Hey Chris, I may be oversimplifying the problem, but I don't think the db code is elaborate. I wrote Perl DB_File routines for squidGuard. What is needed is a hook to develop custom eval functions. Otherwise you run the risk of the eval function not surviving updates. Even if one would maintain the eval function for SA upgrades, imcompatibilities may arise further complicating maintenance. Anyone - please correct me if I am wrong.
I was thinking of piping the message from Procmail to a Perl script and performing comparison against the db for a match. Positive hits could result in an addition of an X-header via formail. The X-header could be checked from a custom rule within SA. I certainly would agree that an SA eval function would be much better. However, I believe this *hack* could work and would allow comparisons against larger numbers of URI's or other blacklists without crushing servers. I would appreciate anyone's feedback. Be a little gentle though, this is just a rough idea. I know this would not help those who do not necessarily use Procmail but it could help anyone who could pipe the message to a Perl script. --Larry > -----Original Message----- > From: Chris Santerre [mailto:[EMAIL PROTECTED] > Sent: Monday, November 17, 2003 1:52 PM > To: 'William Stearns'; Robert Menschel > Cc: ML-spamassassin-talk > Subject: RE: [SAtalk] Sanity checking new uri rules? > > > My 1700 rules CRUSHED busy servers. This is why I sort them > now by order of hits. So people can prune the rules to the > heavy hitters if they wish. It was the only way I could think > to make them still usefull for people. Also they can adjust > scores for the ones that hit the most often. > > --Chris "Kill for a URI DB eval" Santerre > > > -----Original Message----- > > From: William Stearns [mailto:[EMAIL PROTECTED] > > Sent: Monday, November 17, 2003 1:23 PM > > To: Robert Menschel > > Cc: ML-spamassassin-talk; William Stearns > > Subject: Re: [SAtalk] Sanity checking new uri rules? > > > > > > Good afternoon, Robert, > > > > On Fri, 14 Nov 2003, Robert Menschel wrote: > > > > > Friday, November 14, 2003, 12:53:45 PM, you wrote: > > > > > > WS> I'm now trying > > > WS> to take these domains and check the URI's in the body > > for them as well. > > > WS> My first attempt to do URI rules is at > > > WS> > > http://www.stearns.org/sa-blacklist/sa-blacklist.2003111402.uri.cf > > > > > > I'd run these through my corpus, but I'm not sure what > the effect of > > > 4.8k tests would have on my server during masscheck. > > > > > > WS> Would someone be willing to just take a quick > > look and see if my > > > WS> approach makes sense? I hate screwing up _other_ > > people's SA installs, > > > WS> and that's why I'm putting these in a seperate file > > until I'm comfortable > > > WS> with the results. > > > > > > Running normal tests against my corpus, 1-15 tests, > > masscheck runs 15-18 > > > or so minutes. Testing 200 rules took 20 minutes. Figure 1 > > minute per > > > 200 rules, 4800 rules would take an additional 24 minutes. > > I hesitate > > > putting this shared server through that load. > > > > So if I read you correctly, adding 4800 rules > > essentially triples > > the cpu time needed to process a given message or collection > > of messages. > > Are there ways to improve the performance of the checks? I ask > > because these URI rules are tripping on about 50-60% of my > > current spam - > > much more than the corresponding source domain blacklist rules. > > > > I hope you'll pardon my ignorance, but I don't know how to read > > the masscheck results. Were there any other useful nuggets > > that came out > > of that report? > > Thanks for taking the time to report back, even if I'm too > > inexperienced to understand your response. :-) > > Cheers, > > - Bill > > > > -------------------------------------------------------------- > > ------------- > > '"I wish those people just would be quiet," he said > > of computer > > researchers who publish vulnerabilities in Microsoft's products.' > > -- Steve Ballmer, Microsoft > > (Courtesy of > > http://story.news.yahoo.com/news?tmpl=story&u=/washpost/200310 > 10/tc_washpost/a6043_2003oct9) > -------------------------------------------------------------- > ------------ > William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, > freedups, p0f, > rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org Linux articles at: http://www.opensourcedigest.com -------------------------------------------------------------------------- ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
