MailScanner + Razor

Matt Kettler mkettler at EVI-INC.COM
Wed Nov 3 18:48:41 GMT 2004


At 01:19 PM 11/3/2004, Michael Freeman wrote:
>Anyone using Razor with MS + SA?
>
>I'm a little baffled with what Razor is supposed to be doing. I see it
>connecting to a bunch of server then reports back that the msg is spam.
>Ok, so big deal, spamassassin also reports the message as spam but at
>least they assign scores. The only score I ever see in any msg header from
>Razor is;
>
>  RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51
>
>  and I don't see any other checks. So when Razor determines that the
> message is spam it adds a score of 0.06 + 1.51 for a total score of 1.57?

Well, when Razor determines a message is spam, SA trusts it far enough to
assign 1.57 points.. But the score is a spamassassin decision.

Razor is occasionally prone to false positives, which has limited it's
score. The last SA mass-check RAZOR2_CHECK had 97.6 to 98.2 percent
spam-hits, meaning 2.4% to 1.8% of RAZOR2_CHECK hits are nonspam. Not bad,
but it's not outstanding either.

Why would you expect it to be higher? Have you been using razor long enough
to see how often it hits email newsletters of the legitimate sort? It hits
most of my Juniper networks firewall security patch announcement emails,
which are available to registered product owners with paid support
contracts only. It also hits some from my 401k provider, compiler toolchain
providers, etc.

(ie: 8/9/2004: "Juniper Networks NetScreen Advisory 59147" hit RAZOR2_CHECK
and RAZOR2_CF_RANGE_11_50.)

Sorry, but the reality seems to be that razor is being fed by a lot of ill
maintained spamtraps that are not monitored for legitimate mail, and the
revoke system isn't keeping up.

>What other checks should I be seeing?

None, although there are some possible lower ranges for the CF_RANGE rules.
(11_50, although it's pretty rare to see it hit with less than 0.3% of
email in the last mass-check hitting this rule at all)

>  I'v never seen anything else other than those two in the header. Am I
> missing something? I though Razor would be adding scores in the header
> just like SA does.

No. SA is using razor in this case, and razor is not a top-level tool
called directly by MailScanner.

SA calls razor, gathers razor's answers, and integrates the results.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).




More information about the MailScanner mailing list