anti spam plugin
Hello, i do some tests with commtouch anti spam plugin for spamassassin. http://www.commtouch.com/ Somebody knows this product? In my opinion a Spamassassin with razor plugin is enough. It seems that its just strengthen the spamscore spamassassin created on its own but is less helpful at difficult spam-yes-no-decisions . Are there some users of this plugin and can share there experience? Thanks, Hajo
Re: anti spam plugin
- Original Message - From: Hajo Locke hajo.lo...@gmx.de To: users@spamassassin.apache.org Sent: Tuesday, November 8, 2011 10:11:38 AM Subject: anti spam plugin Hello, i do some tests with commtouch anti spam plugin for spamassassin. http://www.commtouch.com/ Somebody knows this product? In my opinion a Spamassassin with razor plugin is enough. It seems that its just strengthen the spamscore spamassassin created on its own but is less helpful at difficult spam-yes-no-decisions . Are there some users of this plugin and can share there experience? AFAIK, that's a commercial plugin. Also, from what I remember of that plugin, it actually sends the complete pristine message to their datacenter for analysis, which might not be what you're expecting. Thanks, Hajo -- Joao Gouveia AnubisNetworks Tel. : +351 21 7252110 Mobile : +351 91 9512960 Fax : +351 21 7252119 http://www.anubisnetworks.com
Re: anti spam plugin
Hello, AFAIK, that's a commercial plugin. Also, from what I remember of that plugin, it actually sends the complete pristine message to their datacenter for analysis, which might not be what you're expecting. yes, its commercial. i do some tests with testlicence but i dont see the obvious advantage. Hmm, if nobody knows this plugin, maybe razor users can rate efficiency of razor-plugin. satisfied with spam hits? Thanks, Hajo
Re: anti spam plugin
On 2011-11-08 12:23, Hajo Locke wrote: Hello, AFAIK, that's a commercial plugin. Also, from what I remember of that plugin, it actually sends the complete pristine message to their datacenter for analysis, which might not be what you're expecting. yes, its commercial. i do some tests with testlicence but i dont see the obvious advantage. Hmm, if nobody knows this plugin, maybe razor users can rate efficiency of razor-plugin. satisfied with spam hits? If commercial, I'd choose the Cloudmark over the Commtouch plugin. Tested both and Cloudmark did indeed add some value, but as most of the commercial plugins, they'll often fail in very specific regional spam types, in case that's what your looking for. Although unsupported/obsolete the iXhash plugin still produces good results.
RE: myfanbox.com
R - elists wrote: why not just save processor cycles make it easier... reject the below at smtp time sms.ac fanbox.com fanboxnotes.com myfanbox.com We have a ruleset here, since I want to see what they send, and your list is incomplete: header MN_FANBOX From =~ /(smsacfriends\.com|fanboxmail\.com|fanboxapps\.com|fanboxnotes\.com|myfanbox\.com|fanboxnotes\.com/i ... I never saw sms.ac however. Did not have a complaint about the rule either. -- View this message in context: http://old.nabble.com/myfanbox.com-tp32791654p32802636.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: anti spam plugin
On Tue, 08 Nov 2011 12:27:36 +0100 Axb wrote: Although unsupported/obsolete the iXhash plugin still produces good results. I removed that plugin a few month ago because it reduced scan times from ~14s to ~4s. I've just been looking at it again and it look like iXhash.cf contains some obsolete zones; the website gives only ix.dnsbl.manitu.net and generic.ixhash.net. I commented out the hosteurope.ixhash.ne and ctyme.ixhash.ne rules, and the problem seems to have gone away.
