Benny Pedersen wrote:
That is a good starting point for writing a plugin to do something
similar but the OP wants to hash the subject not the body.
subject is part of the body
Correct me if I'm wrong, but I believe that ixhash splits the part after
the blank line (body) and hashes it using the appropriate method(s).
Last I checked, the "Subject:" line is in the header, before the blank
in the part it discards.
I started doing this a while ago in addition to using ixhash.
how ?
Wrote a plugin that gets the exact subject line from SA, hashes it then
queries a remote server. Still debating of subject hashing is worth it
in the end as this rule overlaps with several others such as CRM114,
ixhash and some other custom rules.
After engineering a Client-Server plugin to provide realtime hash stats
it helps to push
spam over the threshold without having too many false positives.
with the hashhack-server.pl ?
The only part I found valuable for my environment was the regular
expressions showing how it generates the hashes. Otherwise, I tossed it
all out and rolled my own. I learned quick that exporting the data to a
rbldns zone was too slow so I took the approach of using a UDP messaging
system to directly query a central server that contains all the data
collected by my spamtraps. Doing this boosted the hash hit rate
substatially over DNS data that was dumped every 5 minutes. I'm still
revising the architecture but plan on releasing all the code shortly.
In other words, I hate perl and the code looks like crap so let me clean
it up before I totally embarrass myself! :-)
Hope that all makes sense as I'm not really good at explaining things.
I'm more of a lock-him-in-the-back-and-let-him-code type of person.
--Blaine
