craig carriere wrote:
> I have not configured Pyzor as it seems a repeat of DCC
and
> Razor. Am I missing anything by not using the Pyzor
plugin as well?
It's a very reasonable question, and believe me, during
periods of
extended outages and/or latency on the part of the Pyzor
servers I've
considered dropping it altogether myself.
But let's back up a few steps to remember where Pyzor came
from and why
it's still around. Pyzor was created because the folks at
Cloudmark
(who produce Razor) refused to open-source their server
code. While you
can download the source to the Razor client, you can't run
your own
Razor server, or examine how Razor's reporter reputation
system works.
Cloudmark keeps that stuff proprietary for business reasons,
since most
of its revenue comes from selling Windows-based anti-spam
products that
feed and read the Razor database.
In that sense, your generous spam reports to Razor are
effectively
donations to Cloudmark's corporate coffers, since their
user-maintained
database is their most valuable asset. While Windows users
have to pay
for the Cloudmark software, the Razor client has been
available to the
Unix-ish crowd for free for several years, mainly because
the Razor
database would be nothing without the reports from Razor
users. It's a
strange and asymmetric business model, but it has worked for
Cloudmark.
There's always been a fear, though, that Cloudmark could
start charging
Razor users for access to their database, the way they
charge Windows
users. For a year or so, Razor's license changed to become
much more
restrictive about what kinds of organizations could use it
for free, and
this was only recently reversed. The point is that since
Razor is a
for-profit service, its maintainers have the right to change
their
license at any time, and that creates a lot of uncertainty
for Razor users.
Pyzor's name comes from it being a python-based clone of
Razor,
including both an open-source client and an open-source
server. By
making it a free and open source product, such that any
organization
could set up and host a Pyzor database (and make that
database either
private or public), the intent was to resolve all of the
licensing
uncertainties surrounding Razor. If one company hosting a
Pyzor
database decides at some point to make its database private
and
for-profit, that's fine--other organizations hosting Pyzor
databases can
step in and fill the void. No one is then held hostage to a
proprietary
system's monopoly.
Then there's the fact that Razor's license terms make it
difficult for
high-volume sites to afford to use it. While low-traffic
sites get to
use Razor for free, high-traffic sites would be hammering
those Razor
servers on a near-constant basis, so Cloudmark wants to
charge those
users for the service. That's not unreasonable, certainly,
and DCC does
the same thing, but some organizations won't be willing to
pay for such
a license--they'd rather do without Razor altogether. The
ability to
use Pyzor without any such restrictions or costs is
appealing,
obviously, particularly if high-volume sites opt to run
their own Pyzor
servers, or host mirrors for the main Pyzor database. In
theory, that
"openness" at the server side ought to make
Pyzor more scalable than Razor.
The idea was honourable and not without merit, but
unfortunately like a
lot of other open-source projects it lacked the kind of
financial
support from its users that would have been needed to make
it really
take off. Few organizations proved willing to host Pyzor
servers while
Razor was still available and "free", and
without a steady income stream
it suffered from development neglect, bandwidth shortages,
and led to
the very frustrations you're describing today.
>From a technical standpoint, Pyzor is not as
sophisticated as Razor, and
doesn't do part-wise hashing (it only hashes the entire
body, not
individual MIME parts), so it's hard to justify using Pyzor
on technical
grounds alone.
On the other hand, the set of people reporting to Razor and
the set of
people reporting to Pyzor are not identical (some
organizations can't
afford a Razor license for their traffic volume, or can't
abide by its
terms), and while there's some overlap in the intersection
of those two
sets, there's also some value to the reports that only get
made to
Pyzor's database. By consulting both Razor and Pyzor,
then, you get the
union of those two sets of reports, and the additional input
can
sometimes make all the difference.
Others may choose to use Pyzor for philosophical
reasons--supporting an
open-source alternative to Razor. In a sense, the existence
of Pyzor as
a viable alternative to Razor may well be what motivated
Cloudmark to
remove its license restrictions on Razor recently. Had
Pyzor not
existed, Cloudmark may well have chosen to charge Razor
users for access
to its database, just as they charge Windows users. In that
sense,
supporting Pyzor has a competitive effect on Razor, since
Cloudmark has
to know that if they restrict Razor's licensing too much,
some developer
is eventually going to be motivated to pick up the Pyzor
project and
develop it further--possibly into a product that's better
than Razor,
free to use, and a business-model-breaker for Cloudmark.
In the end, I continue to use and support Pyzor, but then
I'm not
running a high-traffic site so I can afford to spend more
time being
thorough in my scans. I also host several hundred
spamtraps, so I feed
the Pyzor database in the process. If I had a higher
traffic volume and
I were pressed to shave some time off of the scanning
delays, though,
Pyzor would be the first of the hashing systems I would
drop.
--
Robert LeBlanc <rjl renaissoft.com>
Renaissoft, Inc.
Maia Mailguard <http://www.maiamail
guard.com/>
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|