[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4688: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4690: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4691: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4692: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
Poco Forums • View topic - Check email against DNSBLs (DNS blacklists)

Check email against DNSBLs (DNS blacklists)

Scripting questions and ideas

Moderators: Eric, Tomas, robin, Michael

Postby tallcangal » Wed Sep 01, 2004 2:01 pm

Hi Mat.

I have to say that I am very impressed with what you have come up with! It works wonders with the PM filtering.

I haven't reset my statistics since implementing this although I will do so right now. I have only had 2 emails missed though since using it for about a week.

Now, after resetting everything, let's see how it truly works (should have done this before :oops: ). :wink:
tallcangal
Frequent Visitor
 
Posts: 65
Joined: Mon Jul 26, 2004 7:54 am
Location: Canada

Postby Hogyt » Wed Sep 01, 2004 2:07 pm

Thats great news! Thanks for the feedback, it's good to know its working for other people :D
Mat
Hogyt
Poco Enthusiast
 
Posts: 241
Joined: Thu Jul 29, 2004 11:22 am
Location: England

Postby tribble » Wed Sep 01, 2004 3:12 pm

I'm not sure this is running correctly for me.
I forwarded myself a message that the bayes filter previously classified as spam. I have your script running BEFORE the bayes filter as suggested.

The headers look like this:
X-Poco-Spam-DNSBL: Received from IP address (68.50.99.16)
        spamsources.fabel.dk-false (+0)
        cbl.abuseat.org-false (+0)
        relays.nthelp.com-false (+0)
        dsn.rfc-ignorant.org-false (+0)
        ipwhois.rfc-ignorant.org-false (+0)
        block.blars.org-true (+3)
        bl.spamcop.net-false (-1)
        list.dsbl.org-false (-1)
        sbl.spamhaus.org-false (+0)
        opm.blitzed.org-false (-1)
        dnsbl.njabl.org-false (-1)
        dnsbl.sorbs.net-true (+8)
        Debug - #spamscore 7 #waitattempt 7 #timeout 8

As you can see, it has a couple 'true' values. It seemed to bypass the standard bayes filter and was sent to the (otherwise) correct mailbox (as if it was not spam).

I'm confident I have the filter setup incorrectly.
Filter messages for (all accounts)
Matching (all characters)
Search (entire message)
for ()
Perform (run script)
dnslb
tribble
Poco Enthusiast
 
Posts: 430
Joined: Wed Jul 28, 2004 8:55 am

Postby Hogyt » Wed Sep 01, 2004 8:05 pm

Thanks for reporting Tribble! It probably is working but it sounds like on the second run Bayes picked up on something in the headers which made it think the spam was ham. That could be because you forwarded or bounced the mail to yourself. For example, if you look in the headers of the original email you're unlikely to find anything like:

X-Mailer: Poco3 Beta (1965) - Licensed Version

But if you look in the headers of the email you forwarded/bounced to yourself you will find something like that. If you then look in DBGood.ini you'll see it (probably) has an entry:

X-MAILER-poco3

So that a header like that will affect the Bayes score and will probably make the mail look less spammy (unless you have lots of people spamming you from PocoMail!).

You may like to change the option "Use new style headers?" in the Setup Script screen for this script to False. The Bayes filter could be tipped by the headers this script generates and setting that option to False should minimise that chance. On the other hand, some people (Vamp!) want Bayes to be affected by the headers this script generates so for him he'll want it set to True. If you find yourself receiving lots of email like this then you could alter the scores this script gives so that even without Bayes it will be classified as spam, but then that increases the chance of it making mistakes too.

So to summarise, your message was probably border line spam according to Bayes and something tipped the classification towards the ham direction when you received it the second time. What exactly that was i don't know but theres a couple of ideas for you.

What definitely would help is if the Bayes filter could be forced to train on messages that this script classifies as spam. If anyone knows how to do that please say :)
Mat
Hogyt
Poco Enthusiast
 
Posts: 241
Joined: Thu Jul 29, 2004 11:22 am
Location: England

Postby vamp07 » Wed Sep 01, 2004 11:16 pm

Forwarding a message creates new headers. You should have a new set of DNSBL headers on your new incoming message.


tribble wrote:I'm not sure this is running correctly for me.
I forwarded myself a message that the bayes filter previously classified as spam. I have your script running BEFORE the bayes filter as suggested.

The headers look like this:
X-Poco-Spam-DNSBL: Received from IP address (68.50.99.16)
        spamsources.fabel.dk-false (+0)
        cbl.abuseat.org-false (+0)
        relays.nthelp.com-false (+0)
        dsn.rfc-ignorant.org-false (+0)
        ipwhois.rfc-ignorant.org-false (+0)
        block.blars.org-true (+3)
        bl.spamcop.net-false (-1)
        list.dsbl.org-false (-1)
        sbl.spamhaus.org-false (+0)
        opm.blitzed.org-false (-1)
        dnsbl.njabl.org-false (-1)
        dnsbl.sorbs.net-true (+8)
        Debug - #spamscore 7 #waitattempt 7 #timeout 8

As you can see, it has a couple 'true' values. It seemed to bypass the standard bayes filter and was sent to the (otherwise) correct mailbox (as if it was not spam).

I'm confident I have the filter setup incorrectly.
Filter messages for (all accounts)
Matching (all characters)
Search (entire message)
for ()
Perform (run script)
dnslb
vamp07
Frequent Visitor
 
Posts: 66
Joined: Mon Jul 26, 2004 11:31 am

Postby vamp07 » Wed Sep 01, 2004 11:21 pm

Mat,

I doubt the new headers have anything to do with it. If anything they would help in this case. It takes a long time for this stuff to have an effect on incoming messages. Pocomail Bayesian filters are not very sensitive. I think they did the right thing. This message he forwarded went though his smtp server etc etc and probably should be considered ham.

