No Format |
---|
loadplugin Mail::SpamAssassin::Plugin::iXhash /path/to/iXhash.pm
# This makes DNS queries time out after 10 seconds (2x default)
ixhash_timeout 10
# This list uses iX Magazine's spam as datasource.
body IXHASH eval:ixhashtest('ix.dnsbl.manitu.net')
describe IXHASH This mail has been classified as spam @ iX Magazine, Germany
tflags IXHASH net
score IXHASH 1.5
# This list comes in @ spamtraps run by LogIn & Solutions AG, Germany
# Manually verified stuff
body LOGINHASH1 eval:ixhashtest('nospam.login-solutions.de')
describe LOGINHASH1 mail has been classified as spam @ LogIn&Solutions AG, Germany
tflags LOGINHASH1 net
score LOGINHASH1 1.5
# This list contains hashes from Mails classified as spam at a larger company based in Germany
# Lots of stuff, but automatically categorized and contributed
body LOGINHASH2 eval:ixhashtest('nospam.login-solutions.ag')
describe LOGINHASH2 mail has been classified as spam @ unknown company, Germany
tflags LOGINHASH2 net
score LOGINHASH2 1.5
|
...
iXhash
...
.pm
...
is
...
a
...
plugin
...
for
...
...
3.
...
1.0
...
and
...
up.
Basically the plugin provides a network-based test, just as razor2, pyzor and DCC do. Working solely on the body of an email, it removes parts of it and computes a hash value from the rest. These values will then be looked up via DNS using the domains given in the config file(s). You need Net::DNS and Digest::MD5 installed.
Please note that, while this plugin realises some sort of 'fuzzy checksum', the fuzzyness is realised by reducing the body text of an email to its (characteristic) minumum. The MD5 hashing algorithm used is not fuzzy. Accordingly there are no 'confidence levels' or things of that sort. It's hit or no hit.
There are likely to be FPs, especially with relatively short emails. You can somewhat tune the plugin by editing the RE with the code - see comments for that.
For those more deeply interested: This plugin is based on parts of the procmail-based project 'NiX Spam', developed by Bert Ungerer.(un@ix.de) If you can read German, read up at http://www.heise.de/ix/nixspam/.
...
The
...
procmail
...
code
...
producing
...
the
...
hashes
...
only
...
can
...
be
...
found
...
here:
...
ftp://ftp.ix.de/pub/ix/ix_listings/2004/05/checksums
...
Instructions
- Please see the unofficial optimized and maintained version at http://mailfud.org/iXhash2/ (old official version: https://sourceforge.net/projects/ixhash/)
- Copy 'iXhash2.pm' and 'iXhash2.cf' somewhere where SpamAssassin can access it - like /etc/mail/spamassassin
- Edit the first line of iXhash2.cf (loadplugin) to reflect where iXhash2.pm is (if not in same directory)
- Adjust scores. You might want to decrease the scores given in the .cf file first to see if there are too many FPs.
- Run 'spamassassin -D < /some/mail/message 2>&1 | grep -i ixhash', where '/some/mail/message' is a file containing an email. This should contain some occurences of 'IXHASH', showing you the plugin is being used.
- Restart spamd/amavisd/whateverDaemonUsesSpamAssassin