Versions Compared

Old Version 19

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version 20

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added installation instructions (late night version)

iXhash.pm is a plugin for SpamAssassin 3.1.0 and up. A version compatible with SpamAssassin 3.0 is provided as well.

Basically the plugin provides a network-based test, just as razor2, pyzor and DCC do. Working solely on the body of an email, it removes parts of it and computes a hash value from the rest. These values will then be looked up via DNS using the domains given in the config file(s). You need Net::DNS and Digest::MD5 installed.

Please note that, while this plugin realises some sort of 'fuzzy checksum', the fuzzyness is realised by reducing the body text of an email to its (characteristic) minumum. The MD5 hashing algorithm used is not fuzzy. Accordingly there are no 'confidence levels' or things of that sort. It's hit or no hit.

For those more deeply interested: This plugin is based on parts of the procmail-based project 'NiX Spam', developed by Bert Ungerer.(un@ix.de) If you can read German, read up at http://www.heise.de/ix/nixspam/. The procmail code producing the hashes only can be found here: ftp://ftp.ix.de/pub/ix/ix_listings/2004/05/checksumsNeeds a good discription of this plugin here.

Instructions

The top file is ixhash.cf - an example config file

The middle file 'ixhash.pm' is the current version, use this with SA 3.1.x

The bottom file is 'ixhash_v300.pm', use this if you run SA 3.0.x.

  1. copy paste the bottom half either 'ixhash.pm' or 'ixhash_v300.pm' into a file called ixhash.pm, depending on the SA version you plan to use the plugin with. 2. copy-paste the top half into a file called "ixhash.cf" 3. place ixhash.pm somewhere that is global r/x - like /etc/mail/spamassassin 4. edit the first line of ixhash.cf cf (loadplugin) to reflect where ixhash.pm is. 5. if you have to use the ixhash_v300.pm version, delete/comment the 'ixhash_timeout' line. This feature is not available with your version 6. copy ixhash.cf into /etc/mail/spamassasssin 7. run 'spamassassin -D < /some/mail/message', where '/some/mail/message' is a file containing an email. The copious output (on STDERR) should contain some occurences of 'IXHASH', showing you the plugin is being used. 8. restart spamd/amavisd/whateverDaemonUsesSpamAssassin

ixhash.cf

No Format
  loadplugin    Mail::SpamAssassin::Plugin::iXhash /path/to/iXhash.pm
# This makes DNS queries time out after 10 seconds (2x default)
  ixhash_timeout    10

# This list uses iX Magazine's spam as datasource.
  body          IXHASH eval:ixhashtest('ix.dnsbl.manitu.net')
  describe 	IXHASH This mail has been classified as spam @ iX Magazine, Germany
  tflags        IXHASH net
  score         IXHASH 1.5

# This list comes in @ spamtraps run by LogIn & Solutions AG, Germany
# Manually verified stuff
  body 	        LOGINHASH1 eval:ixhashtest('nospam.login-solutions.de')
  describe 	LOGINHASH1 mail has been classified as spam @ LogIn&Solutions AG, Germany
  tflags        LOGINHASH1 net
  score         LOGINHASH1 1.5

# This list contains hashes from Mails classified as spam at a larger company based in Germany
# Lots of stuff, but automatically categorized and contributed
  body 	        LOGINHASH2 eval:ixhashtest('nospam.login-solutions.ag')
  describe 	LOGINHASH2 mail has been classified as spam @ unknown company, Germany
  tflags        LOGINHASH2 net
  score         LOGINHASH2 1.5

...