anti spam plugin

2011-11-08 Thread Hajo Locke 

Hello,

i do some tests with commtouch anti spam plugin for spamassassin. 
http://www.commtouch.com/
Somebody knows this product? In my opinion a Spamassassin with razor plugin 
is enough.
It seems that its just strengthen the spamscore spamassassin created on its 
own but is less helpful at difficult spam-yes-no-decisions .

Are there some users of this plugin and can share there experience?

Thanks,
Hajo

Re: anti spam plugin

2011-11-08 Thread João Gouveia 


- Original Message -
 From: Hajo Locke hajo.lo...@gmx.de
 To: users@spamassassin.apache.org
 Sent: Tuesday, November 8, 2011 10:11:38 AM
 Subject: anti spam plugin
 
 Hello,
 
 i do some tests with commtouch anti spam plugin for spamassassin.
 http://www.commtouch.com/
 Somebody knows this product? In my opinion a Spamassassin with razor
 plugin
 is enough.
 It seems that its just strengthen the spamscore spamassassin created
 on its
 own but is less helpful at difficult spam-yes-no-decisions .
 Are there some users of this plugin and can share there experience?

AFAIK, that's a commercial plugin.
Also, from what I remember of that plugin, it actually sends the complete 
pristine message to their datacenter for analysis, which might not be what 
you're expecting.

 Thanks,
 Hajo
 
 

-- 
Joao Gouveia
AnubisNetworks
Tel. : +351 21 7252110
Mobile : +351 91 9512960
Fax : +351 21 7252119
http://www.anubisnetworks.com

Re: anti spam plugin

2011-11-08 Thread Hajo Locke 

Hello,


AFAIK, that's a commercial plugin.
Also, from what I remember of that plugin, it actually sends the complete 
pristine message to their datacenter for analysis, which might not be what 
you're expecting.


yes, its commercial. i do some tests with testlicence but i dont see the 
obvious advantage.
Hmm, if nobody knows this plugin, maybe razor users can rate efficiency of 
razor-plugin. satisfied with spam hits?


Thanks,
Hajo

Re: anti spam plugin

2011-11-08 Thread Axb 

On 2011-11-08 12:23, Hajo Locke wrote:

Hello,


AFAIK, that's a commercial plugin.
Also, from what I remember of that plugin, it actually sends the
complete pristine message to their datacenter for analysis, which
might not be what you're expecting.


yes, its commercial. i do some tests with testlicence but i dont see the
obvious advantage.
Hmm, if nobody knows this plugin, maybe razor users can rate efficiency
of razor-plugin. satisfied with spam hits?


If commercial, I'd choose the Cloudmark over the Commtouch plugin.

Tested both and Cloudmark did indeed add some value, but as most of the 
commercial plugins, they'll often fail in very specific regional spam 
types, in case that's what your looking for.


Although unsupported/obsolete the iXhash plugin still produces good 
results.

RE: myfanbox.com

2011-11-08 Thread Mynabbler 


R - elists wrote:
 
 why not just save processor cycles  make it easier... reject the below at
 smtp time
 
 sms.ac
 fanbox.com
 fanboxnotes.com
 myfanbox.com
 
We have a ruleset here, since I want to see what they send, and your list is
incomplete:

header  MN_FANBOX From =~
/(smsacfriends\.com|fanboxmail\.com|fanboxapps\.com|fanboxnotes\.com|myfanbox\.com|fanboxnotes\.com/i

... I never saw sms.ac however. Did not have a complaint about the rule
either.
-- 
View this message in context: 
http://old.nabble.com/myfanbox.com-tp32791654p32802636.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: anti spam plugin

2011-11-08 Thread RW 
On Tue, 08 Nov 2011 12:27:36 +0100
Axb wrote:

 Although unsupported/obsolete the iXhash plugin still produces good 
 results.

I removed that plugin a few month ago because it reduced scan times from
~14s to ~4s.

I've just been looking at it again and it look like iXhash.cf contains
some obsolete zones; the website gives only ix.dnsbl.manitu.net and
generic.ixhash.net. I commented out the hosteurope.ixhash.ne and
ctyme.ixhash.ne rules, and the problem seems to have gone away.

Re: anti spam plugin

2011-11-08 Thread Henrik K 
On Tue, Nov 08, 2011 at 02:28:55PM +, RW wrote:
 On Tue, 08 Nov 2011 12:27:36 +0100
 Axb wrote:
 
  Although unsupported/obsolete the iXhash plugin still produces good 
  results.
 
 I removed that plugin a few month ago because it reduced scan times from
 ~14s to ~4s.
 
 I've just been looking at it again and it look like iXhash.cf contains
 some obsolete zones; the website gives only ix.dnsbl.manitu.net and
 generic.ixhash.net. I commented out the hosteurope.ixhash.ne and
 ctyme.ixhash.ne rules, and the problem seems to have gone away. 

Well, if you care about performance, I recoded iXhash to use async lookups
and few other enhancements..

http://sa.hege.li/iXhash2.pm

Re: anti spam plugin

2011-11-08 Thread RW 
On Tue, 8 Nov 2011 16:57:38 +0200
Henrik K wrote:

 On Tue, Nov 08, 2011 at 02:28:55PM +, RW wrote:
  On Tue, 08 Nov 2011 12:27:36 +0100
  Axb wrote:
  
   Although unsupported/obsolete the iXhash plugin still produces
   good results.
  
