Mailing List Archive: SpamAssassin: devel

Pushing an update for HDRS_LCASE and 12LTRDOM?

Index | Next | Previous | View Threaded

jhardin at impsec

Aug 6, 2012, 8:52 AM

Post #1 of 6 (206 views)
Permalink

Pushing an update for HDRS_LCASE and 12LTRDOM?

All:

The masscheck corpora are persistently hovering just below the thresholds
needed for an automatic rules update to be generated, and the complaints
about the high scores for the 12LTRDOM and HDRS_LCASE rules are getting
louder.

I recommend the best immediate course of action would be to manually
update the 70_scores.cf file in the current updates tarball to set the
scores for these rules to advisory levels and release that as a new
update. I think this would be safer than pushing a manual rules update
using scores based on somewhat-starved corpora.

I'd be willing to do this but I don't know the details of where the master
update tarballs live or how to publish a new update to DNS.

Is there agreement that this is an appropriate course of action? I someone
who does know the details willing to do this?

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Gun Control laws aren't enacted to control guns, they are enacted
to control people: catholics (1500s), japanese peasants (1600s),
blacks (1860s), italian immigrants (1911), the irish (1920s),
jews (1930s), blacks (1960s), the poor (always)
-----------------------------------------------------------------------
Today: the 67th anniversary of the Hiroshima bombing

KMcGrail at PCCC

Aug 6, 2012, 9:55 AM

Post #2 of 6 (191 views)
Permalink

Re: Pushing an update for HDRS_LCASE and 12LTRDOM? [In reply to]

On 8/6/2012 11:52 AM, John Hardin wrote:
> All:
>
> The masscheck corpora are persistently hovering just below the
> thresholds needed for an automatic rules update to be generated, and
> the complaints about the high scores for the 12LTRDOM and HDRS_LCASE
> rules are getting louder.
>
> I recommend the best immediate course of action would be to manually
> update the 70_scores.cf file in the current updates tarball to set the
> scores for these rules to advisory levels and release that as a new
> update. I think this would be safer than pushing a manual rules update
> using scores based on somewhat-starved corpora.
>
> I'd be willing to do this but I don't know the details of where the
> master update tarballs live or how to publish a new update to DNS.
>
> Is there agreement that this is an appropriate course of action? I
> someone who does know the details willing to do this?
>
I don't think this is the right action, really. I think we have to get
the infrastructure for mass checks working. I know that's my focus (and
I'm making good strides at work towards being able to focus more).

I think the key solution for people having problem is to run a slightly
older version of the update that has the better scores. If you identify
a good version, I believe there is a well document way to revert to that
version. But beyond that, contact me off-list and I'll discuss what I
can do to help.

Regards,
KAM

jhardin at impsec

Aug 6, 2012, 10:43 AM

Post #3 of 6 (191 views)
Permalink

Re: Pushing an update for HDRS_LCASE and 12LTRDOM? [In reply to]

On Mon, 6 Aug 2012, Kevin A. McGrail wrote:

> On 8/6/2012 11:52 AM, John Hardin wrote:
>> All:
>>
>> The masscheck corpora are persistently hovering just below the thresholds
>> needed for an automatic rules update to be generated, and the complaints
>> about the high scores for the 12LTRDOM and HDRS_LCASE rules are getting
>> louder.
>>
>> I recommend the best immediate course of action would be to manually
>> update the 70_scores.cf file in the current updates tarball to set the
>> scores for these rules to advisory levels and release that as a new
>> update. I think this would be safer than pushing a manual rules update
>> using scores based on somewhat-starved corpora.
>>
>> I'd be willing to do this but I don't know the details of where the master
>> update tarballs live or how to publish a new update to DNS.
>>
>> Is there agreement that this is an appropriate course of action? Is
>> someone who does know the details willing to do this?
>
> I don't think this is the right action, really. I think we have to get the
> infrastructure for mass checks working. I know that's my focus (and I'm
> making good strides at work towards being able to focus more).

I agree that's the best and correct long-term solution. I was more
concerned with fixing this specific issue immediately without introducing
a lot of possible problems from simply pushing a manual rules update using
the current rules and masscheck scores. When the masscheck system hits the
threshold limits a "correct" automatic update would go out and replace
this "hotfix" score patch update.

