Re: Custom rule based on AWL score
On 24/10/16 16:46, John Hardin wrote: Paul: I haven't looked at the plugin myself yet, but here's a suggestion: have a mode where you can mark a RE as capturing a numeric value, and the rule's hit value is the value that the RE captured. This would (for example) let the AWL/TXREP mean be captured in a way it could be compared using gt/lt in a meta. Perhaps: tagcapnum __TXREP_IP_MEAN_TXREP_IP_MEAN_ /^(-?[\d]+(?:\.\d+)?)$/ metaTAGMATCH_TXREP_IP_HIGHSCORE __TXREP_IP_MEAN > 5.0 describeTAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large score TAGMATCH_TXREP_IP_HIGHSCORE 0.1 (...this sort of thing might be really useful as a general purpose rule type in base SA too...) Hmm doesn't look like this would be possible with minus (-) numbers unless I'm reading the PMS src wrong :/ Paul -- Paul Stead Systems Engineer Zen Internet
Re: Custom rule based on AWL score
On 24/10/16 16:46, John Hardin wrote: Paul: I haven't looked at the plugin myself yet, but here's a suggestion: have a mode where you can mark a RE as capturing a numeric value, and the rule's hit value is the value that the RE captured. This would (for example) let the AWL/TXREP mean be captured in a way it could be compared using gt/lt in a meta. Perhaps: tagcapnum __TXREP_IP_MEAN_TXREP_IP_MEAN_ /^(-?[\d]+(?:\.\d+)?)$/ metaTAGMATCH_TXREP_IP_HIGHSCORE __TXREP_IP_MEAN > 5.0 describeTAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large score TAGMATCH_TXREP_IP_HIGHSCORE 0.1 (...this sort of thing might be really useful as a general purpose rule type in base SA too...) Thanks for the suggestion John - this looks like an elegant solution to the problem, I'll look into this at some point soon. Paul -- Paul Stead Systems Engineer Zen Internet
Re: Custom rule based on AWL score
On Mon, 24 Oct 2016, SimpleRezo wrote: So, to the OP: try the tagmatch plugin to look at where _AWLMEAN_ is (e.g.) <= -1 and _AWLCOUNT_ is greater than (e.g.) 10 and that may get you what you want for a meta to use with the rules you want to control. Thank you Paul & John, it looks like I will be able to achieve what I want with tagmatch & _AWL* tags ! Paul, will be awesome to be able to do gt/lt (of course for now I can deal with regexp to achieve this) Paul: I haven't looked at the plugin myself yet, but here's a suggestion: have a mode where you can mark a RE as capturing a numeric value, and the rule's hit value is the value that the RE captured. This would (for example) let the AWL/TXREP mean be captured in a way it could be compared using gt/lt in a meta. Perhaps: tagcapnum __TXREP_IP_MEAN_TXREP_IP_MEAN_ /^(-?[\d]+(?:\.\d+)?)$/ metaTAGMATCH_TXREP_IP_HIGHSCORE __TXREP_IP_MEAN > 5.0 describeTAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large score TAGMATCH_TXREP_IP_HIGHSCORE 0.1 (...this sort of thing might be really useful as a general purpose rule type in base SA too...) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- When designing software, any time you think to yourself "a user would never be stupid enough to do *that*", you're wrong. --- 307 days since the first successful real return to launch site (SpaceX)
Re: Custom rule based on AWL score
>So, to the OP: try the tagmatch plugin to look at where _AWLMEAN_ is >(e.g.) <= -1 and _AWLCOUNT_ is greater than (e.g.) 10 and that may get you >what you want for a meta to use with the rules you want to control. Thank you Paul & John, it looks like I will be able to achieve what I want with tagmatch & _AWL* tags ! Paul, will be awesome to be able to do gt/lt (of course for now I can deal with regexp to achieve this) -- SimpleRezo https://www.simplerezo.com/ - -- SimpleRezo http://www.simplerezo.com/ -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123131.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Custom rule based on AWL score
