Re: German Spam - SpamAssassin

This is a discussion on Re: German Spam - SpamAssassin ; On Mittwoch, 30. Mai 2007 Sebastian Wiesinger wrote: > It's a nice ruleset but we had a major problem with it. *RDJ pulled > in an update which contained these lines: Sorry for that problem, and sorry for only answering ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Re: German Spam

  1. Re: German Spam

    On Mittwoch, 30. Mai 2007 Sebastian Wiesinger wrote:
    > It's a nice ruleset but we had a major problem with it. *RDJ pulled
    > in an update which contained these lines:


    Sorry for that problem, and sorry for only answering now. I'd been busy
    on some private problems, and hope to get into this list more often
    again. In case of problems with the ZMI_GERMAN rulesets, please contact
    the e-mail address listed in that file - I read that more often than
    this list.

    I wish more people would use the ZMI_GERMAN ruleset, and contribute to
    it. Our servers are very heavily Anti-SPAM now, and I didn't get german
    some for quite some time that would have passed our filters, so
    inclusion of new spam is slow now. So, please report spam to me
    directly.

    mfg zmi
    --
    // Michael Monnerie, Ing.BSc ----- http://it-management.at
    // Tel: 0676/846 914 666 .network.your.ideas.
    // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
    // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
    // Keyserver: www.keyserver.net Key-ID: 1C1209B4

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.4-svn0 (GNU/Linux)

    iD8DBQBIKaBQzhSR9xwSCbQRAuXiAKCh+tJWgYDVltTp20relM 98Rfnp+wCglZF7
    d4potoNwICsZ4wAIJt/Za3A=
    =PCR4
    -----END PGP SIGNATURE-----


  2. Re: German Spam

    On Tue, 2008-05-13 at 16:06 +0200, Michael Monnerie wrote:

    > I wish more people would use the ZMI_GERMAN ruleset, and contribute to


    I used to use it, but dropped it quite a while ago when it didn't hit on
    *my* particular German spam any longer.

    During a few weak moments, I even pondered setting up and publishing my
    own German rules, specifically targeting "seriously bad" German and
    phrases. Anyway...

    How to contribute? I might think about that.


    > it. Our servers are very heavily Anti-SPAM now, and I didn't get german
    > some for quite some time that would have passed our filters, so
    > inclusion of new spam is slow now. So, please report spam to me
    > directly.


    guenther


    --
    char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
    main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}


  3. Re: German Spam


    Karsten =?ISO-8859-1?Q?Br=E4ckelmann?= writes:
    > On Tue, 2008-05-13 at 16:06 +0200, Michael Monnerie wrote:
    >
    > > I wish more people would use the ZMI_GERMAN ruleset, and contribute to

    >
    > I used to use it, but dropped it quite a while ago when it didn't hit on
    > *my* particular German spam any longer.
    >
    > During a few weak moments, I even pondered setting up and publishing my
    > own German rules, specifically targeting "seriously bad" German and
    > phrases. Anyway...
    >
    > How to contribute? I might think about that.


    btw, a good way to build such a ruleset would be to collect a good corpus
    of recent german spam (and a lot of ham), then use the
    seek-rules-from-corpus script to generate a "sought" ruleset similar to
    the JM_SOUGHT rules, as described here:

    http://taint.org/2007/08/04/200125a.html

    it's very straightforward. the hardest part is setting up rule update
    production afterwards (scripting BIND zone generation etc.)...

    --j.


  4. Re: German Spam

    On Sonntag, 18. Mai 2008 Karsten Bräckelmann wrote:
    > I used to use it, but dropped it quite a while ago when it didn't hit
    > on *my* particular German spam any longer.


    The hard thing for me is to tell if a certain spam could pass through
    other people's filters. We're having a heavy anti spam setup, and
    almost nothing passes through. Some honeypots addresses are whitelisted
    and receive spam, but almost all of it is recognised from the
    beginning. And I try to only write rules for german text that is
    previously not recognised.

    It would be nice to have all rules for SA (at least their names) in SQL,
    and on every hit increase a counter and set the now() timestamp to see
    which rules do not get hit anymore. With the actual text file, you
    can't tell really, and I cannot drop rules just because I do not get
    hits anymore, so I'd need that distributed to see some good stats -
    which would mean people should distribute back their stats. Is there
    anything similar? I'm currently doing mass-checks, but that doesn't
    help me with my rules really, as it only reflects my results.

    > During a few weak moments, I even pondered setting up and publishing
    > my own German rules, specifically targeting "seriously bad" German
    > and phrases. Anyway...
    > How to contribute? I might think about that.


    I'd be happy about that, and could setup an SVN for that if you'd like.
    I'm not sure my current way to list SPAM is the best, but at least I
    didn't get any feedback about FPs in the last months.

    mfg zmi
    --
    // Michael Monnerie, Ing.BSc ----- http://it-management.at
    // Tel: 0676/846 914 666 .network.your.ideas.
    // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
    // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
    // Keyserver: www.keyserver.net Key-ID: 1C1209B4

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.4-svn0 (GNU/Linux)

    iD8DBQBIOmOrzhSR9xwSCbQRAnfDAJ9WqQg63bnB+GktoRrBLc PLPT2hgACeNBWw
    6iT8fbiaE1c1MkLNGjeSem4=
    =a1tc
    -----END PGP SIGNATURE-----


  5. Re: German Spam


    Michael Monnerie writes:
    > On Sonntag, 18. Mai 2008 Karsten Bräckelmann wrote:
    > > I used to use it, but dropped it quite a while ago when it didn't hit
    > > on *my* particular German spam any longer.

