-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Chris,

Friday, July 25, 2003, 7:09:32 AM, you wrote:

CS> Well I've done another update on the rules site. Some great rules
CS> submitted again. Lots I want to incorporate myself.

Agreed. I've captured a few that I've added to my user_prefs. Thanks for
indicating who submitted each of the rules -- I've added (source) in my
personal copy.

CS> I have received a few rules that score points for bounced emails.
CS> What is everyone's take on this? 
 
CS> Yes bounces can be generated by spam, but for the most part I believe
CS> them to be legit. I think it may be dangerous to start scoring
CS> bounces. IMHO.

I've done my best to identify those bounces which seem to be spam because
of the types of bounces. I have not created a rule on the common "no
user" situation. I do use bounce rules for three specific types of
bounces, and before implementing them I ran them against my personal
corpus and verified I have not received any ham which matched those
rules.
 
CS> Secondly we never clarified if it was ok to discuss rules here in
CS> mass. I can't help it. Seeing all these rules has got me wanting to
CS> discuss them, and the posts regarding them will no doubt increase. So
CS> shall we continue to use SAtalk? I think we should. Maybe just put
CS> [RD] in the subject for rule discussion?

[RD] keying suits me just fine. If we should get out of control and need
to break off a separate list, I'm willing to offer the mailman facilities
at menschel.net, but I hope we'll be able to continue using this list.

Friday, July 25, 2003, 11:55:26 AM, Justin Mason wrote:

JM>   1. categorise the rules, add descriptions, and tag with the names
JM> of who submitted them and (obfuscated) email addresses of that
JM> person, so that they can be contacted if we choose to pick 'em up.

Agreed. (I added "{RM]" to the end of the description of each rule I
submitted last night.)

JM>   2. use good names, and use a rule name prefix like "WIKI_" so those
JM> rules don't get confused with the default ruleset.

There's been some minor discussion on rule naming on the list, and
there's some guidelines in the basic SA docs and Matt's HOWTO, but I'd
like to see more discussion on how we might be able to standardize these.

My personal practice has been to prefix my local rules with L_, follow
that by the type of rule (t = to, f = from, s = subject, hr = received,
hc = content-type, hx = x-mailer or exists, b = body, bp = body (phone
number rule), be = body (email address rule), rb = rawbody, u = URI), and
then to follow that with a meaningful or mnemonic name. eg:
* L_u_uspronation is a URI rule trapping uspronation.com
* L_t_bobbf is a ToCC rule to an old bigfoot.com email address of mine
  which only receives spam these days
* L_f_Allsomething is a From rule where the address begins with "All",
  blank, something
etc.

JM>   3. ensure the rules can be scraped easily by automated scripts,
JM> e.g. use a common format for the rule lines, and/or surround them
JM> with tags, and/or produce "export" pages that contains just the
JM> rules, without non-config text.

My vote would be for export-only plain text pages with no formatting and
no non-rule text. My preferred method of copying rules would be to
download the export file, open it in a text editor, surf through the web
pages and see which rules are of interest, and then copy/paste from the
plain ascii file.

JM>   4. figure out some way to do QA!  An easy way to do this is to
JM> script up something that runs nightly, extracting the rules into a
JM> config file (see point 3), running spamassassin --lint on that file
JM> to avoid syntax errors, then does a mass-check and hit-frequencies
JM> report on the good rules.
4) then dumps that report into another web page where we could see just
how good the rules were. That would be beautiful!

JM>   5. put up some simple guidelines -- e.g. "avoid single-word rules"
JM> etc. I think Matt K's "rule writing HOWTO" is the best set of
JM> suggestions here.

Actually, I find single-word rules very useful. In addition to my rules
for [EMAIL PROTECTED] w0rds, I have rules for casino, tax, names of spam products
(eg: DVD-pro or Climatique), Ebay, generic, secrecy, confidential, and
wrinkles. They generally have minimal scores (wrinkles, for instance, has
0.3, though Climatique by itself scores at my spam threshold), but enough
low scores will push an otherwise FN over my required hits level.

Bob Menschel

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPyHs4ZebK8E4qh1HEQLnjACg7WvkYaGxsb4eQ4Z4pwyK6yZBy5YAoOHh
JuB7CcJmt3CS9vki05ydCXyO
=/DbX
-----END PGP SIGNATURE-----




-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to