You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/04/14 19:44:36 UTC
Re: Rules to match ASes
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Cantrell writes:
> I already block mail from a rather large number of IPs before mail even
> reaches spamassassin, but have recently been thinking about blocking
> ASes instead of IPs. That way, when $spamming_scum gets a new netblock
> they're automagically blocked without me having to add it to a long
> list.
>
> I thought it might be useful for spamassassin to be able to do this too.
> A quick look through the archives and the current sources shows nothing
> relevant.
>
> I found this:
> http://zgp.org/linux-elitists/20040119143450.GF10939@ix.netcom.com.html
> which gives a bit of background info on why this might be useful, and
> ways of getting at the necessary data.
It does look very interesting. I'd be keen to see results ;)
I wonder what we could use this for -- Bayes tokens?
One thing -- I have a feeling that senderbase may provide a way
to get AS numbers...
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFAfXiEQTcbUG5Y7woRApMJAJ92nOikBAYCB/FbYLqYf60/QckBVACfYlhd
zrr7xLFOWpsYlzGchS/hnoU=
=dPpf
-----END PGP SIGNATURE-----
Re: Rules to match ASes
Posted by David Cantrell <da...@cantrell.org.uk>.
Justin Mason wrote:
> David Cantrell writes:
>>I already block mail from a rather large number of IPs before mail even
>>reaches spamassassin, but have recently been thinking about blocking
>>ASes instead of IPs.
>>
>>I found this:
>> http://zgp.org/linux-elitists/20040119143450.GF10939@ix.netcom.com.html
>>which gives a bit of background info on why this might be useful, and
>>ways of getting at the necessary data.
> It does look very interesting. I'd be keen to see results ;)
Analysing a few hours worth of spam (from before I started aggressively
filtering by IP) with a hokey shell script spits out lots of Chinese and
Korean ASes, plus Roadrunner, SBC, PSINET, Rogers Cable, Verio - the
usual suspects. My script was too crude to produce reliable numbers.
> I wonder what we could use this for -- Bayes tokens?
I am very conservative about my mail handling, and I don't think I trust
Bayes enough for this yet. When Bayes misclassifies as spam stuff from
a message body the damage is minor. If Bayes misclassified an AS, mail
from huge chunks of the internet could be affected, regardless of
content. Which would be bad.
--
David Cantrell | http://www.cantrell.org.uk/david
Educating this luser would be something to frustrate even the
unflappable Yoda and make him jam a lightsaber up his arse
while screaming "praise evil, the Dark Side is your friend!".
-- Derek Balling, in the Monastery
Re: Rules to match ASes
Posted by Daniel Quinlan <qu...@pathname.com>.
Sidney Markowitz <si...@sidney.com> writes:
> I noticed that in the article he says that he did not check ham
> percentages. It's hard to evaluate it just on the basis of spam hits
> without any S/O numbers.
It also might be a more interesting technique for SBL (if they're not
already doing it) than for us.
Daniel
--
Daniel Quinlan anti-spam (SpamAssassin), Linux,
http://www.pathname.com/~quinlan/ and open source consulting
Re: Rules to match ASes
Posted by Sidney Markowitz <si...@sidney.com>.
Justin Mason wrote:
> It does look very interesting. I'd be keen to see results ;)
I noticed that in the article he says that he did not check ham
percentages. It's hard to evaluate it just on the basis of spam hits
without any S/O numbers.
-- sidney