On Fri, 21 Oct 2016, Paul Stead wrote: On 21/10/16 18:40, Paul Stead wrote: On 21/10/16 16:22, John Hardin wrote: > I was going to say: you can't write a rule based on the *current* AWL > adjustment because that's calculated after all the rules have hit. But > SA *could* potentially have a rule that checks the current historical > average that AWL uses... > > I suggest you file a New Feature bug to expose a mechanism to use the > current AWL average (not the per-message adjustment) in a rule. Yikes, sorry in my haste I didn't read *AWL* https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_AWL.html#template_tags So, to the OP: try the tagmatch plugin to look at where _AWLMEAN_ is (e.g.) <= -1 and _AWLCOUNT_ is greater than (e.g.) 10 and that may get you what you want for a meta to use with the rules you want to control. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The third basic rule of firearms safety: Keep your booger hook off the bang switch! --- 304 days since the first successful real return to launch site (SpaceX)
Re: Custom rule based on AWL score
On 21/10/16 18:40, Paul Stead wrote: On 21/10/16 16:22, John Hardin wrote: I was going to say: you can't write a rule based on the *current* AWL adjustment because that's calculated after all the rules have hit. But SA *could* potentially have a rule that checks the current historical average that AWL uses... I suggest you file a New Feature bug to expose a mechanism to use the current AWL average (not the per-message adjustment) in a rule. Yikes, sorry in my haste I didn't read *AWL* https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_AWL.html#template_tags Paul -- Paul Stead Systems Engineer Zen Internet
Re: Custom rule based on AWL score
On 21/10/16 18:53, Paul Stead wrote: tagmatch TAGMATCH_TXREP_IP_LOWSCORE _TXREP_IP_MEAN_ /^\-[0-9]{2,}(?:\.[0-9]+)?$/ describe TAGMATCH_TXREP_IP_LOWSCORE TxRep mean score quite low scoreTAGMATCH_TXREP_IP_HIGHSCORE -0.1 Also - typo on score rulename! -- Paul Stead Systems Engineer Zen Internet
Re: Custom rule based on AWL score
On 21/10/16 18:40, Paul Stead wrote: A plugin I've developed could be handy here: https://github.com/fmbla/spamassassin-tagmatch tagmatch TAGMATCH_TXREP_IP_HIGHSCORE _TXREP_IP_MEAN_ /^[1-9][0-9]+(?:\.[0-9]+)?$/ describe TAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large scoreTAGMATCH_TXREP_IP_HIGHSCORE 0.1 tagmatch TAGMATCH_TXREP_IP_LOWSCORE _TXREP_IP_MEAN_ /^\-[0-9]{2,}(?:\.[0-9]+)?$/ describe TAGMATCH_TXREP_IP_LOWSCORE TxRep mean score quite low scoreTAGMATCH_TXREP_IP_HIGHSCORE -0.1 tagmatch TAGMATCH_TXREP_IP_UNKNOWN _TXREP_IP_UNKNOWN_ /^1$/ describe TAGMATCH_TXREP_IP_UNKNOWN IP unknown to TxRep scoreTAGMATCH_TXREP_IP_UNKNOWN 0.1 As an aside - this alone shouldn't be used to blacklist/whitelist as the mean doesn't take into account the number of emails it's seen, maybe meta a few tag matches together tagmatch __TAGMATCH_TXREP_IP_COUNT_LOTS _TXREP_IP_COUNT_ /^[1-9][0-9]{2,}$/ tagmatch __TAGMATCH_TXREP_IP_HIGHSCORE _TXREP_IP_MEAN_ /^[1-9][0-9]+(?:\.[0-9]+)?$/ Will work - I don't have gt/lt functions built in yet, if people think it worth it I'll have a play after the weekend Paul -- Paul Stead Systems Engineer Zen Internet
Re: Custom rule based on AWL score
On 21/10/16 16:22, John Hardin wrote: I was going to say: you can't write a rule based on the *current* AWL adjustment because that's calculated after all the rules have hit. But SA *could* potentially have a rule that checks the current historical average that AWL uses... I suggest you file a New Feature bug to expose a mechanism to use the current AWL average (not the per-message adjustment) in a rule. A plugin I've developed could be handy here: https://github.com/fmbla/spamassassin-tagmatch tagmatch TAGMATCH_TXREP_IP_HIGHSCORE _TXREP_IP_MEAN_ /^[1-9][0-9]+(?:\.[0-9]+)?$/ describe TAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large scoreTAGMATCH_TXREP_IP_HIGHSCORE 0.1 tagmatch TAGMATCH_TXREP_IP_LOWSCORE _TXREP_IP_MEAN_ /^\-[0-9]{2,}(?:\.[0-9]+)?$/ describe TAGMATCH_TXREP_IP_LOWSCORE TxRep mean score quite low scoreTAGMATCH_TXREP_IP_HIGHSCORE -0.1 tagmatch TAGMATCH_TXREP_IP_UNKNOWN _TXREP_IP_UNKNOWN_ /^1$/ describe TAGMATCH_TXREP_IP_UNKNOWN IP unknown to TxRep scoreTAGMATCH_TXREP_IP_UNKNOWN 0.1 You can use the other TXREP Tags of course (and any other tags provided by plugins): https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_TxRep.html#template_tags Paul -- Paul Stead Systems Engineer Zen Internet
Re: Custom rule based on AWL score
