You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Brent Clark <br...@gmail.com> on 2008/10/23 10:43:32 UTC
shortcircuit
Hiya
I would like to know, what are the implications of using / enabling
shortcircuit.
Other than speeding up the scan processing, from my side, I cant see a
downgrade in spam detection.
Kind Regards
Brent Clark
Re: shortcircuit
Posted by Henrik K <he...@hege.li>.
On Fri, Oct 24, 2008 at 11:35:20AM +0200, Matus UHLAR - fantomas wrote:
>
> it ALL depends on
> - how much of trusted hosts you have and how much %spam are they relaying
> - how much is your CPU/memory/network loaded with spam scanning
>
> You provided reasons why to do shortcircuit, I provided reasons why not
> to...
You provided a single reason ("you might get spam"), which was not very
insightful.
If some ALL_TRUSTED is sending lot of %spam, then your setup is faulty.
Remove such bad hosts. It's not a reason not to use SC.
By whitelisting (with SC), I want to make SURE I don't get any FPs from
there. The possibility of FNs is much less serious.
Of course you could skip SA completely, but it would require coding
equivalent of all_trusted, whitelist_from_spf/dkim to somewhere else.
Re: shortcircuit
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > On 23.10.08 20:05, Henrik K wrote:
> > > I shortcircuit:
> > >
> > > USER_IN_SPF_WHITELIST
> > > USER_IN_DKIM_WHITELIST
> > > USER_IN_WHITELIST
> > >
> > > Why bother scanning?
iof course, but why bother scanning at all?
> On Fri, Oct 24, 2008 at 10:18:29AM +0200, Matus UHLAR - fantomas wrote:
> > because his computer may be infectedby some spam sending malware?
On 24.10.08 11:51, Henrik K wrote:
> And this 1/1000 chance makes one bother wasting time on SA? Not me.
> > trusted hosts may relay spam...
> Good luck to your paranoid world, I rather live in the real one. :)
>
> Somehow some people think that having few FNs is the end of the world. It
> doesn't make sense to multiply your resource usage to increase hit ratio
> by 1%.
it ALL depends on
- how much of trusted hosts you have and how much %spam are they relaying
- how much is your CPU/memory/network loaded with spam scanning
You provided reasons why to do shortcircuit, I provided reasons why not
to...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
Re: shortcircuit
Posted by Henrik K <he...@hege.li>.
On Fri, Oct 24, 2008 at 10:18:29AM +0200, Matus UHLAR - fantomas wrote:
>
> On 23.10.08 20:05, Henrik K wrote:
> > Lets get some facts straight.
> >
> > If you are not certain what you are shortcicuiting, don't do it. But you
> > don't need to have performance issues to do it! I like to save resources for
> > a bad day (spam flood?).
> >
> > I shortcircuit:
> >
> > USER_IN_SPF_WHITELIST
> > USER_IN_DKIM_WHITELIST
> > USER_IN_WHITELIST
> >
> > Why bother scanning?
>
> because his computer may be infectedby some spam sending malware?
And this 1/1000 chance makes one bother wasting time on SA? Not me.
Remember that there is also ClamAV/Sanesecurity et al.
> > Also:
> >
> > ALL_TRUSTED
>
> trusted hosts may relay spam...
Good luck to your paranoid world, I rather live in the real one. :)
Somehow some people think that having few FNs is the end of the world. It
doesn't make sense to multiply your resource usage to increase hit ratio
by 1%.
Re: shortcircuit
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > Brent Clark a écrit :
> > > I would like to know, what are the implications of using / enabling
> > > shortcircuit.
> > >
> > > Other than speeding up the scan processing, from my side, I cant see a
> > > downgrade in spam detection.
On 23.10.08 20:05, Henrik K wrote:
> Lets get some facts straight.
>
> If you are not certain what you are shortcicuiting, don't do it. But you
> don't need to have performance issues to do it! I like to save resources for
> a bad day (spam flood?).
>
> I shortcircuit:
>
> USER_IN_SPF_WHITELIST
> USER_IN_DKIM_WHITELIST
> USER_IN_WHITELIST
>
> Why bother scanning?
because his computer may be infectedby some spam sending malware?
> Also:
>
> ALL_TRUSTED
trusted hosts may relay spam...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
Re: shortcircuit
Posted by Henrik K <he...@hege.li>.
On Thu, Oct 23, 2008 at 03:15:33PM +0200, mouss wrote:
> Brent Clark a écrit :
> > Hiya
> >
> > I would like to know, what are the implications of using / enabling
> > shortcircuit.
> >
> > Other than speeding up the scan processing, from my side, I cant see a
> > downgrade in spam detection.
> >
>
> if you don't have performance issues, don't shortcircuit. The more you
> check, the better.
Lets get some facts straight.
If you are not certain what you are shortcicuiting, don't do it. But you
don't need to have performance issues to do it! I like to save resources for
a bad day (spam flood?).
I shortcircuit:
USER_IN_SPF_WHITELIST
USER_IN_DKIM_WHITELIST
USER_IN_WHITELIST
Why bother scanning?
Also:
ALL_TRUSTED
I have extensive list of trusted_networks for whitelisting purposes. How
can you whitelist people if they send through a large ISP smarthost etc and
they are not using DKIM? Not with whitelist_from_rcvd/spf. Well ok, you
can, but there is a small chance of spoofing. But why risk anyway, since
this does the job efficiently. Hits 13% of all traffic.
My magic rule:
(BAYES_00 && RELAY_FI && !ANY_BOUNCE_MESSAGE)
Bayes works extraordinary well, since most my ham is in Finnish, and spam
in English.. together with relay from Finland (very small source of spam)
it skips almost 40% of my traffic! (BAYES_00 alone is about 50%)
There is no point checking known good traffic. If you can identify such
rules, good for you. I really don't care if there are very few non-serious
FNs. ClamAV/Sanesecurity will catch most anyway.
Re: shortcircuit
Posted by mouss <mo...@netoyen.net>.
Brent Clark a écrit :
> Hiya
>
> I would like to know, what are the implications of using / enabling
> shortcircuit.
>
> Other than speeding up the scan processing, from my side, I cant see a
> downgrade in spam detection.
>
if you don't have performance issues, don't shortcircuit. The more you
check, the better.
Re: shortcircuit
Posted by Kai Schaetzl <ma...@conactive.com>.
Brent Clark wrote on Thu, 23 Oct 2008 10:43:32 +0200:
> I cant see a
> downgrade in spam detection.
you *may* see an "upgrade" in FPs.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: shortcircuit
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 23.10.08 10:43, Brent Clark wrote:
> I would like to know, what are the implications of using / enabling
> shortcircuit.
>
> Other than speeding up the scan processing, from my side, I cant see a
> downgrade in spam detection.
important rules may not be applied thus you can have FPs and FNs if you
shortcircuit on wrong rules..
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease