EMOJIS or is appended with an "_$count" whose score is 0.01. Example: YOUR_RULENAME_3. The rule's description will reflect the number of Emojis found." This is not really how SA is supposed to be used (even though it's possible). It's just complex and confusing. Normal way is calling the eval function multiple times with the parameters you want to check, there's many examples in the stock rules: body HTML_OBFUSCATE_05_10 eval:html_range('obfuscation_ratio','.05','.1') body HTML_OBFUSCATE_10_20 eval:html_range('obfuscation_ratio','.1','.2')
Re: CHAOS: v1.2.2: Of Documentation
On 23/07/2021 18:01, Simon Wilson wrote: - Message from Jared Hall - Date: Fri, 23 Jul 2021 00:07:52 -0400 From: Jared Hall Subject: CHAOS: v1.2.2: Of Documentation To: users@spamassassin.apache.org Simon Wilson wrote: could you, please, finally, describe what does this module do, here to the list and/or to the wiki? the description there is too hard to understand, epecially at the beginning, and I couldn't force myself to understand it (multiple times). Maybe you should start with the easy parts and follow with those more compliated functionality, because I feel the description starts with thelatter. I'm guessing from the silence in response that this will remain a mystery. Simon. ___ Simon Wilson M: 0400 12 11 16 Reads perfectly well to me. I guess to be compatible with any other plugin, I must delete all documentation entirely :) No - but perhaps a start would be to *really* listen when people ask questions demonstrating you are not as good as you think you are at writing things which make sense to people other than yourself. Seriously, every single rule that this module can generate is listed. That's a good start, comparatively. I answer, and have answered, all questions regarding this module. Again no. Perhaps not all mailing list emails make it through the module... I've still yet to see a list post explaining what this thing does so no he has not answered all questions about it, the most common sense thing of all time is if you advertise your wares, you at least tell people WTF it does, you don't send them to some web site to find out (which as some posters have indicated apparently does not even tell you). I wont comment on the rest of his trash talk, based on his useless smart arse replies, I don't care what this thing does we wont be touching it due to his childish pathetic attitude, for all we know it's malware. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Matching on X-Spam headers doesn't get a hit
We don't run Postfix here, but we can probably look for it elsewhere in our stack instead. Thanks to everyone that answered :) On 23/07/2021 10.43, Laurent S. wrote: Hi, I know we are on the spamassassin mailing list, but another more radical way to block those is directly in postfix with a header_check before giving it to spamassassin /^X-Spam-Flag: Yes/ REJECT Outscatter /^X-(Spam|AES)-Category: (SPAM|PHISHING)/ REJECT Outscatter But as a forewarning, the rare FPs can get quite frustrating if you use this method. Cheers, Laurent On 22.07.21 21:31, RW wrote: On Thu, 22 Jul 2021 20:09:19 +0300 Henrik K wrote: On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote: On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote: Is there a limitation to SpamAssassin so it doesn't accept looking for the two X-Spam-headers, or can you spot why this rule isn't matching? SA removes all X-Spam-* headers from the message, it's not possible to match on them. ... except with a kludgy full rule that matches the whole pristine message: full X_SPAM_FOOBAR /^X-Spam-Foobar: xyz/m There's no perfect way of doing this. The above has the problem of going through the whole email, including big attachment. It can also match falsely inside the body. The test can be constrained within the headers, but that causes problems with the debug capture. This version captures a lot too much: full X_SPAM_FOOBAR /^(?:.+\n)*X-Spam-Foobar: xyz/ This version capture nothing: full X_SPAM_FOOBAR /^(?=(?:.+\n)*X-Spam-Foobar: xyz)/ I'd go for the latter. All of the above is untested. -- Martin Flygenring (maf) Systems Engineer, One.com
Re: Matching on X-Spam headers doesn't get a hit
Hi, I know we are on the spamassassin mailing list, but another more radical way to block those is directly in postfix with a header_check before giving it to spamassassin /^X-Spam-Flag: Yes/ REJECT Outscatter /^X-(Spam|AES)-Category: (SPAM|PHISHING)/ REJECT Outscatter But as a forewarning, the rare FPs can get quite frustrating if you use this method. Cheers, Laurent On 22.07.21 21:31, RW wrote: > On Thu, 22 Jul 2021 20:09:19 +0300 > Henrik K wrote: > >> On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote: >>> On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote: Is there a limitation to SpamAssassin so it doesn't accept looking for the two X-Spam-headers, or can you spot why this rule isn't matching? >>> >>> SA removes all X-Spam-* headers from the message, it's not possible >>> to match on them. >> >> ... except with a kludgy full rule that matches the whole pristine >> message: >> >> full X_SPAM_FOOBAR /^X-Spam-Foobar: xyz/m > > There's no perfect way of doing this. The above has the problem of > going through the whole email, including big attachment. It can also > match falsely inside the body. > > The test can be constrained within the headers, but that causes problems > with the debug capture. > > This version captures a lot too much: > > full X_SPAM_FOOBAR /^(?:.+\n)*X-Spam-Foobar: xyz/ > > This version capture nothing: > > full X_SPAM_FOOBAR /^(?=(?:.+\n)*X-Spam-Foobar: xyz)/ > > I'd go for the latter. > > All of the above is untested. >