On Fri, 21 Oct 2016, Axb wrote: On 10/21/2016 04:43 PM, Bill Cole wrote: The blocker to that approach has already been stated: they have no mechanism for users to add their contacts to the SA static whitelist. Imo, this you'd normally do at MTA and/or glue level to bypass expensive SA content scanning and save time & cycles. +1 -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Anyone who uses the word "profit" as a dirty word should be watched very, very carefully. If they hate the idea of gain through free trade it can only mean that they’re looking to get it through robbery. -- Lyle@Ultimak --- 304 days since the first successful real return to launch site (SpaceX)
Re: Custom rule based on AWL score
On Fri, 21 Oct 2016, Kevin Golding wrote: On Fri, 21 Oct 2016 11:48:41 +0100, simplerezo wrote: > very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for example, send me invoices as zip attachment (yes, there is some big company that are actually sending invoice that way...). You can hook into the AWL database pretty easily. I used to run a plugin that did similar to what you're trying to achieve that just polled the AWL database and set a flag to trigger a rule with a static score - then you can go meta crazy with it. I was going to say: you can't write a rule based on the *current* AWL adjustment because that's calculated after all the rules have hit. But SA *could* potentially have a rule that checks the current historical average that AWL uses... I suggest you file a New Feature bug to expose a mechanism to use the current AWL average (not the per-message adjustment) in a rule. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Precision mis-clicks since 1994! --- 304 days since the first successful real return to launch site (SpaceX)
Re: Custom rule based on AWL score
On 10/21/2016 04:43 PM, Bill Cole wrote: The blocker to that approach has already been stated: they have no mechanism for users to add their contacts to the SA static whitelist. Imo, this you'd normally do at MTA and/or glue level to bypass expensive SA content scanning and save time & cycles. Axb
Re: Custom rule based on AWL score
On 20 Oct 2016, at 12:14, Ian Zimmerman wrote: Whitelisted senders get a _huge_ bonus (I think it's 100 points by default, maybe customizable), so they won't be affected if you do it right. The blocker to that approach has already been stated: they have no mechanism for users to add their contacts to the SA static whitelist. The problem with using the AWL or TxRep databases for this is that they cut both ways and are TOO automatic. This is a legitimate need that lacks a really good solution inside SpamAssassin because it needs to draw on end-user knowledge to exempt specific messages from exterior border filtering. The canonical solution would be to give users a way to feed their important contacts into a static whitelist but as far as I know, there's no widely-used tool for doing that with SA. Everyone seems to build their own idiosyncratic mechanisms for user feedback or they have none. If one has an existing mechanism for automating user feedback of missed spam into the BayesDB, it could in principle be inverted to let users report mail that should be learned as ham, but that's not really ideal for this case because the problem is in content patterns that are common between the most valuabler and most dangerous messages. Learning a lot of legitimate invoices or other important mail as ham will help the best-crafted spear-phishing messages as well. Also, this is a bit hypothetical given how many users just don't bother with feedback tools or misreport messages. An alternative (imperfect) approach would be to use a meta rule making the anti-phish local rules strong only if a message lacks trustworthy authentication, e.g. DKIM_VALID_AU. Obviously this will catch legitimate but unsigned mail, however as long as one either tags and delivers spam or rejects it in SMTP, that will provide notice and incentive to get legitimate correspondents to sign their mail. In principle it would be wise for everyone to encrypt all high-value mail, but that's probably too high a bar to require for most businesses. I've seen that tried to some degree, requiring anyone invoicing via email to encrypt invoice mail, but it largely pushed vendors back to postal and non-email electronic mechanisms rather than got them to behave securely.
