Hello Bonno,
Thursday, April 19, 2007, 7:01:47 AM, you wrote:
|
> |
Hi,
I just posted this in the Declude.Junkmail list: |
<snip/>
|
> |
Pete, Is this something the new Sniffer can help us with, identifying legit mailservers? Will hits have a separate exit code we can use to identify legit mailservers and reduce points accumulated in Declude via other tests and have the mail go through? |
Yes, a bit*. Here is a bit of the configuration for the GBUdb that will help with that:
<!-- Region mappings -->
<regions>
<white on-off='on' symbol='0'>
<edge probability='-1.0' confidence='0.6'/>
<edge probability='-0.8' confidence='1.0'/>
<panic on-off='on' rule-range='1000'/>
</white>
This default configuration allows a good IP reputation to override any SNF black rules by resetting the result - in this case to zero. It could be configured to override a black rule with some other value that you could interpret as a kind of white result, however* if no black rules fired then the current engine would simply return 0 as it normally would.
In general, the GBUdb is designed not to get involved unless it knows something particularly special about the message source that conflicts with what the pattern matching engine is reporting.
That said, I am considering a second scan client that will query just the GBUdb and produce a result based on the statistics and flags associated with the IP. This feature will be added later and it is not certain what form it will take --- some systems either do, or will soon be able to get comprehensive result data from calling SNF - For example, it is possible that a filtering engine like Declude could pass the message to SNF once and then interpret a complex result as more than one kind of test - each which could be evaluated separately.
Before introducing that kind of complexity, though, I'd first like to get the fundamentals out there so we can more clearly understand how this beast should be tuned. Theory is nice, and current test data shows that the theory stands up very well -- but we're all about reliability here so I want to see how it works when we throw our "wild mix" of systems at it ;-)
Hope this helps,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
