---------------------------- Original Message ---------------------------- Subject: Re: New version of iXhash plugin available From: "Jeremy Fairbrass" <[EMAIL PROTECTED]> Date: Thu, July 5, 2007 10:49 am To: users@spamassassin.apache.org --------------------------------------------------------------------------
Thanks Dirk! I have a question: two of the RBL zones have very similar names - nospam.login-solutions.de and nospam.login-solutions.ag. Do they belong to the same company, and what are the differences between them? Eg. do they both contain exactly the same data (hashes) as each other, or are there some differences between them, such that it's adviseable to use them both? (I also noted that in your latest .cf file, you score each one differently - 4.5 vs. 2.5). Cheers, Jeremy "Dirk Bonengel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Folks, > > I've finally come around to releasing a new version of the iXhash plugin. If you happen to use that plugin, just get the code (now located at http://ixhash.sf.net) and upgrade. > Normally simply replacing the iXhash.pm file should do. Just make sure you have the version corresponding to your SA version. The new version now uses Net::DNS::Resolver's query method (as opposed to search in the earlier code) and stops computing hashes once it's got a hit. > > For those that don't know what this plugin does: It uses an algorithm developed by Bert Ungerer of the German IT magazin iX (Heise Verlag) to compute fuzzy checksums from (spam) emails and checks them against those hashes I and Heise computed from our spam ( and serve via DNS). In short, this puts it in the league of Pyzor, Razor and DCC. It's certainly no 'German Wunderwaffe' against spam but I think it has its merits. > > If you happen to have some significant spamtrap feed you might also be interested to set up your own hash database to check your production mails against. I added a server program that computes the necessary hashes and stores them in a MySQL table as well as another plugin that sources that table. If you do let me know - I'd be interested in any results. > > Dirk > Yepp, there's a difference. First of all, both domains belong to the company I work for, Login & Solutions AG. I was allowed to use them for this project, and they provide some hosting for me as well, so I simply have to say 'Thank you' here. The difference is that the .de domain is fed by input that's either visually checked or stems from dedicated spamtraps, so I'm quite confident the hashes contained really mark spam. The .ag domain contains hashes either from feedback loops (ie. end users) or from mails marked as spam by other systems. Thus there's a higher risk of getting FPs from that list - hence the lower score. My advice is to score the .de domain a bit higher but YMMV. mass-check results welcome Dirk
