Pyzor/Razor integration
708 views
Skip to first unread message
spam...@googlemail.com
Apr 8, 2018, 7:42:25 AM4/8/18
to rspamd
Hi..
are there any plans to add Pyzor/Razor support ?
I found an implementation @ https://github.com/cgt/rspamd-plugins
Hans van Eijsden
Apr 9, 2018, 7:11:09 AM4/9/18
to rspamd
I am using it (and I am the one from that ticket). I can confirm to have it working, with already nice results.
Feel free to ask me more about it here, if you want to know my configuration files.
Op zondag 8 april 2018 13:42:25 UTC+2 schreef spam...@googlemail.com:
Op zondag 8 april 2018 13:42:25 UTC+2 schreef spam...@googlemail.com:
bjoe2k4
Apr 9, 2018, 10:55:21 AM4/9/18
to rspamd
Hey Hans,
have you seen any mail yet that rspamd wouldn't have blocked already out of the box without pyzor/razor?
bjoe2k4
have you seen any mail yet that rspamd wouldn't have blocked already out of the box without pyzor/razor?
bjoe2k4
Hans van Eijsden
Apr 9, 2018, 11:03:46 AM4/9/18
to rspamd
Hi bjoe2k4,
Op maandag 9 april 2018 16:55:21 UTC+2 schreef bjoe2k4:
In the past few days: not sure. But I've seen some mail getting rejected ( > 15 score) in stead of flagged ( > 6 < 15 score).
I don't have seen any false positives yet.
But on an untrained server I have seen 2 occasions in the pas 3 days of spam mail with a 5.13 score pushed to a 7.13 score because of Pyzor. Those were fresh installs with a running time of about 7 hours, with very low traffic (less than 100 messages an hour).
I think I need more running time to make a good analysis of the impact of Razor and Pyzor.
Op maandag 9 april 2018 16:55:21 UTC+2 schreef bjoe2k4:
Christoffer G. Thomsen
Apr 9, 2018, 11:25:13 AM4/9/18
to rsp...@googlegroups.com
On 2018-04-09 16:55, bjoe2k4 wrote:
>
> have you seen any mail yet that rspamd wouldn't have blocked already out
> of the box without pyzor/razor?
I am the author of the plugins.
>
> have you seen any mail yet that rspamd wouldn't have blocked already out
> of the box without pyzor/razor?
I think Pyzor and Razor integration does help, but I haven't done any
proper analysis. I get more hits with Pyzor and Razor than I do with the
built-in fuzzy check plugin using the official Rspamd fuzzy server. No
matter how good Rspamd's own fuzzy hash is, in the end it comes down to
the amount of spam hashes in the database.
Pyzor and Razor have been around for a long time, are widely deployed,
and are set up to receive reports from users. It seems they simply have
more spam than Rspamd's fuzzy server.
I think Rspamd fuzzy is higher quality but lower quantity while Pyzor
and Razor are higher quantity but lower quality. Consequently, I score
them much lower than Rspamd fuzzy.
It makes perfect sense to me have two more systems in Rspamd for
detecting spam. Unless you have a specific reason not to use Pyzor and
Razor, why wouldn't you?
I've also been considering implementing an iXhash checker for Rspamd,
but it seems like the iXhash servers are mostly dead. SpamEatingMonkey
stopped their iXhash server and last I checked I didn't get many hits on
heise/nixspam's iXhash server anymore.
Felix Schwarz
Apr 9, 2018, 11:31:04 AM4/9/18
to rsp...@googlegroups.com
Am 09.04.2018 um 17:25 schrieb Christoffer G. Thomsen:
> I've also been considering implementing an iXhash checker for Rspamd,
> but it seems like the iXhash servers are mostly dead. SpamEatingMonkey
> stopped their iXhash server and last I checked I didn't get many hits on
> heise/nixspam's iXhash server anymore.
I'd be interested in that work. I'm using the NIXSPAM IP-based blacklist
> I've also been considering implementing an iXhash checker for Rspamd,
> but it seems like the iXhash servers are mostly dead. SpamEatingMonkey
> stopped their iXhash server and last I checked I didn't get many hits on
> heise/nixspam's iXhash server anymore.
(hosted by manitu) with good success (scoring a hit with 3.0 points).
Usually it doesn't make a difference because messages from the usual spam bots
are detected by other means. However NIXSPAM reacts very quickly (so it can
catch new spam sources) and so far I did not experience any false positives.
Probably the hash check won't change results in a significant way but
nevertheless I'd like to give it a shot :-)
fs
bjoe2k4
Apr 11, 2018, 5:02:56 AM4/11/18
to rspamd
I've set them up and they are indeed picking up some spam --> useful!
As for the way razor is integrated, is there a long-living daemon as an alternative to socket activation? Less clutter in the logs.
Occationally i am seeing "request error: IO timeout" in rspamd.log regarding both pyzor and razor
As for the way razor is integrated, is there a long-living daemon as an alternative to socket activation? Less clutter in the logs.
Occationally i am seeing "request error: IO timeout" in rspamd.log regarding both pyzor and razor
Christoffer G. Thomsen
Apr 11, 2018, 8:30:00 AM4/11/18
to rsp...@googlegroups.com
On 2018-04-11 11:02, bjoe2k4 wrote:
> As for the way razor is integrated, is there a long-living daemon as an
> alternative to socket activation? Less clutter in the logs.
I don't know Perl, which is why I implemented razorsocket that way
> As for the way razor is integrated, is there a long-living daemon as an
> alternative to socket activation? Less clutter in the logs.
rather than as a daemon. It was more straight forward with Pyzor which
is written in a language I know and is neatly exposed as a library.
I don't have a solution for the log clutter.
> Occationally i am seeing "request error: IO timeout" in rspamd.log
> regarding both pyzor and razor
default timeout of 5 seconds in the Rspamd Lua TCP client module I use,
that's what you're seeing expire. You could try increasing it by setting
the timeout parameter in the tcp.request() calls, but if Razor/Pyzor is
being that slow to respond, maybe you don't want to wait for it anyway.
I'm not sure if Rspamd will let rules take arbitrarily long to complete,
it probably has some sort of global timeout for slow rules.
Reply all
Reply to author
Forward
0 new messages