headers
David Eisner | 4 Jan 2005 17:27
Picon
Favicon

Feature Request: Configurable Timeout

In the course of events, one may oneself using razor-check to debug a
Razor problem.  For example:

--snip--
$ razor-check -d spam_20050104
...
Jan 04 11:20:31.857873 check[30653]: [ 1] razor-check error: check 2:
Timed out (15 sec) while reading from wonder.cloudmark.com
check 2: Timed out (15 sec) while reading from wonder.cloudmark.com
--snip--

It is at these times that a timeout configurable from the command line
would be handy.  However, the 15 second period appears to be a magic
number hard coded into lib/Razor2/Client/Core.pm:

--snip--
    foreach my $i (0 .. ((scalar  <at> $msg) -1) ) {
        my  <at> handles = $select->can_write (15);

...

        } else {
            return $self->error("Timed out (15 sec) while reading from
$self->{s}->{ip}");
        }
--snip--

Can this be made configurable in a future release?  Thanks for listening.

-David
(Continue reading)

Permalink | Reply | 0 comments |
headers
David Eisner | 4 Jan 2005 18:11
Picon
Favicon

wonder.cloudmark.com down?


Jan 04 12:07:23.959289 check[30953]: [ 3] Unable to connect to
wonder.cloudmark.com:2703; Reason: Connection refused.

-David

---------------------------------------------------------
D a v i d  E i s n e r        c r a d l e  <at>  u m d . e d u   
CALCE EPSC                         University of Maryland    

-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Permalink | Reply | 0 comments |
headers
David Eisner | 4 Jan 2005 20:45
Picon
Favicon

[Fwd: Re: wonder.cloudmark.com down?]


-------- Original Message --------
Subject: 	Re: [Razor-users] wonder.cloudmark.com down?
Date: 	Tue, 4 Jan 2005 11:32:16 -0800
From: 	Jordan Ritter <jpr5 <at> darkridge.com>
To: 	David Eisner <cradle <at> umd.edu>

On Tue, Jan 04, 2005 at 12:11:48PM -0500, David Eisner wrote:

# Jan 04 12:07:23.959289 check[30953]: [ 3] Unable to connect to
# wonder.cloudmark.com:2703; Reason: Connection refused.

David et al.:

    It's not down, it's being intentionally blocked in the hopes of
    forcing the legacy razor-agents to rebalance under extreme load.

    There is a long-standing bug in the razor-agents package wrt
    discovery and cycling through the server lists.  Older (but still
    recent) agents properly retrieve the csl, but fail to pare down
    (modify) the list when cycling through entries during connection
    failures or timeouts.  The consequence is a rather large body of
    agents talking to one server, and only balancing to the others
    when that one server is unavailable.  Since most razor-agent
    invocations are single-instance, the moment that single server
    becomes available again all subsequent invocations stop falling
    through to other entries on the list and swamp the first again.

    Normally this isn't a problem; we've been dealing with it for a
    long time and hopefully this will get fixed soon in a future
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew J Caines | 23 Jan 2005 01:24

Re: Spider bait

Ken,

> Hi.  I'm new to this list.

Welcome. You are warmly and strongly encouraged to peruse the list archives, so you can get a good idea of
what has been discussed.

> Unfortunately I am not a linux user, but I really like this razor idea.

I'm not a lunix user, nor are many of the folks who use many of the other
fine platforms on which razor runs. Still, there's nothing stopping you
being a Linux, FreeBSD, NetBSD, OpenBSD, Solaris, ... user if you want.

> I have an idea of how to acquire large volumes of spam automatically
> with a high degree of confidence.  Presumably this has already occured 
> to people, but I was wondering if this is used in Vipul's Razor.

The consensus, not to mention the word from the powers-that-be is that only
personally inspected and certified spam should be submitted - by hand.

There are many good arguments for and against automated reporting, which
you can find in the archives. One thing to bear in mind is that spam traps
play a part in many of the other excellent anti-spam technologies which you
should be using in addition to Razor, where they are better suited.

> There are many possible definitions of spam.  My idea is...

Not to criticise your arachnid nomenclature, they've been called spam traps
long enough for the name to stick. There's even a name[2] for putting spam
trap addressed on web pages for harvesting and at least one popular tool
(Continue reading)

Permalink | Reply | 1 comment |
headers
John Andersen | 23 Jan 2005 01:44

Re: Spider bait

On Saturday 22 January 2005 03:24 pm, Andrew J Caines wrote:
> > I have an idea of how to acquire large volumes of spam automatically
> > with a high degree of confidence.  Presumably this has already occured
> > to people, but I was wondering if this is used in Vipul's Razor.
>
> The consensus, not to mention the word from the powers-that-be is that only
> personally inspected and certified spam should be submitted - by hand.

However, I think it would be good to point out that the  
overwhelmingly vast percentage of spam reports to razor are
automated reports submitted via other spam detection engines.

