procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SpamDunk Project update August 2

1998-08-02 20:17:25
from [Walter Dnes] [Permanent Link] 
The most recent update is August 2/98.  If you've downloaded the
files June 13 or later, you only need to download "NOTLIST.TXT",
and upload it as "isnotlist" in your ".nospam"  subdirectory.
Also, I recommend setting SLACK=0, because there are fewer false
positives to ignore.  See my sig for URL.  Reasons for update... 

   1.to put up at least some protection against the buffer-
     overflow vulnerability that has surfaced in recent days
     in several email clients.  That was the driving force for
     getting this update out right now. Other improvements that
     were in the pipeline were also included.

   2.more code-tweaking to reduce the false positive count even
     lower than before.

   3.making the entire filter "kinder and gentler" on your
     ISP's cpu

     - almost all of the recipes only look at the headers. The
       revised versions now only feed the headers through
       formail for flagging, rather than the entire message.
       The end result is not changed, just that fewer cpu
       cycles are used. 

     - there are some recipes that use the Message-Id: as a
       control.  I've re-arranged the recipes so that if the
       Message-Id: is invalid, the Message-Id:-depandant tests
       are skipped.

Known problems...
   1.The parsing of Message-Id: to determine the sender's domain
     was not working properly for two-letter country codes in the
     previous release.  I've got it working for the .uk domain
     now.  If not for the urgency of defending against the email
     buffer-overflow exploit, I would've delayed this release
     until I had the code generalized to work with any two-letter
     country code.  This will be done in the next release.

   2.Domains, which use an outside mail server with a different
     *BASE DOMAIN NAME* to send their mail, look exactly like a
     throw-away dial-up account relay-raping a foreign server;
     resulting in false positives.  The work-around is to white-
     list trusted servers.  Use the MYLISTS variable in the
     procvars module.
       The above problem does not affect virtual domains, which
     are physically hosted on an ISP's machine, or sub-domains
     which have prefixes before the base domain name.

-- 
Walter Dnes <waltdnes(_at_)interlog(_dot_)com> procmail spamfilter
http://www.interlog.com/~waltdnes/spamdunk/spamdunk.htm
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • SpamDunk Project update August 2, Walter Dnes <=
Previous by Date:  Re: Help! Need to use procmail to fight dangerous security exploit, Walter Dnes
Next by Date:  Re: 175 channels of Satellite TV costs less than standard cable., John D. Hardin
Previous by Thread:  175 channels of Satellite TV costs less than standard cable., sensible
Next by Thread:  Re: Hop-Count Header, Edward J. Sabol
Indexes:  [Date] [Thread] [Top] [All Lists]