You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2009/10/29 17:11:23 UTC
Shortcircuit Rules
Hi,
I'm interested in experimenting with shortcircuiting, and wondered if
anyone had some examples they're using that they could share?
If I understand correctly, the tests involving simple parsing instead
of those involving network connections work best due to the inherent
overhead with network connections?
Thanks,
Alex
Re: Shortcircuit Rules
Posted by Henrik K <he...@hege.li>.
On Fri, Oct 30, 2009 at 02:21:10AM -0700, Mynabbler wrote:
>
>
> Alex-325 wrote:
> > I'm interested in experimenting with shortcircuiting, and wondered if
> > anyone had some examples they're using that they could share?
> We are using it to shortcircuit HAM and prevent blowing CPU cycles on
> newsletters that people expect to never contain spam. So, there is a
> 'shortcircuit.cf' that lives in /etc/mail/spamassassin and looks like this:
For the record, if you want to save even more resources, here are some
thoughts for even quicker shortcircuiting without DNS queries sent etc.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5930
Re: Shortcircuit Rules
Posted by Mynabbler <my...@live.com>.
Alex-325 wrote:
> I'm interested in experimenting with shortcircuiting, and wondered if
> anyone had some examples they're using that they could share?
We are using it to shortcircuit HAM and prevent blowing CPU cycles on
newsletters that people expect to never contain spam. So, there is a
'shortcircuit.cf' that lives in /etc/mail/spamassassin and looks like this:
loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
report Content analysis details: (_SCORE_ points, _REQD_ required, s/c
_SCTYPE_)
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
# always log shortcircuit status
add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_
shortcircuit=_SCTYPE_ autolearn=_AUTOLEARN_ version=_VERSION_"
# Note: add_header statement should be on one line..., your browser might
snap that in two
# Trusted newsletters
meta SC_NEWSLETTER (HAM001||HAM002||HAM003)
priority SC_NEWSLETTER -500
shortcircuit SC_NEWSLETTER on
score SC_NEWSLETTER 0.1
# JADA Newsletter
header __HAM001_FROM Return-Path =~ /.*nce\.j\.c\@b\.jada\.com/
header __HAM001_SNDR Received =~ /123\.234\.123\./
meta HAM001 (__HAM001_FROM && __HAM001_SNDR)
score HAM001 0.1
describe HAM001 Newsletter from jadajada
# YON YetAnotherNewsletter
header __HAM002_FROM From =~ /.*munication-briefs\@yon\.com/
header __HAM002_SNDR Received =~ /12\.13\.14\.1/
meta HAM002 (__HAM002_FROM && __HAM002_SNDR)
score HAM002 0.1
describe HAM002 Newsletter from YetAnotherNewsletter
# MoreNice stuff (debugged)
header __HAM003_FROM Return-Path =~
/.*\@mail\.morenice\.com|bounce\.j\.c\@.*/
header __HAM003_SNDR Received =~ /198\.99\.245\./
meta HAM003 (__HAM003_FROM && __HAM003_SNDR)
score HAM003 0.1
describe HAM003 Newsletter delivered by MoreNice stuff
endif
So, a check on Return-Path, combined with the ip address where it comes
from, to reasonably prevent any abuse of the shortcut, and a hit results in
no more handling by SA and prevent any further CPU load. Given the nature of
'pushy' newsletter-senders, it prevents CPU spikes when some newsletters
come in bulk on the electronic doormat. Other then shortcircuiting and
saving CPU cycles, it also prevents any false positives on the few selected
'special' newsletters here.
--
View this message in context: http://old.nabble.com/Shortcircuit-Rules-tp26116110p26127045.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Shortcircuit Rules
Posted by Alex <my...@gmail.com>.
Hi,
> I use a number of shortcircuits but they are not in SA they are
> in sendmail.cf They are subject line checks. I started this
> with the Viagra spam, looking at the common permutations of viagra
> spelling, such as v!agra, etc.
>
> Why not block it at the MTA before it even gets to SA - if you can?
To that end, and although it's not (specifically) SA-related, this is
a wonderfully helpful document for postfix UCE:
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
There's also a great collection of additional links at the bottom.
Regards,
Alex
Re: Shortcircuit Rules
Posted by Ted Mittelstaedt <te...@ipinc.net>.
Alex wrote:
> Hi,
>
> I'm interested in experimenting with shortcircuiting, and wondered if
> anyone had some examples they're using that they could share?
>
My $0.02
I use a number of shortcircuits but they are not in SA they are
in sendmail.cf They are subject line checks. I started this
with the Viagra spam, looking at the common permutations of viagra
spelling, such as v!agra, etc.
Why not block it at the MTA before it even gets to SA - if you can?
Ted