Hogyt wrote:You may like to change the option "Use new style headers?" in the Setup Script screen for this script to False. The Bayes filter could be tipped by the headers this script generates and setting that option to False should minimise that chance. On the other hand, some people (Vamp!) want Bayes to be affected by the headers this script generates so for him he'll want it set to True. If you find yourself receiving lots of email like this then you could alter the scores this script gives so that even without Bayes it will be classified as spam, but then that increases the chance of it making mistakes too.
vamp07
Frequent Visitor
 
Posts: 66
Joined: Mon Jul 26, 2004 11:31 am

Postby tribble » Thu Sep 02, 2004 4:22 am

Unfortunately, I can not get this to work correctly WITH the bayes filters. The way it SHOULD work is: builtin bayes filters first. This will ensure "most" of the spam is caught. Then AFTER the bayes filters, run your script to further refine the spam sources. This has the added benefit of not bogging my system down with unnecessary checks against the dnsbl until/unless I actually want it.

For example, first the bayes check and route messages to the junk folder. Next (or maybe first?) would be the check against "allowed senders" THEN this script.

Sadly, I can not get it to work this way. I get one or the other, but not both dnsbl check and the builtin bayes filters.
tribble
Poco Enthusiast
 
Posts: 430
Joined: Wed Jul 28, 2004 8:55 am

Postby Hogyt » Thu Sep 02, 2004 4:39 am

I'm not sure it would work well the way you describe it. The Bayes filter makes false positives (classifies hams as spams) so you cannot run Bayes and assume that if it has found a spam it is correct and skip the other checks. Even with the maximum threshold this is bound to still happen.

If the method you describe did work in theory then i don't think it is possible in practise because as soon as the Junk Mail filter (Bayes) has run then if it identifies the mail as spam, the mail is moved to the Junk mailbox and no more filters will run, ie. this script will not run. If the Junk Mail filter does not tag the mail as spam then this script can run, so you get the behaviour you described of one of the tests tagging the mail but not both.

So in short you need this script to run before the built in Junk Mail filters. If this script is bogging down your machine then you could check less DNSBLs and decrease the timeout value. Probably using just 2 or 3 of the DNSBLs would still help dramatically. Sorry that is not a perfect set up for you but i don't see any way to improve it!
Mat
Hogyt
Poco Enthusiast
 
Posts: 241
Joined: Thu Jul 29, 2004 11:22 am
Location: England

Postby tribble » Thu Sep 02, 2004 4:50 am

Well, I can always describe my version of nirvana :-)

Seriously though, somewhere, my config must he incorrect as I can get only one or the other to work. Never both (script/bayes)
tribble
Poco Enthusiast
 
Posts: 430
Joined: Wed Jul 28, 2004 8:55 am

Postby Hogyt » Thu Sep 02, 2004 4:54 am

In the filters window, have you got this script running before the built in Junk Mail filters?
Mat
Hogyt
Poco Enthusiast
 
Posts: 241
Joined: Thu Jul 29, 2004 11:22 am
Location: England

Postby vamp07 » Thu Sep 02, 2004 6:57 am

Actually I think this is a great way to run the filter. You run bayes first and then let DNSBL verify what is left. If it something is Spam then it move it to the junk folder where it automatically helps train the Bayesian filters. You still need to verify the junk folder anyways for errors. What I am going to do is run bayes first followed by this script and then by another filter of the score. Since I use strict bayes I will move to junk anything less then or equal to 95 which means DNSBL reduced the score of 100 by at least 5.


Hogyt wrote:I'm not sure it would work well the way you describe it. The Bayes filter makes false positives (classifies hams as spams) so you cannot run Bayes and assume that if it has found a spam it is correct and skip the other checks. Even with the maximum threshold this is bound to still happen.
vamp07
Frequent Visitor
 
Posts: 66
Joined: Mon Jul 26, 2004 11:31 am

Postby tribble » Thu Sep 02, 2004 8:31 am

Mat, I've tried it first and second. If first, only the script runs, not the built in bayes filter. If second, this script does not run at all.

I'm still reasonably sure I've got something configured incorrectly. Look at this:

Image
tribble
Poco Enthusiast
 
Posts: 430
Joined: Wed Jul 28, 2004 8:55 am

Postby Hogyt » Thu Sep 02, 2004 8:34 am

You've got the order correct (at least how i like it!) in the filter window. Instead of running it as a filter, try clicking on the "Add Script" button in the filters window and adding the script that way. I hope that works Tribble! :)
Mat
Hogyt
Poco Enthusiast
 
Posts: 241
Joined: Thu Jul 29, 2004 11:22 am
Location: England

Postby tribble » Thu Sep 02, 2004 8:40 am

Eureka! That did it Mat! I didn't even 'see' that option :-(

Now I've tried it as the first entry, I'll wait for more untagged spam that the bayes filter misses (after making it first in the list again) and see if this catches it :-)
tribble
Poco Enthusiast
 
Posts: 430
Joined: Wed Jul 28, 2004 8:55 am

Postby Hogyt » Thu Sep 02, 2004 8:45 am

Great! :) Once you get it working how you like it please post back how you use it.

I'm quite tempted to try running the script only if the sender isn't in my address book to save running it on every email. I don't remember ever getting a spam from anyone in my address book and i don't have any mailing lists in it so that might work. Theres lots of possibilities for setting the script up and thats half the fun ;)
Mat
Hogyt
Poco Enthusiast
 
Posts: 241
Joined: Thu Jul 29, 2004 11:22 am
Location: England

PreviousNext

Return to PocoScript Help and How-To

Who is online

Users browsing this forum: No registered users and 2 guests

cron