false positives

Dan Mahoney, System Admin danm@prime.gushi.org
Thu Oct 20 19:19:40 UTC 2005


On Thu, 20 Oct 2005, Jeff Mincy wrote:

> On Thu, 20 Oct 2005, vjs@calcite.rhyolite.com wrote:
>
>>> From: "Dan Mahoney, System Admin"
>>
>>> If people flag those things as spam and report them, then they will score.
>>>
>>> At least, that's my thinking.
>>
>> Not exactly.  As Sven Willenberger wrote, the DCC detects bulk mail.
>> You must add a local whitelist to distinguish solicited bulk mail
>> (e.g. legitiamte newsletters) from spam or unsolicited bulk mail.
>>
>> Mailing lists are bulk mail and should be detected as bulk.  Most
>> legitimate bulk mail should not have target countss of millions, but
>> it could.  The DCC "MANY" value is in fact any target greater than or
>> equal to 16,777,200.  If you are seeing legitimate bulk mail with
>> target counts of "MANY," it is probably because someone has miswired
>> a system to report all incoming mail with the bloated counts common
>> to spam traps.
>
> The easiest installation and use of DCC through SpamAssassin will
> wind up reporting newsletters and having newsletters tagged by DCC.
> By simple I mean installing DCC with no extra setup and enabling DCC
> in the Spamassassin user_prefs.

Yes, and if you've whitelisted a sender with SpamAssassin, then chances 
are your DCC score will not be the thing that pushes a message above the 
spam threshold.

Whether or not the mail is in the DCC whitelist is notwithstanding at that 
point.

Yes, sa-learn --ham or spamassassin --add-to-whitelist should possibly 
also add to your DCC whitelist, I guess.

Personally, I run spamd on a totally different box.  Prefs are kept in 
SQL.  I have written a script that takes SA's user_prefs files and (on 
demand or in full) stuffs them into a DB.

I posted to the spamassassin-users list asking if anyone wanted a copy, if 
it was worth polishing and committing to the source tree.  As has happened 
more than I can count on two hands from that list, I got *zero* response, 
so I deigned not to care.  I've since wired the script into my webmin 
spamassassin module (which updates user_prefs) so that it works there as 
well, and have even tweaked my squirrelmail module (which updates the DB 
directly) so that if a user edits their prefs that way, they are 
re-fetched back into user_prefs file in the homedirectory (if the user has 
one, of course).

I don't know from a cursory glance at the docs if there's a way to have 
DCC read SQL prefs.  If so, it's pretty trivial to modify my code to do 
this as well.

This is quickly turning into a rant, however.

Personally, my largest problem with most of these things is they're all 
well and good if you use a unix shell, but all SUCK if you're using a 
client like outlook -- and don't have clue about what's under the hood. 
Outlook's arguably the most popular user-agent out there, and there's no 
client support (other than an imap folder hack) for doing half the things 
you need to do within the mailer (for learning, whitelisting, reporting, 
etc -- this applies equally to DCC or SpamAssassin).  If my grandmother's 
email from southwest airlines (she's a snowbird, it's not spam to her) 
gets snagged by DCC, I add it to her SA whitelist and consider it done.

A nice web-plugin with cookie-support and persistent login would be great 
for this -- DSPAM has such a feature, but this is really stretching the 
bounds of the fact that this is the DCC mailing list.

Users don't really care HOW a spam was scored through which subsystem or 
which plugin.  They only care, yes or no, do they get false positives. 
(We've all accepted false negatives as a fact of life, I think).

So whatever gets the message into the right box, use.

--

"I wish the Real World would just stop hassling me!"

-Matchbox 20, Real World, off the album "Yourself or Someone Like You"


--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.