You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Robin Lynn Frank <rl...@paradigm-omega.com> on 2004/10/09 18:43:05 UTC
A simple way to...
We use SA 3.0.0 with MySQL so we can extract certain AWL data and use it
at the MTA level. However, since SA doesn't have an auto-blacklist
feature, I'd like to find a relatively simple way to extract IP
addresses from emails that contain spam. If it is of any importance, we
invoke SA via amavisd-new.
--
Robin Lynn Frank
Director of Operations
Paradigm-Omega, LLC
http://www.paradigm-omega.com
==============================
Sed quis custodiet ipsos custodes?
Re: A simple way to...
Posted by Bill Landry <bi...@pointshare.com>.
----- Original Message -----
From: "Ryan Thompson" <ry...@sasknow.com>
> Robin Lynn Frank wrote to users@spamassassin.apache.org:
>
> > We use SA 3.0.0 with MySQL so we can extract certain AWL data and use
> > it at the MTA level. However, since SA doesn't have an auto-blacklist
> > feature,
>
> Hi Robin,
>
> Actually, "AutoWhiteList" (AWL) is a bit of a misnomer. AWL maintains
> average message scores for sender/class-B tuples, so, in effect, it is
> also an auto blacklist, because repeat spam senders will have high
> average scores in the AWL database.
>
> > I'd like to find a relatively simple way to extract IP addresses from
> > emails that contain spam. If it is of any importance, we invoke SA
> > via amavisd-new.
>
> See, for instance, the check_whitelist script in the tools/ directory of
> the distribution. I get output like this:
>
> -4.5 (-35.6/8) -- hamster@domain.com|ip=64.59
> 9.3 (27.9/3) -- spamster@domain.com|ip=65.39
>
> The first line is for a user that sends ham, so his/her score on future
> messages would be pushed closer to -4.5.
>
> The second line is for a user that sends spam, so, if they sent a more
> hammy message later, the AWL would likely *add* points to the message,
> while decreasing the average slightly.
>
> It works both ways. If you want to use this at the MTA level, I could
> envision you wanting to grab, say, every entry over a certain average
> score and potentially greylist based on that or something.
I'm wondering if the devs have consider changing the name associated with
AWL from auto-whitelisting to something more descriptive of what AWL
actually does, maybe something like auto-weight-leveling?
Bill
Re: A simple way to...
Posted by Robin Lynn Frank <rl...@paradigm-omega.com>.
On Sat, 9 Oct 2004 15:41:37 -0600 (CST)
Ryan Thompson <ry...@sasknow.com> wrote:
> Robin Lynn Frank wrote to users@spamassassin.apache.org:
>
> > We use SA 3.0.0 with MySQL so we can extract certain AWL data and
> > use it at the MTA level. However, since SA doesn't have an
> > auto-blacklist feature,
>
> Hi Robin,
>
> Actually, "AutoWhiteList" (AWL) is a bit of a misnomer. AWL maintains
> average message scores for sender/class-B tuples, so, in effect, it is
> also an auto blacklist, because repeat spam senders will have high
> average scores in the AWL database.
>
> > I'd like to find a relatively simple way to extract IP addresses
> > from emails that contain spam. If it is of any importance, we
> > invoke SA via amavisd-new.
>
> See, for instance, the check_whitelist script in the tools/ directory
> of the distribution. I get output like this:
>
> -4.5 (-35.6/8) -- hamster@domain.com|ip=64.59
> 9.3 (27.9/3) -- spamster@domain.com|ip=65.39
>
> The first line is for a user that sends ham, so his/her score on
> future messages would be pushed closer to -4.5.
>
> The second line is for a user that sends spam, so, if they sent a more
> hammy message later, the AWL would likely *add* points to the message,
> while decreasing the average slightly.
>
> It works both ways. If you want to use this at the MTA level, I could
> envision you wanting to grab, say, every entry over a certain average
> score and potentially greylist based on that or something.
>
> Hope this helps,
> - Ryan
>
Yes it does. The only thing I see that is a problem is that the IPs
appear to be /16s. /24s would be a broad enough brush to paint with.
Back to the drawing board.
--
Robin Lynn Frank
Director of Operations
Paradigm-Omega, LLC
http://www.paradigm-omega.com
==============================
Sed quis custodiet ipsos custodes?
Re: A simple way to...
Posted by Ryan Thompson <ry...@sasknow.com>.
Robin Lynn Frank wrote to users@spamassassin.apache.org:
> We use SA 3.0.0 with MySQL so we can extract certain AWL data and use
> it at the MTA level. However, since SA doesn't have an auto-blacklist
> feature,
Hi Robin,
Actually, "AutoWhiteList" (AWL) is a bit of a misnomer. AWL maintains
average message scores for sender/class-B tuples, so, in effect, it is
also an auto blacklist, because repeat spam senders will have high
average scores in the AWL database.
> I'd like to find a relatively simple way to extract IP addresses from
> emails that contain spam. If it is of any importance, we invoke SA
> via amavisd-new.
See, for instance, the check_whitelist script in the tools/ directory of
the distribution. I get output like this:
-4.5 (-35.6/8) -- hamster@domain.com|ip=64.59
9.3 (27.9/3) -- spamster@domain.com|ip=65.39
The first line is for a user that sends ham, so his/her score on future
messages would be pushed closer to -4.5.
The second line is for a user that sends spam, so, if they sent a more
hammy message later, the AWL would likely *add* points to the message,
while decreasing the average slightly.
It works both ways. If you want to use this at the MTA level, I could
envision you wanting to grab, say, every entry over a certain average
score and potentially greylist based on that or something.
Hope this helps,
- Ryan
--
Ryan Thompson <ry...@sasknow.com>
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America