> I think the key solution for people having problem is to run a slightly older
> version of the update that has the better scores. If you identify a good
> version, I believe there is a well document way to revert to that version.

In the specific case being discussed right now on the users list the
problematic SA host is the ASF mailing list server, which is apparently
rejecting ham from users in legitimate 12-letter domains.

Do any of the ASF dev team members have administrative access to that
server to roll it back to an older update?

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Today: the 67th anniversary of the Hiroshima bombing

KMcGrail at PCCC

Aug 6, 2012, 10:52 AM

Post #4 of 6 (189 views)
Permalink

Re: Pushing an update for HDRS_LCASE and 12LTRDOM? [In reply to]

On 8/6/2012 1:43 PM, John Hardin wrote:
>
> In the specific case being discussed right now on the users list the
> problematic SA host is the ASF mailing list server, which is
> apparently rejecting ham from users in legitimate 12-letter domains.
>
> Do any of the ASF dev team members have administrative access to that
> server to roll it back to an older update?
I didn't catch that, sigh. OK, we need to get masschecks working. I'll
spend a few hours tonight and see what I can get done.

However, I believe if you follow the emergency release procedure, it
pushes out a "new" update. I am just unsure if that wrks if masscheck is
below thresholds.

--
*Kevin A. McGrail*
President

Peregrine Computer Consultants Corporation
3927 Old Lee Highway, Suite 102-C
Fairfax, VA 22030-2422

http://www.pccc.com/

703-359-9700 x50 / 800-823-8402 (Toll-Free)
703-359-8451 (fax)
KMcGrail [at] PCCC <mailto:kmcgrail [at] pccc>

Attachments:

pccc_logo.gif (10.2 KB)

jhardin at impsec

Aug 6, 2012, 11:02 AM

Post #5 of 6 (186 views)
Permalink

Re: Pushing an update for HDRS_LCASE and 12LTRDOM? [In reply to]

On Mon, 6 Aug 2012, John Hardin wrote:

> On Mon, 6 Aug 2012, Kevin A. McGrail wrote:
>
>> On 8/6/2012 11:52 AM, John Hardin wrote:
>> > All:
>> >
>> > The masscheck corpora are persistently hovering just below the
>> > thresholds
>> > needed for an automatic rules update to be generated, and the
>> > complaints
>> > about the high scores for the 12LTRDOM and HDRS_LCASE rules are getting
>> > louder.
>> >
>> > I recommend the best immediate course of action would be to manually
>> > update the 70_scores.cf file in the current updates tarball to set the
>> > scores for these rules to advisory levels and release that as a new
>> > update. I think this would be safer than pushing a manual rules update
>> > using scores based on somewhat-starved corpora.
>> >
>> > I'd be willing to do this but I don't know the details of where the
>> > master
>> > update tarballs live or how to publish a new update to DNS.
>> >
>> > Is there agreement that this is an appropriate course of action? Is
>> > someone who does know the details willing to do this?
>>
>> I don't think this is the right action, really. I think we have to get
>> the infrastructure for mass checks working. I know that's my focus (and
>> I'm making good strides at work towards being able to focus more).
>
> I agree that's the best and correct long-term solution. I was more concerned
> with fixing this specific issue immediately without introducing a lot of
> possible problems from simply pushing a manual rules update using the current
> rules and masscheck scores.

Question: would making a tarball that contains _just_ a 70_scores.cf (or
more likely 72_scores.cf or even 73_sandbox_manual_scores.cf) file patch
just this problem without affecting anything else? I haven't looked
through the sa-update code to see what it actually does with the update
files from the tarball...

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If "healthcare is a Right" means that the government is obligated
to provide the people with hospitals, physicians, treatments and
medications at low or no cost, then the right to free speech means
the government is obligated to provide the people with printing
presses and public address systems, the right to freedom of
religion means the government is obligated to build churches for the
people, and the right to keep and bear arms means the government is
obligated to provide the people with guns, all at low or no cost.
-----------------------------------------------------------------------
Today: the 67th anniversary of the Hiroshima bombing

me at junc

Aug 6, 2012, 11:51 PM

Post #6 of 6 (184 views)
Permalink

Re: Pushing an update for HDRS LCASE and 12LTRDOM? [In reply to]

Den 2012-08-06 19:52, Kevin A. McGrail skrev:

> KEVIN A. MCGRAIL
> President

hehe, in USA ? :)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads