Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

Shortcircuit Rules

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


mysqlstudent at gmail

Oct 29, 2009, 9:11 AM

Post #1 of 5 (227 views)
Permalink
Shortcircuit Rules
Hi,

I'm interested in experimenting with shortcircuiting, and wondered if
anyone had some examples they're using that they could share?

If I understand correctly, the tests involving simple parsing instead
of those involving network connections work best due to the inherent
overhead with network connections?

Thanks,
Alex


tedm at ipinc

Oct 29, 2009, 10:40 AM

Post #2 of 5 (224 views)
Permalink
Re: Shortcircuit Rules [In reply to]
Alex wrote:
> Hi,
>
> I'm interested in experimenting with shortcircuiting, and wondered if
> anyone had some examples they're using that they could share?
>

My $0.02

I use a number of shortcircuits but they are not in SA they are
in sendmail.cf They are subject line checks. I started this
with the Viagra spam, looking at the common permutations of viagra
spelling, such as v!agra, etc.

Why not block it at the MTA before it even gets to SA - if you can?

Ted


mysqlstudent at gmail

Oct 29, 2009, 6:51 PM

Post #3 of 5 (215 views)
Permalink
Re: Shortcircuit Rules [In reply to]
Hi,

> I use a number of shortcircuits but they are not in SA they are
> in sendmail.cf  They are subject line checks.  I started this
> with the Viagra spam, looking at the common permutations of viagra
> spelling, such as v!agra, etc.
>
> Why not block it at the MTA before it even gets to SA - if you can?

To that end, and although it's not (specifically) SA-related, this is
a wonderfully helpful document for postfix UCE:

http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

There's also a great collection of additional links at the bottom.

Regards,
Alex


mynabble at live

Oct 30, 2009, 2:21 AM

Post #4 of 5 (211 views)
Permalink
Re: Shortcircuit Rules [In reply to]
Alex-325 wrote:
> I'm interested in experimenting with shortcircuiting, and wondered if
> anyone had some examples they're using that they could share?
We are using it to shortcircuit HAM and prevent blowing CPU cycles on
newsletters that people expect to never contain spam. So, there is a
'shortcircuit.cf' that lives in /etc/mail/spamassassin and looks like this:

loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
report Content analysis details: (_SCORE_ points, _REQD_ required, s/c
_SCTYPE_)

ifplugin Mail::SpamAssassin::Plugin::Shortcircuit

# always log shortcircuit status
add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_
shortcircuit=_SCTYPE_ autolearn=_AUTOLEARN_ version=_VERSION_"

# Note: add_header statement should be on one line..., your browser might
snap that in two

# Trusted newsletters
meta SC_NEWSLETTER (HAM001||HAM002||HAM003)
priority SC_NEWSLETTER -500
shortcircuit SC_NEWSLETTER on
score SC_NEWSLETTER 0.1

# JADA Newsletter
header __HAM001_FROM Return-Path =~ /.*nce\.j\.c\@b\.jada\.com/
header __HAM001_SNDR Received =~ /123\.234\.123\./
meta HAM001 (__HAM001_FROM && __HAM001_SNDR)
score HAM001 0.1
describe HAM001 Newsletter from jadajada

# YON YetAnotherNewsletter
header __HAM002_FROM From =~ /.*munication-briefs\@yon\.com/
header __HAM002_SNDR Received =~ /12\.13\.14\.1/
meta HAM002 (__HAM002_FROM && __HAM002_SNDR)
score HAM002 0.1
describe HAM002 Newsletter from YetAnotherNewsletter

# MoreNice stuff (debugged)
header __HAM003_FROM Return-Path =~
/.*\@mail\.morenice\.com|bounce\.j\.c\@.*/
header __HAM003_SNDR Received =~ /198\.99\.245\./
meta HAM003 (__HAM003_FROM && __HAM003_SNDR)
score HAM003 0.1
describe HAM003 Newsletter delivered by MoreNice stuff

endif

So, a check on Return-Path, combined with the ip address where it comes
from, to reasonably prevent any abuse of the shortcut, and a hit results in
no more handling by SA and prevent any further CPU load. Given the nature of
'pushy' newsletter-senders, it prevents CPU spikes when some newsletters
come in bulk on the electronic doormat. Other then shortcircuiting and
saving CPU cycles, it also prevents any false positives on the few selected
'special' newsletters here.

--
View this message in context: http://old.nabble.com/Shortcircuit-Rules-tp26116110p26127045.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


hege at hege

Oct 30, 2009, 5:13 AM

Post #5 of 5 (210 views)
Permalink
Re: Shortcircuit Rules [In reply to]
On Fri, Oct 30, 2009 at 02:21:10AM -0700, Mynabbler wrote:
>
>
> Alex-325 wrote:
> > I'm interested in experimenting with shortcircuiting, and wondered if
> > anyone had some examples they're using that they could share?
> We are using it to shortcircuit HAM and prevent blowing CPU cycles on
> newsletters that people expect to never contain spam. So, there is a
> 'shortcircuit.cf' that lives in /etc/mail/spamassassin and looks like this:


For the record, if you want to save even more resources, here are some
thoughts for even quicker shortcircuiting without DNS queries sent etc.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5930

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.