Il 23/02/2012 21:15, Martin Gregorie ha scritto:
On Thu, 2012-02-23 at 18:47 +0100, Amedeo Rinaldo wrote:
Il 23/02/2012 13:49, Martin Gregorie ha scritto:
On Thu, 2012-02-23 at 08:49 +0100, Amedeo Rinaldo wrote:
Is there a way/rule to count the fired ruled number ?
..[cut]..
..[cut].. scan the mail log (/etc/log/maillog*) ..
Martin
Thanks Martin, but I mean a 'live rule' to count fired rules ..not a
post log operation.
I need somthing like..
[BAYES_00=-2.5, SPF_NEUTRAL=0.1]
-> ___FIRED_RULES=2
OK, I understand that, but not why you need the information while the message
is being scanned.
I'm testing a custom (..maybe weird?) way to ham-learn messages.
Too often bayes tokens have been contaminated with low scoring (new)
spam messages so i'm trying to write some 'friend-flag-rules'. When
these rules fire I add nice score to fall below the ham threshould. In
practice: if "friend-flags" are not fired the message is not ham learned.
It's just a lab test I've started on one private submission server (msg
small niced -0.4/-0.8). Now I really don't know how bad is this monster,
but I'm curious to find the answer ;-)
Just a note: someone would say that statistically/potentially "maybe it
will see always the same tokens ..and no new ones" ..so no real learning
will happen. Right, maybe it's like that.
My starting idea was a crazy 'small-ball' approach: many good tokens
which help to learn little more ..slowly.
And now the real answer to you Martin..
I cannot write tons of "meta __FLAG_X (!THIS_RULE && !THIS_OTHER_RULE
&& ..)"
I need some sort of match like "if AllFiredRules in (RuleA, RuleB,
RuleC, ...) -> raise __FLAG_Y".
And some like .. "if AllFiredRulesTotalNumber </> CustomThreshould1 then
raise __FLAG_Z"
Now I don't know how I can do that.. I've just started to ask for the
"fired rules number" :-)
If you want to gather stats on rule hits vs. senders or sending domains
you can get that from the maillog provided you put a simple filter in
the pipe that counts the rules that fired for each message, extracts
anything else you need from the message headers and logs the result.
I do more or less that at present: I have a spam deletion program
downstream of spamc which also logs the sender, subject, custom rules
hit and what was done with the message (passed to Postfix, deleted or
quarantined). A custom logwatch module analyses the maillog and
generates a spam stats report showing the ham:spam ratio for the day
and a top 10 for custom rules that fired.
Martin
I've created a log-extracting information procedure to monitor services
and give me detailed reports. Anyway, your approach is interesting, I'll
spend some time on your hints.
Amedeo Rinaldo
------------------
Una volta eliminato l'impossibile, quello che resta, per improbabile che
sia, deve essere la verità (Sherlock Holmes)