  I removed that plugin a few month ago because it reduced scan times
  from ~14s to ~4s.
  
  I've just been looking at it again and it look like iXhash.cf
  contains some obsolete zones; the website gives only
  ix.dnsbl.manitu.net and generic.ixhash.net. I commented out the
  hosteurope.ixhash.ne and ctyme.ixhash.ne rules, and the problem
  seems to have gone away. 
 
 Well, if you care about performance, I recoded iXhash to use async
 lookups and few other enhancements..
 
 http://sa.hege.li/iXhash2.pm

Is it possible to use both zones. If so, would it be:

 ixhashdnsbl   IXHASH  ix.dnsbl.manitu.net. generic.ixhash.net.
 ...

or would it need separate rules:
  
 ixhashdnsbl   IXHASH_M  ix.dnsbl.manitu.net.
 body  IXHASH_M  eval:check_ixhash('IXHASH_M')
 ixhashdnsbl   IXHASH_G  generic.ixhash.net.
 body  IXHASH_G  eval:check_ixhash('IXHASH_G')
 ...

Or is ix.dnsbl.manitu.net the only one worth using?




On Tue, 08 Nov 2011 15:38:29 +0100
Axb wrote:

 hosteurope.ixhash.ne ?
 ctyme.ixhash.ne ?
 
 or do you mean .net?

Yes. They are truncated in the describe lines in the .cf file, which is
where I pasted them from. They are right in the rules, so that's not the
problem.

Re: Chickenpoxed subjects

2011-11-08 Thread Philip Prindeville 
On 10/20/11 8:24 PM, Adam Katz wrote:
 On 10/19/2011 04:43 AM, Mynabbler wrote:
 You are kidding, right? 50% of this crap comes from FREEMAIL
 addresses, and even more specific: 44% of this crap is delivered by
 aol.com.  The aol deliveries have about 85% unique from@aol
 addresses, so they pretty much 'own' aol.
 
 We're writing spam filters, not idiot filters.  The fact that there is
 so much overlap is often useful, bit the overlap is not complete.  There
 is also a decent amount of overlap between the
 mostly-computer-illiterate and freemail users.  I think this drives your
 current line of thinking.
 
 There are a lot of people that do very spammy things.  It is a testament
 to SA and other filters that such non-spam doesn't so commonly flag as spam.
 

Sorry to come to the party late on this, was traveling a bit.

It seems to me that if you have lines like:

Subject: T R +A N/N!l :ES,  P \0 R  N
Subject: S C/H ,O 0=LG)l :R$L$S ) P -0 RN

Then the solution is to use agrep.  Make deletions of punctuation very low 
cost, as well as the usual transformations like:

0 = O
1 = l
$ = S
...

also be low-cost.  (Of course, then you end up with the possibility of clash 
between deleting $ and replacing it with 'S', but agrep is good about checking 
both)... they you just grep through a dictionary of the usual offenders:

lesbian
cash
meds
porn
...

I'm not familiar with perl-String-Approx...  reading up on it, it uses the 
Levenshtein distances just like agrep does... so it would be ideal for doing 
approximate matches.

http://search.cpan.org/~jhi/String-Approx-3.26/Approx.pm

-Philip

Re: anti spam plugin

2011-11-08 Thread Henrik K 
On Tue, Nov 08, 2011 at 03:47:50PM +, RW wrote:
  
  Well, if you care about performance, I recoded iXhash to use async
  lookups and few other enhancements..
  
  http://sa.hege.li/iXhash2.pm
 
 or would it need separate rules:
   
  ixhashdnsbl   IXHASH_M  ix.dnsbl.manitu.net.
  body  IXHASH_M  eval:check_ixhash('IXHASH_M')
  ixhashdnsbl   IXHASH_G  generic.ixhash.net.
  body  IXHASH_G  eval:check_ixhash('IXHASH_G')
  ...

That's the usual SA way.

 Or is ix.dnsbl.manitu.net the only one worth using?

Try ixhash.spameatingmonkey.net, works fine here.

Re: anti spam plugin

2011-11-08 Thread Dave Warren 

On 11/8/2011 2:38 AM, João Gouveia wrote:

AFAIK, that's a commercial plugin.
Also, from what I remember of that plugin, it actually sends the complete 
pristine message to their datacenter for analysis, which might not be what 
you're expecting.


I can't speak to that particular plug-in, but in one Commtouch 
implementation I worked with in a previous $DAYJOB only hashes were sent 
up to the servers.  Some implementations may vary though, so I would 
evaluate the SpamAssassin plug-in before relying on this.


It would be possible to identify IPs of mail servers that received 
similar messages, but not the message content itself.


--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren

older FVGT rulesets

2011-11-08 Thread R - elists 

apologies in advance for asking

i know part of the answer can be found in the wiki, yet it isnt 100%
definative.

have these older FVGT rulesets been incorporated into the current SA
versions?

i.e. 00_FVGT_File001.cf and 88_FVGT_headers.cf and 99_FVGT_Tripwire.cf

we shouldnt be using these rules with the current SA version right ???

 -rh

spam from a .con ?!

2011-11-08 Thread jidanni 
 From:... ...@1004.con
.con? sounds like a con-job.
Ha, I'm not falling for that again!