---------------------------- Original Message ----------------------------
Subject: Re: New version of iXhash plugin available
From: "Jeremy Fairbrass"
Date: Thu, July 5, 2007 10:49 am
To: users@spamassassin.apache.org

Thanks Dirk!
I have a question: two of the RBL zones have very similar names -
nospam.login-solutions.de and nospam.login-solutions.ag. Do they belong
to the same company, and what are the differences between them? Eg. do
they both contain exactly the same data (hashes) as each other, or are
there some differences between them, such that it's adviseable to use them
both? (I also noted that in your latest .cf file, you score each one
differently - 4.5 vs. 2.5).


"Dirk Bonengel" wrote in message
> Folks,
> I've finally come around to releasing a new version of the iXhash

plugin. If you happen to use that plugin, just get the code (now
located at http://ixhash.sf.net) and upgrade.
> Normally simply replacing the iXhash.pm file should do. Just make sure

you have the version corresponding to your SA version. The new version
now uses Net:NS::Resolver's query method (as opposed to search in the
earlier code) and stops computing hashes once it's got a hit.
> For those that don't know what this plugin does: It uses an algorithm

developed by Bert Ungerer of the German IT magazin iX (Heise Verlag) to
compute fuzzy checksums from (spam) emails and checks them against those
hashes I and Heise computed from our spam ( and serve via DNS). In
short, this puts it in the league of Pyzor, Razor and DCC. It's
certainly no 'German Wunderwaffe' against spam but I think it has its
> If you happen to have some significant spamtrap feed you might also be

interested to set up your own hash database to check your production
mails against. I added a server program that computes the necessary
hashes and stores them in a MySQL table as well as another plugin that
sources that table. If you do let me know - I'd be interested in any
> Dirk

Yepp, there's a difference.
First of all, both domains belong to the company I work for, Login &
Solutions AG. I was allowed to use them for this project, and they provide
some hosting for me as well, so I simply have to say 'Thank you' here.

The difference is that the .de domain is fed by input that's either
visually checked or stems from dedicated spamtraps, so I'm quite confident
the hashes contained really mark spam.

The .ag domain contains hashes either from feedback loops (ie. end users)
or from mails marked as spam by other systems. Thus there's a higher risk
of getting FPs from that list - hence the lower score.

My advice is to score the .de domain a bit higher but YMMV. mass-check
results welcome