headers
Kelson Vibber | 1 Jun 2004 18:13
Favicon

Re: Spam sent to mailinglists

At 03:40 AM 5/30/2004, Mabry Tyson wrote:
>You have to report non-spam as well.   If all that is reported is spam, 
>then there is nothing to compare it against.  You bias the system to 
>recognize everything as spam and your false positives (non-spam classified 
>as spam) soar (where 0.5% is too high).

AFAIK, revoking something that's not already in Razor's database won't do 
anything.  To make a comparison to Bayesian systems, Razor only accepts 
error-based training for non-spam.

So if you get something that's labeled incorrectly, you should definitely 
revoke it.  But if it's not labeled, I don't believe it will have any effect.

Kelson Vibber
SpeedGate Communications <www.speed.net> 

-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
Permalink | Reply | 0 comments |
headers
Matt Kettler | 1 Jun 2004 20:06

Re: Spam sent to mailinglists

At 06:40 AM 5/30/2004, Mabry Tyson wrote:
>Matt Kettler wrote:
> > Dude, razor is NOT a bayes subsystem.
> >
>Dude, I didn't say it was Bayesian.

Perhaps not, but claiming people should razor-revoke nonspam messages as a 
general whole implies a gross misunderstanding of razor. That model is only 
aplicable to bayesian or other token analysis systems.

> > Razor is a database of hashes of known spam messages. Period.
>
>Wrong.

>Obviously, you've never looked under the hood of razor and have no idea 
>how it really works.

No, I have. I understand how razor works extraordinarily well, and from 
your message you understand it well too. However, I feel you're broadly 
over-generalizing the use of razor-revoke.

There are cases where revoking nonspam makes sense, but doing it 
indiscriminately, as you suggest, is foolhardy and wasteful.

I will not retract my statement that razor is a database of hashes of known 
spam messages.

The on-line server which you can query stores only message hashes and their 
associated cf scores.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Robert Grasso | 3 Jun 2004 13:21
Favicon

Cloudmark servers down ?

Hello,

I am a Unix/Linux system administrator, but quite new to Razor. I installed
v2.4 at home on Linux Mandrake 9.2, and it runs quite normally, catching
some spams. Then I installed v2.4 at work on RedHat 7.2 with Perl 5.6.1 and
add-ons from CPAN(I know, RH 7.2 is an *old* version) there I had problems
(the Cloudmark servers were contacted correctly, but no spam was found) and
I was about to post for help, but since this morning at UTC 7:48, I have a
huge number of connection failures with the Cloudmark servers.

- connections up to 7:48 reported "mail 1 is not spam" (this will be my next
post) but succeeded
- connections from 7:48 to 8:34 reported : "Operation now in progress" but
finally completed
- some connections began to fail at 8:06
- and from  8:37, every connection is failing telling "Connection refused"

I pasted below a full log for one unsuccessfull razor-check

Am I alone with this issue ? Is there some blacklist mechanism in the
servers ? Are they under attack ? or out of order ?

Best regards

  .-.   Robert GRASSO - CEDRAT S.A.
  /v\   10, Chemin de Pre Carre - ZIRST - 38246 MEYLAN Cedex - FRANCE
 // \\  Tel: +33 (0)4 76 90 50 45 Fax: +33 (0)4 76 90 16 09
/(   )\ mailto:Robert.Grasso <at> cedrat.com
 ^^-^^
UNIX was not designed to stop you from doing stupid things, because
(Continue reading)

Permalink | Reply | 2 comments |
headers
Patrick Shanahan | 3 Jun 2004 13:46
Picon

Re: Cloudmark servers down ?

