Re: 'anti' AWL

Charles Gregory wrote: Though again, legit senders that average negative are relatively rare (well, on my system, anyways). For what it’s worth, I’ve set up SA to identify replies to the organisation’s email. It looks at the In-Reply-To and References headers (our Message-IDs have a

Re: 'anti' AWL

On Thu, 30 Apr 2009, LuKreme wrote: No, the senders AWL HURTS new spam. If the score is -2 from the AWL then -2 * -0.2 = 0.4 Ah. Missed the negative. Then this particular piece of the logic is good. The odds of any AWL(perIP) other than the legit sender having a negative average are

Re: [-4.0] Re: 'anti' AWL

On Wed, 29 Apr 2009, LuKreme wrote: On 29-Apr-2009, at 15:31, Charles Gregory wrote: Apologies for original brevity, but my comment was a criticism of the proposal to start weighing *all* mail from a specific sender according to whether the IP was the 'most common' used for that address

Re: 'anti' AWL

On 30-Apr-2009, at 09:40, Charles Gregory wrote: On Wed, 29 Apr 2009, LuKreme wrote: On 29-Apr-2009, at 15:31, Charles Gregory wrote: Apologies for original brevity, but my comment was a criticism of the proposal to start weighing *all* mail from a specific sender according to whether the

Re: 'anti' AWL

On Thu, 30 Apr 2009, LuKreme wrote: First off, I suppose that if you get real mail from someone who has only ever been seen as a spam sender, then yes, the first mail would be penalized. But is this ever the case? (nod) Any time someone's address has been used as a spoofed sender before

Re: 'anti' AWL

RW a écrit : On Wed, 29 Apr 2009 20:49:29 +0200 mouss mo...@ml.netoyen.net wrote: on the other hand, a spammer can forge Received headers. and this is a serious problem. Using untrusted received headers is broken. The point of AWL is to tweak ham scores towards the mean to avoid

Re: 'anti' AWL

On 30-Apr-2009, at 11:50, Charles Gregory wrote: On Thu, 30 Apr 2009, LuKreme wrote: First off, I suppose that if you get real mail from someone who has only ever been seen as a spam sender, then yes, the first mail would be penalized. But is this ever the case? (nod) Any time someone's

Re: 'anti' AWL

On Tue, 28 Apr 2009 22:14:21 -0400 Matt Kettler mkettler...@verizon.net wrote: Matt Kettler wrote: LuKreme wrote: Of course, first, or last depends on your perspective. I assume RW was thinking of first from a starting at the inside, working backwards in time approach. This is

Re: 'anti' AWL

I just turned off my AWL today, because of FP issues but f...@example.com sends me lots of mail. Say it's over 100. It's all ham and it all comes from mail.example.com. The AWL for this email couplet is , say -2.1. An email comes in from f...@example.com but sent from

Re: 'anti' AWL

RW a écrit : On Tue, 28 Apr 2009 22:14:21 -0400 Matt Kettler mkettler...@verizon.net wrote: Matt Kettler wrote: LuKreme wrote: Of course, first, or last depends on your perspective. I assume RW was thinking of first from a starting at the inside, working backwards in time approach.

Re: 'anti' AWL

RW wrote: By your cronological definition of first and last (which is the same as mine), that's the the FIRST non-private address. Or the address in the fake Received header the spambot put in the mail? I hope this is not how it works... It makes sense to me, if I send you an email, the

Re: 'anti' AWL

From: Charles Gregory cgreg...@hwcn.org Date: Wed, 29 Apr 2009 14:31:22 -0400 (EDT) I just turned off my AWL today, because of FP issues but f...@example.com sends me lots of mail. Say it's over 100. It's all ham and it all comes from mail.example.com. The

Re: [0.0] Re: 'anti' AWL

On Wed, 29 Apr 2009, Jeff Mincy wrote: *someone* is getting their AWL reputation trashed every time a spammer forges their e-mail. AWL stores the IP/16 address with the email address. So your awl reputation is not being trashed by forged e-mail that comes from a different IP address.