To tell the truth, I haven't seen anyone from Cloudmark posting
the preference for manual reporting for a long time now.
--

-- 
_____________________________________
John Andersen
Permalink | Reply | 0 comments |
headers
Thomas Nilsen | 24 Jan 2005 14:18

Reporting SPAM from IMAP server - Example code


Don't know if this is of interest to others, but I've modified a script used for reporting spam to
Spamassassins sa-learn. The script was originally done by Nick Burch for updating the Bayesian db by
fetching mail for a public folders on MS Exchange servers over IMAP. (http://tirian.magd.ox.ac.uk/~nick/code/)

However, I could not find any similar tools for reporting mail from IMAP folders to the razor-report tool,
so I just modified the existing script a bit to call the razor-report tool. I have not tested this
extensively, but it seems to work ok.

Basically, what we do is that all users report spam not tagged by SA by moving the original email into this
SPAM folder. Then our mail server runs the following script to fetch the emails from Public Folders and
report them, in this case to razor-report.

This version contains a lot of the old SA code which is not needed...  the HAM folder setting is not used, but it
could be used to call razor-revoke..

Any input appreciated...

Regards,
Thomas Nilsen

----------------------- START OF SCRIPT -------------------------

#!/usr/bin/perl

# Imap Interface to razor-report    v0.01
# -----------------------------     -----
#
# Connects to an imap server, and filters the messages from the INBOX
# and SpamTrap
(Continue reading)

Permalink | Reply | 0 comments |
headers
George Kasica | 24 Jan 2005 21:08

Problem in Razor SDK/Razor Agent Installation

Hello:

I'm trying to install the latest razor modules here for use with
Spamassassin. I've dl'd and used sdk 2.02 and agent 2.67 as well as
directly installed Digest::SHA1 as it continues to report that as missing
:( using perl 5.8.0 here.

Below is my installation sequence, hopefully someone can help me with what
is causing the problems. I am NOT a perl coder so please keep explanations
clear and simple.

Thank you,
George Kaica
Netwrx Consulting Inc.

Begin output
============

[root <at> eagle razor-agents-sdk-2.02]# perl Makefile.PL
Warning: prerequisite Digest::SHA1 1 not found.
Writing Makefile for Digest::HMAC
Testing alignment requirements for U32... no restrictions
Writing Makefile for Digest::MD5
Writing Makefile for Digest::Nilsimsa
Writing Makefile for Digest::SHA1
Writing Makefile for Net::DNS
Writing Makefile for Test::Simple

Configuring...
(Continue reading)

Permalink | Reply | 0 comments |
headers
Eneko Lacunza | 25 Jan 2005 10:47
Picon

Problem with razor-listing

Hi all,

It seems that my email has been included in Razor spam-list. I'd like to
know how can it be removed.

Thanks a lot
--

-- 
Eneko Lacunza
O.D.E. Office
Panda Software - Bilbao (Spain) - http://www.pandasoftware.es

-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
Permalink | Reply | 0 comments |
headers
Eneko Lacunza | 25 Jan 2005 12:20
Picon

Re: AW: Problem with razor-listing

Hi,

Thanks a lot Dörfler; I tryied to find docs online but didn't found the
FAQ, sorry for my original message.

So, can someone explain why Razor says my original message
(original-message.txt) is reported and spam with more than 50%
probability (as it seems to happen somewhere, see notification.txt).

I think my original message was quite clean and innocent :) Maybe the
reporters Razor-use is broken?

Thanks a lot

El mar, 25-01-2005 a las 12:07, Dörfler Andreas escribió:
> http://razor.sourceforge.net/docs/faq.php
> 
> Q: Razor has blacklisted my email address. I am not a Spammer,
>    please help!
> 
>    Razor DOES NOT whitelist email addresses or host names. It
>    works by computing signatures on the body of the content and
>    checking these signatures against a database of known spam.
>    If you believe mail is being incorrectly blocked, most likely
>    you have misconfigured your mail system.
> 
> greetings
> andy
> 
> -----Ursprüngliche Nachricht-----
(Continue reading)

Permalink | Reply | 7 comments |
headers
Santiago Vila | 25 Jan 2005 15:56
Picon
Favicon

Re: Problem with razor-listing

On Tue, 25 Jan 2005, Eneko Lacunza wrote:

> Thanks a lot Dörfler; I tryied to find docs online but didn't found the
> FAQ, sorry for my original message.
> 
> So, can someone explain why Razor says my original message
> (original-message.txt) is reported and spam with more than 50%
> probability (as it seems to happen somewhere, see notification.txt).
> 
> I think my original message was quite clean and innocent :) Maybe the
> reporters Razor-use is broken?

The reason is that all your messages include an URL which is also
present in messages which have been reported as spam.

Quote from the changelog for version 2.61:

Introduced the Whiplash signature scheme. Whiplash signatures
are based on canonical domain names present in URLs embedded in
spam messages.

-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
Permalink | Reply | 6 comments |

Gmane