Re: CHAOS: v1.2.2: Of Documentation
- Message from Jared Hall - Date: Fri, 23 Jul 2021 00:07:52 -0400 From: Jared Hall Subject: CHAOS: v1.2.2: Of Documentation To: users@spamassassin.apache.org Simon Wilson wrote: could you, please, finally, describe what does this module do, here to the list and/or to the wiki? the description there is too hard to understand, epecially at the beginning, and I couldn't force myself to understand it (multiple times). Maybe you should start with the easy parts and follow with those more compliated functionality, because I feel the description starts with thelatter. I'm guessing from the silence in response that this will remain a mystery. Simon. ___ Simon Wilson M: 0400 12 11 16 Reads perfectly well to me. I guess to be compatible with any other plugin, I must delete all documentation entirely :) No - but perhaps a start would be to *really* listen when people ask questions demonstrating you are not as good as you think you are at writing things which make sense to people other than yourself. Seriously, every single rule that this module can generate is listed. That's a good start, comparatively. I answer, and have answered, all questions regarding this module. Again no. Perhaps not all mailing list emails make it through the module... Open-ended questions, or questions that are vague and ambiguous, are ignored. For instance, "Maybe you should start with easy parts"? OK, what's easy? I'm reminded of an old Star Trek episode where Dr. McCoy is reattaching Spock's brain. "It's so easy. A child can do it", he muses. Questions have value. Statements less so. Like that one? This module has some unique stuff that CANNOT be done in a pure SpamAssassin environment. It also has stuff that can be replicated using standard rules. 1) The module, if installed and using the config file as is, does no harm at all. It will merely generate rules based upon what it finds. These are all scored at the low rate of 0.01. It's up to the user to decide what to with them. They can wrap up a generated rule in a meta rule. Example: meta JR_HATES_BEENTHERE (JR_X_BEENTHERE) score JR_HATES_BEENTHERE 8.0 || 2) Via a configuration file option, "chaos_mode", the module can be set to automatically score its rules. chaos_mode AutoISP It will still run along with existing files, cranking out higher scores for those rules marked with an asterisk. That is still probably acceptable for most people. But it can cause problems. The popular KAM ruleset scores SendGrid Emails with a high value. Mine is split into two different values that are scored differently. While they are both lower than KAM's, combined, I see that as a potential problem. I have no knowledge of what somebody's rules are at any given moment. Caveat Emptor. There I go again with the Latin :) 2A) What values do I set for these rules? As a percentage of another configuration file option, "chaos_tag": chaos_tag 7 Per the example above JR_X_BEENTHERE is a rule that is Auto-Scored. If you lower the chaos_tag value, the score for this rule would be reduced. If I increase the chaos_tag value, the score produced by this rule is raised. 2B) The AutoISP mode, as is, should be fine for anybody running a spam tag level of 8 to 12. 2C) The initial release of CHAOS.pm did all kinds of scoring. One of the knocks I have about SpamAssassin is that is does not maintain counts of hits. My complaints about this go all the way back to 2010. Counts and Amounts. SA is great with Amounts. It sucks with Counts. To the SA Development crew's credit, somewhere along the way, tflags were added to allow that functionality in a very primitive fashion. Many people are happy with that. I'm just not one of them. I read somewhere, while looking at META rules that SA internally builds an array of the rules hit. That way, as rules hit, METAs are then appropriately updated. Gee, an array. Maybe we could add a count to that array if the user wishes to? I think that it is a lot of development; not so much the actual process of doing it, but updating all the User handling thereof. Alas, It is what it is *SIGH* 2D) One thing about running AutoISP mode is that you can change a Rule's name in the configuration file and not matter what, you'll get the Rulename that's hard-coded into the program. When a Eval plugin function is called, SA passes the rule name to the plugin. Most plugins just ignore it, and simply return a Hit/Miss value for the Rulename. I ignore that completely. 2E) When I first released CHAOS, all it did was Automatic Scoring. And I used all kinds of fancy algorithms, even logarithmic, to demonstrate that. That was pointless, as many pointed out at the time. I don't do that stuff anymore. 2F) Still, as is, AutoISP will still work great for most people. 3) As the first release of C