Milter-greylist

Hello

Here is a new developement snapshot:
Developement snapshot (not for production!) milter-greylist-3.1.2.tgz.
MD5 (milter-greylist-3.1.2.tgz) = c965d9850c36a2b613e9784bebd9a80e 

Changes since 3.1.1:
        Fix timespamp on sparc64 (Gert Doering)
        Add the ability to query extrnal sources in ACL using URL
        Add connexion pools for URL queries to enable persistent connexions
        Fix dependency in rc-bsd.sh: it's mail, not sendmail
        Add DATA-stage ACL
        Update to .spec file (Rudy Eschauzier)
        Allow header and body searches in DATA-stage ACL
        Allow CIDR match for DNSRBL
        Allow multiple macro, dnsrbl, urlcheck, body and header clauses in ACL

I made heavy changes to the way ACL and lists are implemented. I cannot test
all the possible situations for regression, so testers are welcome.

-- 
Emmanuel Dreyfus
manu@...

Here is the latest snapshot:

http://ftp.espci.fr/pub/milter-greylist/milter-greylist-3.1.3.tgz
MD5 (milter-greylist-3.1.3.tgz) = f281b0257851357a48c31369670c45e8

To 3.1.2 testers: you really want to do that upgrade. I found 3 nasty bugs
that caused instability and unexpected results.

While I'm here, I'd like to seek comments on the following ACL, which is
designed to fight image spam:
dacl blacklist body /src[:blank:]*=(3D)?[:blank:]*["']?[:blank:]*cid:/ \
        msg "HTML messages with embedded images are now refused"

-- 
Emmanuel Dreyfus
manu@...

According to Emmanuel Dreyfus:
> 
> While I'm here, I'd like to seek comments on the following ACL, which is
> designed to fight image spam:
> dacl blacklist body /src[:blank:]*=(3D)?[:blank:]*["']?[:blank:]*cid:/ \
>         msg "HTML messages with embedded images are now refused"

not usable for me. That matches at least a third of my business emails,
including customers and suppliers.
All seems to be company enforced sigs with logos and links.

/Fabien

Fabien Tassin <fta+miltergreylist@...> wrote:

> > While I'm here, I'd like to seek comments on the following ACL, which is
> > designed to fight image spam:
> > dacl blacklist body /src[:blank:]*=(3D)?[:blank:]*["']?[:blank:]*cid:/ \
> >         msg "HTML messages with embedded images are now refused"
> 
> not usable for me. That matches at least a third of my business emails,
> including customers and suppliers.
> All seems to be company enforced sigs with logos and links.

And the images are embedded in the mail and referenced with a cid: URL?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

According to manu@...:
> 
> > > While I'm here, I'd like to seek comments on the following ACL, which is
> > > designed to fight image spam:
> > > dacl blacklist body /src[:blank:]*=(3D)?[:blank:]*["']?[:blank:]*cid:/ \
> > >         msg "HTML messages with embedded images are now refused"
> > 
> > not usable for me. That matches at least a third of my business emails,
> > including customers and suppliers.
> > All seems to be company enforced sigs with logos and links.
> 
> And the images are embedded in the mail and referenced with a cid: URL?

Correct. Such a regexp could only lead to tons of false positive.

What you can do is to feed all emails matching this to 'gocr' then check
the result against a list of words..
That may not be enough as direct ocr is still too weak (animated gifs,
transcoding, and stuff..). Add that and you obtain FuzzyOcr.

/Fabien

Fabien Tassin <fta+miltergreylist@...> wrote:

> What you can do is to feed all emails matching this to 'gocr' then check
> the result against a list of words..
> That may not be enough as direct ocr is still too weak (animated gifs,
> transcoding, and stuff..). Add that and you obtain FuzzyOcr.

Not quite. In order to get FuzzyOcr, you still need ot have it written
in Perl and with a dependency on spamassassin :-)

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

According to manu@...:
> 
> > What you can do is to feed all emails matching this to 'gocr' then check
> > the result against a list of words..
> > That may not be enough as direct ocr is still too weak (animated gifs,
> > transcoding, and stuff..). Add that and you obtain FuzzyOcr.
> 
> Not quite. In order to get FuzzyOcr, you still need ot have it written
> in Perl and with a dependency on spamassassin :-)

no, I said you can do it yourself using something that can play with
MIME parts, plenty of tools to manipulate pictures, an OCR of some kind,
and a dict-based rule.
Then, you will have something similar to FuzzyOcr. I don't think
it's wise to put that in milter-greylist, it should be yet-another-milter,
but IMHO, it's redundant. The bonus of doing that in spamassassin is scoring.

With FuzzyOcr, I got no false positive so far and very few misses,
so that's enough for me at the moment. I'm just concerned by the spams
that still get through, despite all what I already have in place.

[ my current problem is with valid mailing lists that let spams pass through.
greylist is useless here, and spamassassin is of no use because of bayes
and autowhitelist who think the from are good guys.. indeed, it's the list,
not the initial from. If I disable bayes (only 0-50 as this is the range
decreasing the score), then all yahoo groups are completely seen as spam,
and plenty of other valid stuffs too. I'm currently trying to adjust the
weigths of bayes instead of disabling them but I would prefer a better
option that I have yet to find. ]

/Fabien

On Fri, Jan 05, 2007 at 05:49:19PM +0100, Fabien Tassin wrote:
> no, I said you can do it yourself using something that can play with
> MIME parts, plenty of tools to manipulate pictures, an OCR of some kind,
> and a dict-based rule.
> Then, you will have something similar to FuzzyOcr. I don't think
> it's wise to put that in milter-greylist, it should be yet-another-milter,

Yes, I agree. In fact my plan would be to add a MIME section with the
output of some OCR code. 

> but IMHO, it's redundant. The bonus of doing that in spamassassin is scoring.

It's only redundant if you run spamassassin. I don't run it anymore.

--
Emmanuel Dreyfus
manu@...