Tweaking Reputation Parameters

Georg Graf georg.graf@wu-wien.ac.at
Tue, 20 Sep 2005 09:57:48 +0200 

On Mon, Sep 19, 2005 at 08:32:17AM -0600, Vernon Schryver wrote:

> > From: Georg Graf <georg.graf@wu-wien.ac.at>

[...]

> Were the false positives bulk mail?  If so, the sender or the messages
> should be whitelisted or those messages will be detected as bulk and
> rejected by the classic DCC mechanism.

No, not a bulk mail. Just a mail that was sent from extern to 11
people in our domain. I have set the rej-thold to 50. I hold it
impossible to whitelist something like that.

[...]

> That message must have been sent to at least 11 mailboxes and so was
> somewhat bulk.

well, yes.

[...]

> > ||  REP_ARGS="-t rep,90 -t rep-total,1000"
> 
> 90% and 1000 seem rather high.  

You saw that in this case (only "-t rep,80") it did not work for
me. What would you suggest next? My idea was

Hmm. This comes from my effort to set the reputation parameters
in a way that they do not yield "false positives" where "false
positives" means mails that people want to get and that are not
commercial. I am aware there is no way for the DCC to know that
;)

I think I have a fundamental problem with reputations. The higher
I set the rep-total value, the more I can be sure that (100-rep)%
of mail from a host are not bulk messages. If I lower the
rep-total value, then I trust the reputation values even if I
dont know much about a host.

What do you think about these arguments?

> There is another parameter that is hard-coded inside dccd.  That
> is the number of substantially identical copies of a message that
> must be seen to make it "bulk" and so increase the "rep" count for
> an IP address.  It is currently 10.  Would your false positives have
> happened if it were 20?  What threshold do you use for bulk mail?

I use the "common choice": "-t CMN,25,50". Since the mail really
had only 11 recepients, this would have done the job, I think.

thankyou,

  george

--
Vienna University of Economics and Business Administration
Central and Internet Services Section
Center for Computer Services
UNIX Server Administration
PGP/GPG Key ID: 0xa5232ad5