Re: Custom rule based on AWL score
On 10/21/2016 6:48 AM, simplerezo wrote: it also helps frequent spammers known to spam to prevent false negative. Absolutely. very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for example, send me invoices as zip attachment (yes, there is some big company that are actually sending invoice that way...). So the spammer who has previously been sending spams with an average score of 6 now sends one scoring 10. AWL assigns a score of -2 and you allow it through. Sender sends a more spammy message than usual = negative AWL score Sender sends a less spammy message than usual = positive AWL score The AWL score has *NOTHING* to do with the reputation of the sender. It is based on the difference between the current score and the sender's previous average score. It sounds like what you really want is to get the AWL average for the current sender. You may be able to pull that from the AWL database with a plugin, but this is not the same thing as the score. -- Bowie
Re: Custom rule based on AWL score
On Fri, 21 Oct 2016 11:48:41 +0100, simplerezo wrote: very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for example, send me invoices as zip attachment (yes, there is some big company that are actually sending invoice that way...). You can hook into the AWL database pretty easily. I used to run a plugin that did similar to what you're trying to achieve that just polled the AWL database and set a flag to trigger a rule with a static score - then you can go meta crazy with it.
Re: R: Custom rule based on AWL score
On 20/10/16 17:44, Nicola Piazzi wrote: Why not try my powerful plugin to reduce score of known users ? Is based on people that answer to us and in my case, after 3 week of learning, it HIT 70% of incoming messages that are absolutely ham Looks really interesting. How it behaves in ipv6 environment? Given that it tries to extract C class from IP address. Will it just silently skip the check or crash miserably? k.
Re: Custom rule based on AWL score
On Fri, 21 Oct 2016 03:48:41 -0700 (MST) simplerezo wrote: > > it also helps frequent spammers known to spam to prevent false > > negative. > > Absolutely. > > > very unknown users can't by definition hit AWL. > > That's why my wanted rule is score(AWL) > -1 : all users that have > not yet send enough not-spam mails can not, for example, send me > invoices as zip attachment (yes, there is some big company that are > actually sending invoice that way...). Spam that hits AWL can have a negative AWL score too. It may be that more ham than spam hits AWL, but you can't infer anything from the rule's score. > I'm not a huge-fan of whitelist, because: >- contrary of AWL (address + IP), it only rely on sending > address... and as everyone knows, that's definitely not something > very trustable ; It's actually the other way around. There are whitelists based on dkim and spf which are very hard to beat. AWL uses the first IP address which can be forged. A lot of people switched to the TxRep plugin for that reason.
Re: Custom rule based on AWL score
> it also helps frequent spammers known to spam to prevent false negative. Absolutely. > very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for example, send me invoices as zip attachment (yes, there is some big company that are actually sending invoice that way...). I'm not a huge-fan of whitelist, because: - contrary of AWL (address + IP), it only rely on sending address... and as everyone knows, that's definitely not something very trustable ; - this requires my users to configure this, and most of them are already finding IT too much complicated :) -- Clement SimpleRezo http://www.simplerezo.com/ -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123102.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Custom rule based on AWL score
On 20.10.16 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. it also helps frequent spammers known to spam to prevent false negative. That's exactly what I want to rely on for my rules: adding score for mail with "invoice" pretention and an attachment but only for very unknown users (or spammers). very unknown users can't by definition hit AWL. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Quantum mechanics: The dreams stuff is made of.