* Robert Grasso <Robert.Grasso <at> cedrat.com> [06-03-04 06:22]:
 Hello,
> 
> I am a Unix/Linux system administrator, but quite new to Razor. I installed
> v2.4 at home on Linux Mandrake 9.2, and it runs quite normally, catching
> some spams. Then I installed v2.4 at work on RedHat 7.2 with Perl 5.6.1 and
> add-ons from CPAN(I know, RH 7.2 is an *old* version) there I had problems
> (the Cloudmark servers were contacted correctly, but no spam was found) and
> I was about to post for help, but since this morning at UTC 7:48, I have a
> huge number of connection failures with the Cloudmark servers.
> 
> - connections up to 7:48 reported "mail 1 is not spam" (this will be my next
> post) but succeeded
> - connections from 7:48 to 8:34 reported : "Operation now in progress" but
> finally completed
> - some connections began to fail at 8:06
> - and from  8:37, every connection is failing telling "Connection refused"

My log shows somewhat similar occurances.  'Unable to connect' ...
'Reason: Connection refused.' since Jun 03 08:08:02.962601 check[708].
--

-- 
Patrick Shanahan                        Registered Linux User #207535
http://wahoo.no-ip.org                         <at>  http://counter.li.org
HOG # US1244711

-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
(Continue reading)

Permalink | Reply | 1 comment |
headers
Patrick Shanahan | 3 Jun 2004 17:09
Picon

Re: Cloudmark servers down ?

* Patrick Shanahan <paka <at> wahoo.no-ip.org> [06-03-04 06:47]:
> 
> My log shows somewhat similar occurances.  'Unable to connect' ...
> 'Reason: Connection refused.' since Jun 03 08:08:02.962601 check[708].

Appears to be back:
  Jun 03 11:42:31.883935 check[5862]
--

-- 
Patrick Shanahan                        Registered Linux User #207535
http://wahoo.no-ip.org                         <at>  http://counter.li.org
HOG # US1244711

-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
Permalink | Reply | 0 comments |
headers
Claus Westerkamp | 3 Jun 2004 17:21
Favicon

razor fails with err 202, aka no mail is checked

Hello folks,

it seems I cannot get razor to check any mail. did all hints given in
previous posts but it didnt help.

anyone have a clue pls?

thx in advance
claus

p.s. thx vipul for contributing this awesome piece of code

Jun 02 11:50:01.018820 check[20846]: [ 2] [bootup] Logging initiated
LogDebugLevel=6 to file:/var/log/razor-agent.log
Jun 02 11:50:01.020497 check[20846]: [ 5] computed razorhome=/etc/razor,
conf=/etc/razor/razor-agent.conf, ident=/etc/razor/identity
Jun 02 11:50:01.026378 check[20846]: [ 5] read_file: 2 items read from
/etc/razor/servers.discovery.lst
Jun 02 11:50:01.027729 check[20846]: [ 5] read_file: 2 items read from
/etc/razor/servers.nomination.lst
Jun 02 11:50:01.029004 check[20846]: [ 5] read_file: 2 items read from
/etc/razor/servers.catalogue.lst
Jun 02 11:50:01.035498 check[20846]: [ 5] read_file: 13 items read from
/etc/razor/server.joy.cloudmark.com.conf
Jun 02 11:50:01.038102 check[20846]: [ 5] read_file: 13 items read from
/etc/razor/server.joy.cloudmark.com.conf
Jun 02 11:50:01.039060 check[20846]: [ 5] 145428 seconds before closest
server discovery
Jun 02 11:50:01.039895 check[20846]: [ 6] thrill.cloudmark.com is a
Unknown-Type:  Server srl -1; computed min_cf=0, Server se: 0F
(Continue reading)

Permalink | Reply | 0 comments |
headers
Robert Grasso | 3 Jun 2004 18:31
Favicon

First use of Razor

Hello,

This is my first use of Razor : I installed Razor v2.4 on our SMTP server
running RedHat 7.2 with perl 5.6.1. And I joined the list today. Razor seems
to work correctly, anyway I noticed some troubles :

- I installed it in the system procmailrc (/etc/procmailrc), in order to
catch spam for many users. Indeed, it catched false positive which were
normal email from people within the company. Could anyboby tell me her or
his experience about Razor false positives ? I confess that I have been a
bit surprised that it catched false positives so easily.

