You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Gregor Uwe Esterweil <g_...@gmx.de> on 2017/02/22 10:29:48 UTC
Is there any automatic exchange between spamassassin instances
Dear mailinglist-recipients,
I'm heading forward to an essay for IT class about actual spamblocking
mechanisms.
Doing some early research for my paper I found out that some
antispam-/mailsecurity-providers
like Barracuda Networks provide an live interconnection between their
appliances to have a nearly
live reaction on all their nodes to spam-sources.
Is there something similar for spamassassin?
As far as I found out spamassassin uses some real time blacklists to
check if a host (based on domain
name or ip) is a known source of spam.
But on which data are these RBLs based on?
Does every spamassassin-installation automatically provide data to RBLs
(or similar services)
and contributes this way to their services?
If that's the case, which information is shared by spamassasin?
Is there any other automatic contribution by a spamassassin-installation
to improve the further
development of spamassassin for example?
I would appreciate if you link any additional information sources you know.
Kind regards
Gregor
Re: Is there any automatic exchange between spamassassin instances
Posted by RW <rw...@googlemail.com>.
On Wed, 22 Feb 2017 12:59:13 +0100
Gregor Uwe Esterweil wrote:
> >>> Is there something similar for spamassassin?
> >> razor, pyzor, DCC
> > RBLs and rule updates as well.
> Do I understand you correctly that, if somebody runs a
> spamassassin-instance, this instance is doing reports to a central
> network which distributes the information to any other spamassassin
> instance.
>
> I thought there's only an automatic oneway connection with the use of
> RBLs and rule-updates.
>
> Is the contribution when using razor/pyzor optional?
>
> How does the contribution to razor/pyzor and dcc work? How is decided
> which mail leads to an information transfer to the main systems?
dcc is the only one that's truly automatic because it's really a
bulk mail test that's based on the number of look-ups.
spamc and the spamassassin script allow spam to be reported to Pyzor,
Razor and SpamCop at the same time that it's trained locally into Bayes.
Some SA users periodically run current rules against their corpora of
spam and ham to generate information used for rule scoring and QA.
Re: Is there any automatic exchange between spamassassin instances
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 2/22/2017 6:59 AM, Gregor Uwe Esterweil wrote:
> Do I understand you correctly that, if somebody runs a
> spamassassin-instance, this instance is doing reports to a central
> network which distributes the information to any other spamassassin
> instance.
>
> I thought there's only an automatic oneway connection with the use of
> RBLs and rule-updates.
>
> Is the contribution when using razor/pyzor optional?
>
> How does the contribution to razor/pyzor and dcc work? How is decided
> which mail leads to an information transfer to the main systems?
There are certainly many automatic two way communication systems.
I know one nice system that uses HAM and SPAM folders to autolearn
bayesian tokens and then uses that database to seed other bayesian
databases.
How each works and the logic for how they work is quite complicated.
Additionally, because spamassassin is both a program and an API, there
are a lot of different ways to achieve the same effect.
For example, some use the API calls and report spam that way for a
centralized Blacklist. RPBL works that way.
Regards,
KAM
Re: Is there any automatic exchange between spamassassin instances
Posted by Gregor Uwe Esterweil <g_...@gmx.de>.
Hello Ralf Hildebrand,
Hello Kevin A McGrail,
>>> Is there something similar for spamassassin?
>> razor, pyzor, DCC
> RBLs and rule updates as well.
Do I understand you correctly that, if somebody runs a
spamassassin-instance, this instance is doing reports to a central
network which distributes the information to any other spamassassin
instance.
I thought there's only an automatic oneway connection with the use of
RBLs and rule-updates.
Is the contribution when using razor/pyzor optional?
How does the contribution to razor/pyzor and dcc work? How is decided
which mail leads to an information transfer to the main systems?
Gregor
Re: Is there any automatic exchange between spamassassin instances
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 2/22/2017 5:34 AM, Ralf Hildebrandt wrote:
> * Gregor Uwe Esterweil <g_...@gmx.de>:
>> Dear mailinglist-recipients,
>>
>> I'm heading forward to an essay for IT class about actual spamblocking
>> mechanisms.
>> Doing some early research for my paper I found out that some
>> antispam-/mailsecurity-providers
>> like Barracuda Networks provide an live interconnection between their
>> appliances to have a nearly
>> live reaction on all their nodes to spam-sources.
>>
>> Is there something similar for spamassassin?
> razor, pyzor, DCC
RBLs and rule updates as well.
Re: Is there any automatic exchange between spamassassin instances
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* Gregor Uwe Esterweil <g_...@gmx.de>:
> Dear mailinglist-recipients,
>
> I'm heading forward to an essay for IT class about actual spamblocking
> mechanisms.
> Doing some early research for my paper I found out that some
> antispam-/mailsecurity-providers
> like Barracuda Networks provide an live interconnection between their
> appliances to have a nearly
> live reaction on all their nodes to spam-sources.
>
> Is there something similar for spamassassin?
razor, pyzor, DCC
--
Ralf Hildebrandt Charite Universit�tsmedizin Berlin
ralf.hildebrandt@charite.de Campus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Gesch�ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
Re: Is there any automatic exchange between spamassassin instances
Posted by Bowie Bailey <Bo...@BUC.com>.
On 2/22/2017 5:29 AM, Gregor Uwe Esterweil wrote:
> Dear mailinglist-recipients,
>
> I'm heading forward to an essay for IT class about actual spamblocking
> mechanisms.
> Doing some early research for my paper I found out that some
> antispam-/mailsecurity-providers
> like Barracuda Networks provide an live interconnection between their
> appliances to have a nearly
> live reaction on all their nodes to spam-sources.
>
> Is there something similar for spamassassin?
No. There is no communication between unrelated SpamAssassin
installations. It is possible to set up multiple installs to share
things like Bayes databases and various custom stuff, but this is
something that has to be done manually.
> As far as I found out spamassassin uses some real time blacklists to
> check if a host (based on domain
> name or ip) is a known source of spam.
>
> But on which data are these RBLs based on?
Depends on the RBL. Each one has it's own listing (and de-listing)
policies. AFAIK, all of them are separate entities and are not related
to the SpamAssassin project.
> Does every spamassassin-installation automatically provide data to
> RBLs (or similar services)
> and contributes this way to their services?
> If that's the case, which information is shared by spamassasin?
The RBLs do their own data collection separate from SpamAssassin.
If you set up Razor, Pyzor, or DCC, then SA will share some information
with them since they all work based on shared information. To find out
exactly what is shared, you would have to look them up individually. As
with the RBLs, these are services that are used by SA, but are not
affiliated.
> Is there any other automatic contribution by a
> spamassassin-installation to improve the further
> development of spamassassin for example?
Not automatically, but SpamAssassin users who wish to contribute to SA
rule development can use the MassCheck program to check the SA rules
against a list of hand-sorted ham and spam. This is used to determine
how to score the rules based on how much ham vs spam are hit by the rule.
> I would appreciate if you link any additional information sources you
> know.
I don't know of any sources besides the official SA documentation.
--
Bowie