Re: Custom rule based on AWL score
On Thu, 20 Oct 2016, Bowie Bailey wrote: On 10/20/2016 12:55 PM, David B Funk wrote: On Thu, 20 Oct 2016, John Hardin wrote: > On Thu, 20 Oct 2016, Ian Zimmerman wrote: > > > On 2016-10-20 08:34, simplerezo wrote: > > > > > My understanding is that AWL is helping frequent senders who are > > > known > > > to not send spam to "reduce" their spam score, preventing false > > > positive. That's exactly what I want to rely on for my rules: adding > > > score for mail with "invoice" pretention and an attachment but only > > > for very unknown users (or spammers). > > > > Just add your custom rules globally, with reasonable scores. > > > > Whitelisted senders get a _huge_ bonus (I think it's 100 points by > > default, maybe customizable), so they won't be affected if you do it > > right. > > ITYM -100 points. :) > > Small but important detail... :) which is why I like the "dev_whitelist*" variety. They have a value of -7.5 (instead of that -100 sledgehammer) which is usually enough to get legit mail thru but not enough to swamp out a major rules hit on real spam (which happens to get issued by the people you're trying to protect). EG: def_whitelist_auth *@nih.gov Interesting, but completely irrelevant here since we're talking about AWL and *not* the normal whitelist rules. AWL scores are dynamic and can be either positive or negative. Yes but the OP's problem would *probably* be addressed by whitelisting the senders rather than trying to ignore specific rules based on AWL, which cannot at present be done. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A superior gunman is one who uses his superior judgment to keep himself out of situations that would require the use of his superior skills. --- 303 days since the first successful real return to launch site (SpaceX)
Re: Custom rule based on AWL score
On 10/20/2016 12:55 PM, David B Funk wrote: On Thu, 20 Oct 2016, John Hardin wrote: On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. That's exactly what I want to rely on for my rules: adding score for mail with "invoice" pretention and an attachment but only for very unknown users (or spammers). Just add your custom rules globally, with reasonable scores. Whitelisted senders get a _huge_ bonus (I think it's 100 points by default, maybe customizable), so they won't be affected if you do it right. ITYM -100 points. :) Small but important detail... :) which is why I like the "dev_whitelist*" variety. They have a value of -7.5 (instead of that -100 sledgehammer) which is usually enough to get legit mail thru but not enough to swamp out a major rules hit on real spam (which happens to get issued by the people you're trying to protect). EG: def_whitelist_auth *@nih.gov Interesting, but completely irrelevant here since we're talking about AWL and *not* the normal whitelist rules. AWL scores are dynamic and can be either positive or negative. -- Bowie
Re: R: Custom rule based on AWL score
On 10/20/2016 06:44 PM, Nicola Piazzi wrote: Why not try my powerful plugin to reduce score of known users ? Is based on people that answer to us and in my case, after 3 week of learning, it HIT 70% of incoming messages that are absolutely ham http://saplugin.16mb.com/ If you mean your OW plugin The fact that "It can be used ONLY when the spamassassin installation is in the same smarthost that deliver both incoming and outgoing emails." rules out its usage in many larger setups. Pity... Axv
Re: Custom rule based on AWL score
On Thu, 20 Oct 2016, John Hardin wrote: On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. That's exactly what I want to rely on for my rules: adding score for mail with "invoice" pretention and an attachment but only for very unknown users (or spammers). Just add your custom rules globally, with reasonable scores. Whitelisted senders get a _huge_ bonus (I think it's 100 points by default, maybe customizable), so they won't be affected if you do it right. ITYM -100 points. :) Small but important detail... :) which is why I like the "dev_whitelist*" variety. They have a value of -7.5 (instead of that -100 sledgehammer) which is usually enough to get legit mail thru but not enough to swamp out a major rules hit on real spam (which happens to get issued by the people you're trying to protect). EG: def_whitelist_auth *@nih.gov -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{
R: Custom rule based on AWL score
