I am looking for people who want to try patches for the DCC
plugin that
can look at and score emails from the commercial version of
DCC.
The one that implements the commercial 'reputation' values.
(If you don't know what I mean, you don't have it)
Currently, the DCC.pm filter will return a true or false,
depending on
if the 'fuzzy checksums' of the email you just received are
already
listed in the dcc database.
The commercial version also implements a reputation score of
the sending
ip address.
It keeps a percentage of 'spam vs ham' based on all of the
dcc agents
that check the database.
These patches can be used two ways:
Patch #1 will also allow you to set a percentage 'score' to
also trigger
the check_dcc() (or DCC_CHECK) rule.
For example, if you set it to 90 (90%) that means that you
want to score
the DCC_CHECK score on every email from any server that 90%
of the
emails are 'bulk' according to the DCC server.
(you set dcc_rep_score 90 in local.cf)
Patch #2 allows you to selectively score emails based on the
reputation
RANGES, similar to razor ranges or Bayesian ranges.
something in local.cf like:
full DCC_CHECK70 check_dcc_rep('70','')
score DCC_CHECK70 7.0
describe DCC_CHECK70 The email send from the IP address of
the first
untrusted ip address is 70% bulk email.
full DCC_CHECK0 check_dcc_rep('','1')
score DCC_CHECK0 -1.0
describe DCC_CHECK0 No spam has been seen from this ip
address in the
last few days.
Why this? why not RBL's? Ok, you can use them (I do), but
checking a
commercial DCC server using dccifd is a lot faster than
checking rbl's.
(see: http:
//www.dcc-servers.net/dcc/reputations.html there are
currently over 1 million ip addresses in the database)
I am the official ports maintainer of the FreeBSD
SpamAssassin port, and
I might put this patch in as an optional 'knob' for the next
update.
Note: these patches should be 100% upward compatible. ie,
you don't put
a dcc_rep_score in local.cf or don't enable new rules that
implement the
check_dcc_rep() function, it should not change your scores
at all. Also
note, that it does absolutely nothing for you if you don't
have and are
not paying for the commercial DCC product.
I will send these patches to anyone who emails me from a
valid corporate
account (I will NOT send them to freebie and 'home' isp
accounts like
hotmail,gmail,yahoo, rr,bellsouth, etc)
If you can use this patch, you are running your own mail
servers and
either run your own DCC server, or you contract with someone
to access a
commercial dcc server.
I won't add you to our email list (since I am assuming that
most people
using the commercial DCC service are in business selling or
supporting
anti-spam systems)
Eventually, after testing and feedback, I will send these
patches to
Apache/SpamAssassin group.
--
Michael Scheidell, CTO
SECNAP Network Security
____________________________________________________________
_____________
This email has been scanned and certified safe by
SpammerTrap(tm).
For Information please see http://www.spammertrap.com
____________________________________________________________
_____________
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-user lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|