Re: 'anti' AWL

On 29-Apr-2009, at 15:31, Charles Gregory wrote: Apologies for original brevity, but my comment was a criticism of the proposal to start weighing *all* mail from a specific sender according to whether the IP was the 'most common' used for that address Essentially changing it from what

Re: 'anti' AWL

On Wed, 29 Apr 2009 20:49:29 +0200 mouss mo...@ml.netoyen.net wrote: on the other hand, a spammer can forge Received headers. and this is a serious problem. Using untrusted received headers is broken. The point of AWL is to tweak ham scores towards the mean to avoid outlying high-scores

Re: 'anti' AWL

RW wrote: Maybe one of us is reading the perl wrong (and it could well be me), or we are talking at cross purposes. As I see it, it's going through the list of IP address, starting with the mail client and working its way towards the SA Server. When it finds a routable IP address it sets

RE: 'anti' AWL

-Original Message- From: mouss [mailto:mo...@ml.netoyen.net] Sent: woensdag 29 april 2009 20:53 To: users@spamassassin.apache.org Subject: Re: 'anti' AWL on the other hand, a spammer can forge Received headers. and this is a serious problem. Using untrusted received headers is broken

Re: 'anti' AWL

RW wrote: On Wed, 29 Apr 2009 20:49:29 +0200 mouss mo...@ml.netoyen.net wrote: on the other hand, a spammer can forge Received headers. and this is a serious problem. Using untrusted received headers is broken. The point of AWL is to tweak ham scores towards the mean to avoid

'anti' AWL

that it would be beneficial to have a 'anti' AWL score score applied to this particular email, since it claims to be from one place, but doesn't match the AWL entry. This, naturally would start of a new AWL entry, but with a slightly higher score than otherwise. This would even be useful

Re: 'anti' AWL

through mail.example.com it seems that it would be beneficial to have a 'anti' AWL score score applied to this particular email, since it claims to be from one place, but doesn't match the AWL entry. This, naturally would start of a new AWL entry, but with a slightly higher score than

Re: 'anti' AWL

From: LuKreme krem...@kreme.com Date: Tue, 28 Apr 2009 08:43:46 -0600 OK, working on my first cup of coffee this morning, so maybe this has potential. The way the AWL works is by keeping track of the origin of emails, both the address and the server (the top line

Re: 'anti' AWL

On 28-Apr-2009, at 08:56, Matus UHLAR - fantomas wrote: We have more servers users send mail through. Users can't choose which server will they connect. That already happens now. It can also happen when user switched ISP, mail provider, or the mail provider changes IP address, DNS names or

Re: 'anti' AWL

On Tue, 28 Apr 2009 11:13:56 -0600 LuKreme krem...@kreme.com wrote: On 28-Apr-2009, at 08:56, Matus UHLAR - fantomas wrote: We have more servers users send mail through. Users can't choose which server will they connect. That already happens now. I think his point is that that doesn't

Re: 'anti' AWL

On 28-Apr-2009, at 15:38, RW wrote: It's based on the first routable IP address, Well, that's a very silly thing for it to be looking at. It should be looking at the LAST routable IP address outside of the trusted network. Looking at the first routable address is completely worthless.

Re: 'anti' AWL

LuKreme wrote: On 28-Apr-2009, at 15:38, RW wrote: It's based on the first routable IP address, Well, that's a very silly thing for it to be looking at. It should be looking at the LAST routable IP address outside of the trusted network. Looking at the first routable address is completely

Re: 'anti' AWL

Matt Kettler wrote: LuKreme wrote: On 28-Apr-2009, at 15:38, RW wrote: It's based on the first routable IP address, Well, that's a very silly thing for it to be looking at. It should be looking at the LAST routable IP address outside of the trusted network. Looking at the

Re: 'anti' AWL

On 28-Apr-2009, at 20:14, Matt Kettler wrote: The AWL uses the LAST non-private.. This is, IMO, completely broken. Yep, have to agree. This is seriously retarded. -- I love as only I can, with all my heart