Re: anti spam plugin
On Tue, Nov 08, 2011 at 02:28:55PM +, RW wrote: On Tue, 08 Nov 2011 12:27:36 +0100 Axb wrote: Although unsupported/obsolete the iXhash plugin still produces good results. I removed that plugin a few month ago because it reduced scan times from ~14s to ~4s. I've just been looking at it again and it look like iXhash.cf contains some obsolete zones; the website gives only ix.dnsbl.manitu.net and generic.ixhash.net. I commented out the hosteurope.ixhash.ne and ctyme.ixhash.ne rules, and the problem seems to have gone away. Well, if you care about performance, I recoded iXhash to use async lookups and few other enhancements.. http://sa.hege.li/iXhash2.pm
Re: anti spam plugin
On Tue, 8 Nov 2011 16:57:38 +0200 Henrik K wrote: On Tue, Nov 08, 2011 at 02:28:55PM +, RW wrote: On Tue, 08 Nov 2011 12:27:36 +0100 Axb wrote: Although unsupported/obsolete the iXhash plugin still produces good results. I removed that plugin a few month ago because it reduced scan times from ~14s to ~4s. I've just been looking at it again and it look like iXhash.cf contains some obsolete zones; the website gives only ix.dnsbl.manitu.net and generic.ixhash.net. I commented out the hosteurope.ixhash.ne and ctyme.ixhash.ne rules, and the problem seems to have gone away. Well, if you care about performance, I recoded iXhash to use async lookups and few other enhancements.. http://sa.hege.li/iXhash2.pm Is it possible to use both zones. If so, would it be: ixhashdnsbl IXHASH ix.dnsbl.manitu.net. generic.ixhash.net. ... or would it need separate rules: ixhashdnsbl IXHASH_M ix.dnsbl.manitu.net. body IXHASH_M eval:check_ixhash('IXHASH_M') ixhashdnsbl IXHASH_G generic.ixhash.net. body IXHASH_G eval:check_ixhash('IXHASH_G') ... Or is ix.dnsbl.manitu.net the only one worth using? On Tue, 08 Nov 2011 15:38:29 +0100 Axb wrote: hosteurope.ixhash.ne ? ctyme.ixhash.ne ? or do you mean .net? Yes. They are truncated in the describe lines in the .cf file, which is where I pasted them from. They are right in the rules, so that's not the problem.
Re: Chickenpoxed subjects
On 10/20/11 8:24 PM, Adam Katz wrote: On 10/19/2011 04:43 AM, Mynabbler wrote: You are kidding, right? 50% of this crap comes from FREEMAIL addresses, and even more specific: 44% of this crap is delivered by aol.com. The aol deliveries have about 85% unique from@aol addresses, so they pretty much 'own' aol. We're writing spam filters, not idiot filters. The fact that there is so much overlap is often useful, bit the overlap is not complete. There is also a decent amount of overlap between the mostly-computer-illiterate and freemail users. I think this drives your current line of thinking. There are a lot of people that do very spammy things. It is a testament to SA and other filters that such non-spam doesn't so commonly flag as spam. Sorry to come to the party late on this, was traveling a bit. It seems to me that if you have lines like: Subject: T R +A N/N!l :ES, P \0 R N Subject: S C/H ,O 0=LG)l :R$L$S ) P -0 RN Then the solution is to use agrep. Make deletions of punctuation very low cost, as well as the usual transformations like: 0 = O 1 = l $ = S ... also be low-cost. (Of course, then you end up with the possibility of clash between deleting $ and replacing it with 'S', but agrep is good about checking both)... they you just grep through a dictionary of the usual offenders: lesbian cash meds porn ... I'm not familiar with perl-String-Approx... reading up on it, it uses the Levenshtein distances just like agrep does... so it would be ideal for doing approximate matches. http://search.cpan.org/~jhi/String-Approx-3.26/Approx.pm -Philip
Re: anti spam plugin
On Tue, Nov 08, 2011 at 03:47:50PM +, RW wrote: Well, if you care about performance, I recoded iXhash to use async lookups and few other enhancements.. http://sa.hege.li/iXhash2.pm or would it need separate rules: ixhashdnsbl IXHASH_M ix.dnsbl.manitu.net. body IXHASH_M eval:check_ixhash('IXHASH_M') ixhashdnsbl IXHASH_G generic.ixhash.net. body IXHASH_G eval:check_ixhash('IXHASH_G') ... That's the usual SA way. Or is ix.dnsbl.manitu.net the only one worth using? Try ixhash.spameatingmonkey.net, works fine here.
Re: anti spam plugin
On 11/8/2011 2:38 AM, João Gouveia wrote: AFAIK, that's a commercial plugin. Also, from what I remember of that plugin, it actually sends the complete pristine message to their datacenter for analysis, which might not be what you're expecting. I can't speak to that particular plug-in, but in one Commtouch implementation I worked with in a previous $DAYJOB only hashes were sent up to the servers. Some implementations may vary though, so I would evaluate the SpamAssassin plug-in before relying on this. It would be possible to identify IPs of mail servers that received similar messages, but not the message content itself. -- Dave Warren, CEO Hire A Hit Consulting Services http://ca.linkedin.com/in/davejwarren
older FVGT rulesets
apologies in advance for asking i know part of the answer can be found in the wiki, yet it isnt 100% definative. have these older FVGT rulesets been incorporated into the current SA versions? i.e. 00_FVGT_File001.cf and 88_FVGT_headers.cf and 99_FVGT_Tripwire.cf we shouldnt be using these rules with the current SA version right ??? -rh
spam from a .con ?!
From:... ...@1004.con .con? sounds like a con-job. Ha, I'm not falling for that again!