Charles Gregory wrote:
Though again, legit senders that average negative are relatively rare
(well, on my system, anyways).
For what it’s worth, I’ve set up SA to identify replies to the
organisation’s email. It looks at the In-Reply-To and References headers
(our Message-IDs have a
On Thu, 30 Apr 2009, LuKreme wrote:
No, the senders AWL HURTS new spam. If the score is -2 from the AWL
then -2 * -0.2 = 0.4
Ah. Missed the negative. Then this particular piece of the logic is good.
The odds of any AWL(perIP) other than the legit sender having a negative
average are
On Wed, 29 Apr 2009, LuKreme wrote:
On 29-Apr-2009, at 15:31, Charles Gregory wrote:
Apologies for original brevity, but my comment was a criticism of the
proposal to start weighing *all* mail from a specific sender according to
whether the IP was the 'most common' used for that address
On 30-Apr-2009, at 09:40, Charles Gregory wrote:
On Wed, 29 Apr 2009, LuKreme wrote:
On 29-Apr-2009, at 15:31, Charles Gregory wrote:
Apologies for original brevity, but my comment was a criticism of
the proposal to start weighing *all* mail from a specific sender
according to whether the
On Thu, 30 Apr 2009, LuKreme wrote:
First off, I suppose that if you get real mail from someone who has only
ever been seen as a spam sender, then yes, the first mail would be
penalized. But is this ever the case?
(nod) Any time someone's address has been used as a spoofed sender before
RW a écrit :
On Wed, 29 Apr 2009 20:49:29 +0200
mouss mo...@ml.netoyen.net wrote:
on the other hand, a spammer can forge Received headers. and this is a
serious problem. Using untrusted received headers is broken.
The point of AWL is to tweak ham scores towards the mean to avoid
On 30-Apr-2009, at 11:50, Charles Gregory wrote:
On Thu, 30 Apr 2009, LuKreme wrote:
First off, I suppose that if you get real mail from someone who has
only ever been seen as a spam sender, then yes, the first mail
would be penalized. But is this ever the case?
(nod) Any time someone's
On Tue, 28 Apr 2009 22:14:21 -0400
Matt Kettler mkettler...@verizon.net wrote:
Matt Kettler wrote:
LuKreme wrote:
Of course, first, or last depends on your perspective. I assume RW
was thinking of first from a starting at the inside, working
backwards in time approach. This is
I just turned off my AWL today, because of FP issues but
f...@example.com sends me lots of mail. Say it's over 100. It's all ham and
it all comes from mail.example.com. The AWL for this email couplet is , say
-2.1. An email comes in from f...@example.com but sent from
RW a écrit :
On Tue, 28 Apr 2009 22:14:21 -0400
Matt Kettler mkettler...@verizon.net wrote:
Matt Kettler wrote:
LuKreme wrote:
Of course, first, or last depends on your perspective. I assume RW
was thinking of first from a starting at the inside, working
backwards in time approach.
RW wrote:
By your cronological definition of first and last (which is the same as
mine), that's the the FIRST non-private address.
Or the address in the fake Received header the spambot put in the mail?
I hope this is not how it works...
It makes sense to me, if I send you an email, the
From: Charles Gregory cgreg...@hwcn.org
Date: Wed, 29 Apr 2009 14:31:22 -0400 (EDT)
I just turned off my AWL today, because of FP issues but
f...@example.com sends me lots of mail. Say it's over 100. It's all ham
and
it all comes from mail.example.com. The
On Wed, 29 Apr 2009, Jeff Mincy wrote:
*someone* is getting their AWL reputation trashed every time a
spammer forges their e-mail.
AWL stores the IP/16 address with the email address. So your awl
reputation is not being trashed by forged e-mail that comes from a
different IP address.
On 29-Apr-2009, at 15:31, Charles Gregory wrote:
Apologies for original brevity, but my comment was a criticism of
the proposal to start weighing *all* mail from a specific sender
according to whether the IP was the 'most common' used for that
address Essentially changing it from what
On Wed, 29 Apr 2009 20:49:29 +0200
mouss mo...@ml.netoyen.net wrote:
on the other hand, a spammer can forge Received headers. and this is a
serious problem. Using untrusted received headers is broken.
The point of AWL is to tweak ham scores towards the mean to avoid
outlying high-scores
RW wrote:
Maybe one of us is reading the perl wrong (and it could well be me), or
we are talking at cross purposes. As I see it, it's going through the
list of IP address, starting with the mail client and working its way
towards the SA Server. When it finds a routable IP address it sets
-Original Message-
From: mouss [mailto:mo...@ml.netoyen.net]
Sent: woensdag 29 april 2009 20:53
To: users@spamassassin.apache.org
Subject: Re: 'anti' AWL
on the other hand, a spammer can forge Received headers. and this is
a serious problem. Using untrusted received headers is broken
RW wrote:
On Wed, 29 Apr 2009 20:49:29 +0200
mouss mo...@ml.netoyen.net wrote:
on the other hand, a spammer can forge Received headers. and this is a
serious problem. Using untrusted received headers is broken.
The point of AWL is to tweak ham scores towards the mean to avoid
that it would be beneficial to have a 'anti'
AWL score score applied to this particular email, since it claims to
be from one place, but doesn't match the AWL entry. This, naturally
would start of a new AWL entry, but with a slightly higher score than
otherwise.
This would even be useful
through
mail.example.com it seems that it would be beneficial to have a 'anti'
AWL score score applied to this particular email, since it claims to be
from one place, but doesn't match the AWL entry. This, naturally would
start of a new AWL entry, but with a slightly higher score than
From: LuKreme krem...@kreme.com
Date: Tue, 28 Apr 2009 08:43:46 -0600
OK, working on my first cup of coffee this morning, so maybe this has
potential.
The way the AWL works is by keeping track of the origin of emails,
both the address and the server (the top line
On 28-Apr-2009, at 08:56, Matus UHLAR - fantomas wrote:
We have more servers users send mail through. Users can't choose which
server will they connect.
That already happens now.
It can also happen when user switched ISP, mail provider, or the mail
provider changes IP address, DNS names or
On Tue, 28 Apr 2009 11:13:56 -0600
LuKreme krem...@kreme.com wrote:
On 28-Apr-2009, at 08:56, Matus UHLAR - fantomas wrote:
We have more servers users send mail through. Users can't choose
which server will they connect.
That already happens now.
I think his point is that that doesn't
On 28-Apr-2009, at 15:38, RW wrote:
It's based on the first routable IP address,
Well, that's a very silly thing for it to be looking at. It should be
looking at the LAST routable IP address outside of the trusted
network. Looking at the first routable address is completely worthless.
LuKreme wrote:
On 28-Apr-2009, at 15:38, RW wrote:
It's based on the first routable IP address,
Well, that's a very silly thing for it to be looking at. It should be
looking at the LAST routable IP address outside of the trusted
network. Looking at the first routable address is completely
Matt Kettler wrote:
LuKreme wrote:
On 28-Apr-2009, at 15:38, RW wrote:
It's based on the first routable IP address,
Well, that's a very silly thing for it to be looking at. It should be
looking at the LAST routable IP address outside of the trusted
network. Looking at the
On 28-Apr-2009, at 20:14, Matt Kettler wrote:
The AWL uses the LAST non-private..
This is, IMO, completely broken.
Yep, have to agree. This is seriously retarded.
--
I love as only I can, with all my heart
27 matches
Mail list logo