vipul's razor

Constantinos_A_Kotso · March 14, 2002, 3:28pm

Regarding spam:
Has anybody used Vipul's Razor? ( http://razor.sourceforge.net/ )
It seems to be a preety good idea! I am thinking of deploying it
but I would like to listen to more opinions on its efficiency.

Best,
Costas

Jeff_McAdams · March 14, 2002, 3:38pm

Also sprach Constantinos A. Kotsokalis

Has anybody used Vipul's Razor? ( http://razor.sourceforge.net/ ) It
seems to be a preety good idea! I am thinking of deploying it but I
would like to listen to more opinions on its efficiency.

I have it set up to dump matching messages to a seperate folder...

I'm getting a fair number of false positives...particularly on BUGTRAQ
postings.

Jeff_McAdams · March 14, 2002, 3:58pm

Also sprach Petr M. Swedock

Is't possible to use this to 'poison' the catalogue: that is to say,
how easy is it to create a denial-of-service for legitimate mail?

I'm not an expert on how Vipul's Razor does its cataloguing, but I
suspect its quite easy to do so, yes.

The man page (perldoc) for razor-report shows you how to set up a
"trolling" address that auto-submits every received email via
razor-report. Simply subscribe an address set up that way to BUGTRAQ or
other mailing lists and every BUGTRAQ post (or whatever list its
subscribed to) would be auto-submitted to razor as spam.

Then for the other people on the list that are using
razor-check...whether the post would get flagged as spam would be a race
condition...do you get your copy before the trolling address gets its
copy and gets it submitted to the catalogue?

I think the idea of the razor is good...but needs some
refinement...maybe ability to set a threshold on the number of reports
needed to flag something as spam?

Constantinos_A_Kotso · March 14, 2002, 4:02pm

Hi Petr,
I have been thinking about this as well.
Question to everyone: What kind of conditioning do you think could be applied to Vipul's Razor, in order to avoid such poisoning? A simple example is the following condition:

"If there are more than four agents reporting a mail as spam, and if they are located in different ASs, then the mail is considered as such".

What other options can you think of?

--C

PS: Thanks to Steve and Robert for providing insight and a link to http://spamassasin.org (which I was not aware of).

Petr M. Swedock wrote:

Paul_A_Vixie4 · March 14, 2002, 7:05pm

ckotso@grnet.gr ("Constantinos A. Kotsokalis") writes:

What other options can you think of?

http://www.rhyolite.com/dcc/

Mike_meuon_Harrison · March 14, 2002, 11:22pm

Regarding spam:
Has anybody used Vipul's Razor? ( http://razor.sourceforge.net/ )
It seems to be a preety good idea! I am thinking of deploying it
but I would like to listen to more opinions on its efficiency.

We've munged it into our mail server with excellent results
so far (1 week) Sendmail on Linux (RH 7.1 modified),
that gets 200k-300k messages a day. We are going to setup
our own server for it as well. --Mike--