You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Fred T <sp...@freddyt.com> on 2006/12/07 18:21:27 UTC
Re: Score=x+5
Hello Alan,
Wednesday, November 29, 2006, 8:23:14 PM, you wrote:
> -0.0 P0F_UNIX OS fingerprint BSD/Solaris/HP-UX/Tru64
I'm curious about P0F_UNIX could you share this rule with me? And any
similar fingerprint rules? Thanks!
--
Best regards,
Fred mailto:spamassassin@freddyt.com
Re: Score counting error
Posted by Kelson <ke...@speed.net>.
Andrew Hearn (AAISP) wrote:
> X-Spam-Status: No, score=4.3 required=4.4 tests=BAYES_99,NO_RELAYS
> autolearn=disabled version=3.1.7
> X-Spam-Report:
> * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
> * 4.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> * [score: 1.0000]
It's just differences in rounding. The scores actually have three
digits past the decimal point, but the report only shows one.
NO_RELAYS is actually -0.001, so the final score, assuming BAYES_99 is
4.400 in your setup, is 4.399. IIRC the final score is always rounded
down in the report to avoid confusion when people see things like this:
X-Spam-Status: No, score=4.4 required=4.4
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Score counting error
Posted by "Andrew Hearn (AAISP)" <an...@aaisp.net.uk>.
Hi,
In my headers I see:
X-Spam-Status: No, score=4.3 required=4.4 tests=BAYES_99,NO_RELAYS
autolearn=disabled version=3.1.7
X-Spam-Report:
* -0.0 NO_RELAYS Informational: message was not relayed via SMTP
* 4.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
Seems odd that score doesn't add up? (4.4 + 0.0 = 4.3!!)
--
Andrew Hearn
Re: Score=x+5
Posted by Mark Martinec <Ma...@ijs.si>.
On Thursday December 7 2006 18:21, Fred T wrote:
> > -0.0 P0F_UNIX OS fingerprint BSD/Solaris/HP-UX/Tru64
> I'm curious about P0F_UNIX could you share this rule with me? And any
> similar fingerprint rules? Thanks!
The rules are quite straightforward (see below) - just matching
on inserted header field, which can be inserted by amavisd-new
(or some other sw component like milter or policy daemon or SA plugin),
based of results from p0f ( http://lcamtuf.coredump.cx/p0f.shtml ).
See release notes, p0f support was introduced with version 2.4.0:
http://www.ijs.si/software/amavisd/release-notes.txt
Here is my current set:
header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP(?![^(]*\b2000 SP)/
score L_P0F_WXP 3.0
header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/
score L_P0F_W 1.7
header L_P0F_UNKN X-Amavis-OS-Fingerprint =~ /^UNKNOWN/
score L_P0F_UNKN 0.8
header L_P0F_Unix X-Amavis-OS-Fingerprint =~ /^((Free|Open|Net)BSD|Solaris|HP-UX|Tru64)/
score L_P0F_Unix -1.0
header L_P0F_Linux X-Amavis-OS-Fingerprint =~ /^Linux/
score L_P0F_Linux -0.1
plus a couple to slightly favour network proximity,
which works well in my environment, but may not work
so well elsewhare:
header L_P0F_D1234 X-Amavis-OS-Fingerprint =~ /\bdistance [1-4](?![0-9])/
header L_P0F_D5 X-Amavis-OS-Fingerprint =~ /\bdistance 5(?![0-9])/
header L_P0F_D6 X-Amavis-OS-Fingerprint =~ /\bdistance 6(?![0-9])/
header L_P0F_D7 X-Amavis-OS-Fingerprint =~ /\bdistance 7(?![0-9])/
header L_P0F_D8 X-Amavis-OS-Fingerprint =~ /\bdistance 8(?![0-9])/
header L_P0F_D9 X-Amavis-OS-Fingerprint =~ /\bdistance 9(?![0-9])/
header L_P0F_D10 X-Amavis-OS-Fingerprint =~ /\bdistance 10(?![0-9])/
header L_P0F_D11 X-Amavis-OS-Fingerprint =~ /\bdistance 11(?![0-9])/
score L_P0F_D1234 -0.5
score L_P0F_D5 -0.5
score L_P0F_D6 -0.5
score L_P0F_D7 -0.5
score L_P0F_D8 -0.5
score L_P0F_D9 -0.5
score L_P0F_D10 -0.3
score L_P0F_D11 -0.3
Mark