Why not try my powerful plugin to reduce score of known users ? Is based on people that answer to us and in my case, after 3 week of learning, it HIT 70% of incoming messages that are absolutely ham http://saplugin.16mb.com/ Nicola Piazzi CED - Sistemi COMET s.p.a. Via Michelino, 105 - 40127 Bologna - Italia Tel. +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it -Messaggio originale- Da: John Hardin [mailto:jhar...@impsec.org] Inviato: giovedì 20 ottobre 2016 18:36 A: users@spamassassin.apache.org Oggetto: Re: Custom rule based on AWL score On Thu, 20 Oct 2016, Ian Zimmerman wrote: > On 2016-10-20 08:34, simplerezo wrote: > >> My understanding is that AWL is helping frequent senders who are >> known to not send spam to "reduce" their spam score, preventing false >> positive. That's exactly what I want to rely on for my rules: adding >> score for mail with "invoice" pretention and an attachment but only >> for very unknown users (or spammers). > > Just add your custom rules globally, with reasonable scores. > > Whitelisted senders get a _huge_ bonus (I think it's 100 points by > default, maybe customizable), so they won't be affected if you do it > right. ITYM -100 points. :) Small but important detail... :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- No representation without taxation! --- 303 days since the first successful real return to launch site (SpaceX)
Re: Custom rule based on AWL score
On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. That's exactly what I want to rely on for my rules: adding score for mail with "invoice" pretention and an attachment but only for very unknown users (or spammers). Just add your custom rules globally, with reasonable scores. Whitelisted senders get a _huge_ bonus (I think it's 100 points by default, maybe customizable), so they won't be affected if you do it right. ITYM -100 points. :) Small but important detail... :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- No representation without taxation! --- 303 days since the first successful real return to launch site (SpaceX)
Re: Custom rule based on AWL score
On Thu, 20 Oct 2016 08:34:04 -0700 (MST) simplerezo wrote: > My understanding is that AWL is helping frequent senders who are > known to not send spam to "reduce" their spam score, preventing false > positive. Which is why I pointed you towards a short paragraph that describes what it actually does: "This plugin module provides support for the auto-whitelist. It keeps track of the average SpamAssassin score for senders. Senders are tracked using a combination of their From: address and their IP address. It then uses that average score to reduce the variability in scoring from message to message and modifies the final score by pushing the result towards the historical average. This improves the accuracy of filtering for most email."
Re: Custom rule based on AWL score
On 2016-10-20 08:34, simplerezo wrote: > My understanding is that AWL is helping frequent senders who are known > to not send spam to "reduce" their spam score, preventing false > positive. That's exactly what I want to rely on for my rules: adding > score for mail with "invoice" pretention and an attachment but only > for very unknown users (or spammers). Just add your custom rules globally, with reasonable scores. Whitelisted senders get a _huge_ bonus (I think it's 100 points by default, maybe customizable), so they won't be affected if you do it right. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://cr.yp.to/smtp/8bitmime.html
Re: Custom rule based on AWL score
My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. That's exactly what I want to rely on for my rules: adding score for mail with "invoice" pretention and an attachment but only for very unknown users (or spammers). -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123091.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Custom rule based on AWL score
On Thu, 20 Oct 2016 08:01:17 -0700 (MST) simplerezo wrote: > Because our users cannot easyly add all theirs contacts to whitelist. > > AWL is a great feature, and it's working well: so it would be nice > for us to put some restrictives rules only active for "unknown" users > (example: "invoices" ...). I don't think you understand what AWL actually does. Read the description section of: https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_AWL.html
Re: Custom rule based on AWL score
Because our users cannot easyly add all theirs contacts to whitelist. AWL is a great feature, and it's working well: so it would be nice for us to put some restrictives rules only active for "unknown" users (example: "invoices" ...). -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123089.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Custom rule based on AWL score
On Thu, 20 Oct 2016 03:55:29 -0700 (MST) simplerezo wrote: > Hi, > > Is it possible to write rule based on AWL score? No > We have some customs rules that we don't want to enable for > "well-known" contacts... Why not just whitelist them?
Custom rule based on AWL score
Hi, Is it possible to write rule based on AWL score? We have some customs rules that we don't want to enable for "well-known" contacts... I tried this: metaSR__AWL ( AWL <= -1 ) describeSR__AWL AWL is at least -1 score SR__AWL -0.01 But it does not seems to work... -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.