- Razor seems to be sensitive to some configurations : I first installed
razor-agent.conf in /etc/razor, but I wanted to have it configured in some
standard Unix way, so I wanted to have the config file in /etc, and variable
parts, such as servers lists, in /var, so I wrote :

listfile_catalogue = /var/razor/servers.catalogue.lst
listfile_discovery = /var/razor/servers.discovery.lst
listfile_nomination = /var/razor/servers.nomination.lst

keeping this razor-agent.conf, razor seemed to work correctly, but it did
not identify any spam, always reporting "mail 1 is not spam".

well, as this is the corporate SMTP server, I did not want to perform too
many tests, but as soon as I removed /etc/razor/razor-agent.conf (so leaving
razor unconfigured), razor began identifying spams.

Does anybody has similar experiences, hints, explanations ... ?
(Continue reading)

Permalink | Reply | 2 comments |
headers
Patrick Shanahan | 3 Jun 2004 20:38
Picon

Re: Cloudmark servers down ?

* vipul <at> cloudmark.com <vipul <at> cloudmark.com> [06-03-04 13:18]:
> There was an unscheduled maintainance during that time.  It has been
> rectified now.

thanks for the info
--

-- 
Patrick Shanahan                        Registered Linux User #207535
http://wahoo.no-ip.org                         <at>  http://counter.li.org
HOG # US1244711

-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
Permalink | Reply | 0 comments |
headers
Claus Westerkamp | 4 Jun 2004 14:01
Favicon

Re: razor fails with err 202, aka no mail is checked

hi,

I have read that suggestion in this post 
http://www.mail-archive.com/razor-users <at> lists.sourceforge.net/msg01735.html 
.
however it didnt solve my problem.

# pwd
/etc/razor
# ls server*
server.folly.cloudmark.com.conf  servers.discovery.lst
servers.catalogue.lst            servers.nomination.lst

these are the files I have deleted and reconstructed as you mentioned.

Jun 04 13:58:03.283875 check[7768]: [ 4] mail 1.0 e=4 
sig=2YE2RB4nqUsmMo0BdWco_f18W6kA: got err 202 for query:
  HASH - HASH(0x10126b0),4 keys
     a => c
     e => 4
     ep4 => 7542-10
     s => 2YE2RB4nqUsmMo0BdWco_f18W6kA
Jun 04 13:58:03.284942 check[7768]: [ 3] mail 1 is not known spam.
Jun 04 13:58:03.285350 check[7768]: [ 5] disconnecting from server 
66.151.150.36Jun 04 13:58:03.286288 check[7768]: [ 4] 66.151.150.36 << 5
Jun 04 13:58:03.286644 check[7768]: [ 6] a=q

can you give an additional hint?

the machine running here is:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Matt Kettler | 4 Jun 2004 19:45

Re: First use of Razor

At 12:31 PM 6/3/2004, Robert Grasso wrote:
>- I installed it in the system procmailrc (/etc/procmailrc), in order to
>catch spam for many users. Indeed, it catched false positive which were
>normal email from people within the company. Could anyboby tell me her or
>his experience about Razor false positives ? I confess that I have been a
>bit surprised that it catched false positives so easily.

Razor by default will declare a message spam if *any* of the mime parts are 
in the database as spam.

If you're users are using things like embedded clip-art images, etc, then 
they too will be checked separately from the message itself. If a spammer 
used the same item and not enough people have issued a revoke with that 
item, then it will match.

You can change the behavior from "any parts" to "all parts" by changing 
logic_method to 5. You'll drastically reduce your spam-catch rate, but 
you'll avoid some FP cases too.

>- Razor seems to be sensitive to some configurations : I first installed
>razor-agent.conf in /etc/razor, but I wanted to have it configured in some
>standard Unix way, so I wanted to have the config file in /etc, and variable
>parts, such as servers lists, in /var, so I wrote :
>
>listfile_catalogue = /var/razor/servers.catalogue.lst
>listfile_discovery = /var/razor/servers.discovery.lst
>listfile_nomination = /var/razor/servers.nomination.lst
>
>keeping this razor-agent.conf, razor seemed to work correctly, but it did
>not identify any spam, always reporting "mail 1 is not spam".
(Continue reading)

Permalink | Reply | 1 comment |

Gmane