You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Theo Van Dinter <fe...@kluge.net> on 2004/11/18 01:22:32 UTC
Random thoughts, etc.
- from jm: network test, do dnsbl lookups on the helo hostname
- predictive autolearn? do check before bayes_check, if we are likely to
autolearn, go r/w instead of r/o. can implement on first bayes_check call.
- don't bother caching full/decoded/etc at start in PMS. how much caching do
we do now? multiple times in PMS? may not be an issue due to references.
- short circuiting ideas:
- set certain rules as SC if hit
USER_IN_WHITELIST, USER_IN_BLACKLIST (not DEF)
*BSP*
HABEAS*
- allow SC on ham score (ie: < #)
- allow SC on spam score (ie: > #)
- should autolearn skip SC msgs? should we always do autolearn in the
appropriate direction?
- AWL should be skipped during SC
- SC rules should have a negative priority so they run first
- do *not* do score check per rule, do it either per priority or rule
type (header, body, etc.)
- SC will require is_spam SC as score + required_hits will be at odds
- add SC header macro (get_tag)
- SC for S/O 1.000 rules? how about S/O near 1? BAYES_99, etc.
Some form of order/priority rearrangement:
Blacklist short
Whitelist user/admin wants it
BSP/Habeas reputable, non-forgable
Other SC Rules as early as possible
Other Local Rules lightweight
Bayes don't do it unless we have to
Network large latency, try to avoid
- update ideas:
- use updates.spamassassin.org, reverse version numbers:
0.0.3.updates.spamassassin.org
TXT record w/ last update timestamp
use a version for result? something parsable?
"v=1 ts=yyymmdd", etc?
can do wildcard for generics:
*.0.3 ...
allows updates per version if necessary
- rules + scores only imho
- leave code + plugins to normal releases. less security issues,
people aren't going to be as comfortable with frequent code updates.
- how to specify where people should go to get updates? can't use
apache dist since it's archived, takes too long to get updates out?
- can do round robin A RRs, but that requires same path for all
mirrors
- can use TXT RRs, but klugy
- central "mirrors" file on main site?
- include per version w/ wildcard in list?
- separate mirrors file per major/minor version?
- how to secure?
- GPG signature preferred
- MD5 and SHA1 otherwise?
- always hitting main site for verification negates some
usefulness of mirrors.
--
Randomly Generated Tagline:
"You ripped his arm off.
Yeah ... He had a spare." - From the movie Action Jackson
Re: Random thoughts, etc.
Posted by Tony Finch <do...@dotat.at>.
On Wed, 17 Nov 2004, Theo Van Dinter wrote:
> - from jm: network test, do dnsbl lookups on the helo hostname
You should also apply the URIBL technique of checking the nameservers of
various domains against the SBL. "Various domains" would include the helo
name and return path address. You could also look up the corresponding
MXs. Postfix supports these kinds of checks.
Tony.
--
f.a.n.finch <do...@dotat.at> http://dotat.at/
MALIN HEBRIDES: NORTHEAST 4 OR 5 INCREASING 6. RAIN LATER. GOOD BECOMING
MODERATE.
Re: Random thoughts, etc.
Posted by Theo Van Dinter <fe...@kluge.net>.
[This was a personal mail, but it really should be on the dev list (and there
was nothing private in here from what I could see...)]
On Wed, Nov 17, 2004 at 09:55:42PM -0500, Fred wrote:
> the way they send e-mail, it's possible for those to backfire. If I
> understand your random thoughts, SC on S/O of 1.0 alone may not be a good
> idea.
It was more of a thought to determine which rules may be SC candidates.
> Would it be possible to add a tflag for a rule if it should SC? This way
> the devs have more control over which rules SC but may require more work on
> your part. I don't see a way to set priority using this but it's a way to
> tell this rule to SC if hit.
That was my plan actually. A SC tflag, and "nice" will specify which way the
message ought to be flagged. It's still not clear how the priorities will be
set, I'm thinking the easy thing is to leave everything with a priority of 0,
except SC rules which get a lower priority -- net rules would be slightly
higher, and if a rule has a priority set that overrides. That way you'd get a
decent priority determination automatically, with the ability to override as
necessary.
There'd have to be some logic for the subrules, so that if a meta rule is SC,
the subrules will run first. Perhaps subrules should always be run first
since they're usually pretty lightweight?
--
Randomly Generated Tagline:
"What if we take you with us? Put you on trial?
Zathras not of this time. You take, Zathras die. You leave, Zathras die.
Either way, it is bad for Zathras."
- B4 Commander & Zathras on Babylon 5 (Babylon Squared)