Is there any automatic exchange between spamassassin instances

[Gregor Uwe Esterweil <g_...@gmx.de>]

Dear mailinglist-recipients,

I'm heading forward to an essay for IT class about actual spamblocking 
mechanisms.
Doing some early research for my paper I found out that some 
antispam-/mailsecurity-providers
like Barracuda Networks provide an live interconnection between their 
appliances to have a nearly
live reaction on all their nodes to spam-sources.

Is there something similar for spamassassin?
As far as I found out spamassassin uses some real time blacklists to 
check if a host (based on domain
name or ip) is a known source of spam.

But on which data are these RBLs based on?
Does every spamassassin-installation automatically provide data to RBLs 
(or similar services)
and contributes this way to their services?
If that's the case, which information is shared by spamassasin?

Is there any other automatic contribution by a spamassassin-installation 
to improve the further
development of spamassassin for example?

I would appreciate if you link any additional information sources you know.

Kind regards
Gregor

Re: Is there any automatic exchange between spamassassin instances

[RW <rw...@googlemail.com>]

On Wed, 22 Feb 2017 12:59:13 +0100
Gregor Uwe Esterweil wrote:


> >>> Is there something similar for spamassassin?  
> >> razor, pyzor, DCC  
> > RBLs and rule updates as well.  
> Do I understand you correctly that, if somebody runs a 
> spamassassin-instance, this instance is doing  reports to a central 
> network which distributes the information to any other spamassassin 
> instance.
> 
> I thought there's only an automatic oneway connection with the use of 
> RBLs and rule-updates.
> 
> Is the contribution when using razor/pyzor optional?
> 
> How does the contribution to razor/pyzor and dcc work? How is decided 
> which mail leads to an information transfer to the main systems?

dcc is the only one that's truly automatic because it's really a
bulk mail test that's based on the number of look-ups. 

spamc and the spamassassin script allow spam to be reported to Pyzor,
Razor and SpamCop at the same time that it's trained locally into Bayes.

Some SA users periodically run current rules against their corpora of
spam and ham to generate information used for rule scoring and QA.

Re: Is there any automatic exchange between spamassassin instances

["Kevin A. McGrail" <KM...@PCCC.com>]

On 2/22/2017 6:59 AM, Gregor Uwe Esterweil wrote:
> Do I understand you correctly that, if somebody runs a 
> spamassassin-instance, this instance is doing  reports to a central 
> network which distributes the information to any other spamassassin 
> instance.
>
> I thought there's only an automatic oneway connection with the use of 
> RBLs and rule-updates.
>
> Is the contribution when using razor/pyzor optional?
>
> How does the contribution to razor/pyzor and dcc work? How is decided 
> which mail leads to an information transfer to the main systems? 
There are certainly many automatic two way communication systems.

I know one nice system that uses HAM and SPAM folders to autolearn 
bayesian tokens and then uses that database to seed other bayesian 
databases.

How each works and the logic for how they work is quite complicated.

Additionally, because spamassassin is both a program and an API, there 
are a lot of different ways to achieve the same effect.

For example, some use the API calls and report spam that way for a 
centralized Blacklist.  RPBL works that way.

Regards,
KAM

Re: Is there any automatic exchange between spamassassin instances

[Gregor Uwe Esterweil <g_...@gmx.de>]

Hello Ralf Hildebrand,
Hello Kevin A McGrail,


>>> Is there something similar for spamassassin?
>> razor, pyzor, DCC
> RBLs and rule updates as well.
Do I understand you correctly that, if somebody runs a 
spamassassin-instance, this instance is doing  reports to a central 
network which distributes the information to any other spamassassin 
instance.

I thought there's only an automatic oneway connection with the use of 
RBLs and rule-updates.

Is the contribution when using razor/pyzor optional?

How does the contribution to razor/pyzor and dcc work? How is decided 
which mail leads to an information transfer to the main systems?

Gregor

Re: Is there any automatic exchange between spamassassin instances

["Kevin A. McGrail" <KM...@PCCC.com>]

On 2/22/2017 5:34 AM, Ralf Hildebrandt wrote:
> * Gregor Uwe Esterweil <g_...@gmx.de>:
>> Dear mailinglist-recipients,
>>
>> I'm heading forward to an essay for IT class about actual spamblocking
>> mechanisms.
>> Doing some early research for my paper I found out that some
>> antispam-/mailsecurity-providers
>> like Barracuda Networks provide an live interconnection between their
>> appliances to have a nearly
>> live reaction on all their nodes to spam-sources.
>>
>> Is there something similar for spamassassin?
> razor, pyzor, DCC
RBLs and rule updates as well.

Re: Is there any automatic exchange between spamassassin instances

[Ralf Hildebrandt <Ra...@charite.de>]

* Gregor Uwe Esterweil <g_...@gmx.de>:
> Dear mailinglist-recipients,
> 
> I'm heading forward to an essay for IT class about actual spamblocking
> mechanisms.
> Doing some early research for my paper I found out that some
> antispam-/mailsecurity-providers
> like Barracuda Networks provide an live interconnection between their
> appliances to have a nearly
> live reaction on all their nodes to spam-sources.
> 
> Is there something similar for spamassassin?

razor, pyzor, DCC


-- 
Ralf Hildebrandt                   Charite Universit�tsmedizin Berlin
ralf.hildebrandt@charite.de        Campus Benjamin Franklin
http://www.charite.de              Hindenburgdamm 30, 12203 Berlin
Gesch�ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

Re: Is there any automatic exchange between spamassassin instances

[Bowie Bailey <Bo...@BUC.com>]

On 2/22/2017 5:29 AM, Gregor Uwe Esterweil wrote:
> Dear mailinglist-recipients,
>
> I'm heading forward to an essay for IT class about actual spamblocking 
> mechanisms.
> Doing some early research for my paper I found out that some 
> antispam-/mailsecurity-providers
> like Barracuda Networks provide an live interconnection between their 
> appliances to have a nearly
> live reaction on all their nodes to spam-sources.
>
> Is there something similar for spamassassin?

No.  There is no communication between unrelated SpamAssassin 
installations.  It is possible to set up multiple installs to share 
things like Bayes databases and various custom stuff, but this is 
something that has to be done manually.

> As far as I found out spamassassin uses some real time blacklists to 
> check if a host (based on domain
> name or ip) is a known source of spam.
>
> But on which data are these RBLs based on?

Depends on the RBL.  Each one has it's own listing (and de-listing) 
policies.  AFAIK, all of them are separate entities and are not related 
to the SpamAssassin project.

> Does every spamassassin-installation automatically provide data to 
> RBLs (or similar services)
> and contributes this way to their services?
> If that's the case, which information is shared by spamassasin?

The RBLs do their own data collection separate from SpamAssassin.

If you set up Razor, Pyzor, or DCC, then SA will share some information 
with them since they all work based on shared information.  To find out 
exactly what is shared, you would have to look them up individually.  As 
with the RBLs, these are services that are used by SA, but are not 
affiliated.

> Is there any other automatic contribution by a 
> spamassassin-installation to improve the further
> development of spamassassin for example?

Not automatically, but SpamAssassin users who wish to contribute to SA 
rule development can use the MassCheck program to check the SA rules 
against a list of hand-sorted ham and spam.  This is used to determine 
how to score the rules based on how much ham vs spam are hit by the rule.

> I would appreciate if you link any additional information sources you 
> know.

I don't know of any sources besides the official SA documentation.

-- 
Bowie