    >
    > The hard thing for me is to tell if a certain spam could pass through
    > other people's filters. We're having a heavy anti spam setup, and
    > almost nothing passes through. Some honeypots addresses are whitelisted
    > and receive spam, but almost all of it is recognised from the
    > beginning. And I try to only write rules for german text that is
    > previously not recognised.
    >
    > It would be nice to have all rules for SA (at least their names) in SQL,
    > and on every hit increase a counter and set the now() timestamp to see
    > which rules do not get hit anymore. With the actual text file, you
    > can't tell really, and I cannot drop rules just because I do not get
    > hits anymore, so I'd need that distributed to see some good stats -
    > which would mean people should distribute back their stats. Is there
    > anything similar?


    Not that I know of. It would be possible to write as a plugin, though,
    and I agree -- it sounds like a good idea.

    --j.


  6. Re: German Spam

    On Montag, 26. Mai 2008 Giampaolo Tomassoni wrote:
    > Why not open a specific ruleset at SARE
    > (http://www.rulesemporium.com).


    I talked to them in 2005, but they didn't want it because they don't
    have any native german dev. So I created a separate ruleset.

    > Some rules against German spam would be useful also in other
    > countries as well. I'm from Italy, in example, and occasionally my
    > MXes get a spam in German language.


    You're free to use it. How to get it:
    # SpamAssassin Channel: 70_zmi_german.cf.zmi.sa-update.dostech.net
    # Also via RDJ (RulesDuJour) as: ZMI_GERMAN
    # RDJ is available at http://www.exit0.us/index.php?pagename=RulesDuJour
    # Home: http://sa.zmi.at/rulesets/70_zmi_german.cf

    mfg zmi
    --
    // Michael Monnerie, Ing.BSc ----- http://it-management.at
    // Tel: 0676/846 914 666 .network.your.ideas.
    // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
    // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
    // Keyserver: www.keyserver.net Key-ID: 1C1209B4

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.4-svn0 (GNU/Linux)

    iD8DBQBIOoPIzhSR9xwSCbQRAkS9AJ9AksQp1S5I6VQRdUQi1Y I/VXfnqACbBTEr
    WTLKaturohDQ+u55gzrjABs=
    =JNg0
    -----END PGP SIGNATURE-----


  7. Re: German Spam

    On Montag, 26. Mai 2008 Justin Mason wrote:
    > > It would be nice to have all rules for SA (at least their names) in
    > > SQL, and on every hit increase a counter and set the now()
    > > timestamp to see which rules do not get hit anymore. With the
    > > actual text file, you can't tell really, and I cannot drop rules
    > > just because I do not get hits anymore, so I'd need that
    > > distributed to see some good stats - which would mean people should
    > > distribute back their stats. Is there anything similar?

    >
    > Not that I know of. *It would be possible to write as a plugin,
    > though, and I agree -- it sounds like a good idea.


    There'd be a central server where clients can report their stats
    occasionaly (hourly, daily, weekly, monthly) and from this the rules
    can be (semi-)optimized. Rules that get not hit during 6+ months can
    then be disabled/dropped. This server must be definable per-ruleset, so
    you can use it on different contributors.

    But I'm no hacker, more a designer. So it doesn't help if I only think
    about it - but maybe there are people here interested in coding this?

    mfg zmi
    --
    // Michael Monnerie, Ing.BSc ----- http://it-management.at
    // Tel: 0676/846 914 666 .network.your.ideas.
    // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
    // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
    // Keyserver: www.keyserver.net Key-ID: 1C1209B4

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.4-svn0 (GNU/Linux)

    iD8DBQBIOoUHzhSR9xwSCbQRAphBAJ0aBUllL1HjcxZ1A5eyw3 Fwl0IRsQCfRFf1
    KU8HHE/GB3163D8fnazM52Y=
    =LOB/
    -----END PGP SIGNATURE-----


  8. Re: German Spam


    Michael Monnerie writes:
    > On Montag, 26. Mai 2008 Justin Mason wrote:
    > > > It would be nice to have all rules for SA (at least their names) in
    > > > SQL, and on every hit increase a counter and set the now()
    > > > timestamp to see which rules do not get hit anymore. With the
    > > > actual text file, you can't tell really, and I cannot drop rules
    > > > just because I do not get hits anymore, so I'd need that
    > > > distributed to see some good stats - which would mean people should
    > > > distribute back their stats. Is there anything similar?

    > >
    > > Not that I know of. *It would be possible to write as a plugin,
    > > though, and I agree -- it sounds like a good idea.

    >
    > There'd be a central server where clients can report their stats
    > occasionaly (hourly, daily, weekly, monthly) and from this the rules
    > can be (semi-)optimized. Rules that get not hit during 6+ months can
    > then be disabled/dropped. This server must be definable per-ruleset, so
    > you can use it on different contributors.


    it'd be nice if ham hits could be reported, too, to measure FPs...
    using the plugin_revoke() reporting APIs.
    that may be too complex.

    > But I'm no hacker, more a designer. So it doesn't help if I only think
    > about it - but maybe there are people here interested in coding this?


    I'm afraid I'm kept busy enough with the core SpamAssassin stuff

    --j.


+ Reply to Thread