THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
The TxRep - Reputation Plugin
Introduction
TxRep was designed as an enhanced replacement of the AutoWhiteList plugin (https://wiki.apache.org/spamassassin/AutoWhitelist)
TxRep, just like AWL, tracks scores of Tracks scores from messages previously received, and adjusts the current message score, either by boosting messages from senders who send ham or penalizing senders who have sent spam previously. This not only treats some senders as if they were whitelisted but also treats spammers as if they were blacklisted. Each message from a particular sender adjusts the historical total score which can change them from a spammer if they send non-spam messages. Senders who are considered non-spammers can become treated as spammers if they send messages which appear to be spam.
A sender is identified using both their address and the most significant 2 octats of their IP address
(ex: mailer-daemon @club-internet.fr 194.158) This is intended to penalize spam claiming to be From you with forged headers.
Sometimes it may appear that the AWL is assigning scores the wrong way; read AwlWrongWay for details.
A simple system is score averagingSimpler told TxRep is a score averaging system. It keeps track of the historical average of a sender, and pushes any subsequent mail towards that average.
The most important difference of TxRep in comparison with AWL is its ability to learn. It can be trained by sa-learn, it has also the auto-learn ability, and old messages can be re-learned anytime to adjust historical records after a revision of rules. More differences and details are available on the TxRep POD page.
How Does It Work?
The algorithm works using a local database of entries. Each entry has a key formed by the From: address of the mailidentificator, and optionally the IP address it originated at, and the DKIM signature. It contains a TOTAL score of messages and a COUNT of messages. The MEAN score is TOTAL/COUNT. The algorithm:
- Compute the SCORE of the message from RULES 2. Compute DELTA as (MEAN-SCORE)*auto_whitelist_factor 3. Increment historical TOTAL by SCORE 4. Increment historical COUNT by one 5. Set the final score of the message to SCORE+DELTA
auto_whitelist_Each sender is identified by several IDs: the From email address in combination with the originating IP block, the standalone From email address (without any IP), the domain name of the From address, the full IP address, and the HELO name. Each of these ID types has a configurable weight factor when calculating the overall sender's reputation. The overall txrep_factor can be adjusted in the configuration to vary adjust the impact of the MEANreputation, and which may be useful when starting off.For example:
The first mail received from a sender scores 20 based on RULES. When they send you a second message that scores 2.0 based on RULES, the MEAN will push the score up to 11 ( 20/1 - 2.0 )on the second mail. This is auto blacklisting, based on their past history of spam.
If that same person sent an mail that scored 0, and then later sent one that scored 7, the AWL would push the score down to 3.5. This is auto-whitelisting based on past history of nonspam.
How do I whitelist/blacklist someone?
Utility
The auto-whitelist database (when using the DB Format backend) TxRep uses the same storage handler as its predecessor AWL, therefor TxRep DB format backend files can be examined and pruned using the program , pruned, and manipulated with the same tools as at AWL:
An enhanced version of that utility is available at
- 'sa-awl'
...
- - simple tool available in the distribution package
- 'sa-heatu' v1 - external enhanced tool (description at
...
This tar file contains only the perl source and a small readme file with some usage examples.
Spam Assassin - *H*euristic *E*mail *A*ddress *T*racker Utility
Includes the ability to remove a entries for a single email address.
This is useful when a spammer sends one or more ham messages before sending spam.
...
- )
- 'sa-heatu' v2 - newer, enhanced version (http://truxoft.com/resources/sa-heatu.v4.02.tar.gz)
See also the AWL page for some more details: https://wiki.apache.org/spamassassin/AutoWhitelist Besides other enhancements, it offers the possibility to dump, expire, or delete records by multiple criteria, including regexes. There is no online document describing all the new features, but the command line help and the integrated changelog give detailed information about them (sa-heatu -h resp. sa-heatu --changelog).