Why do so many SpamAssassin sa-update users use the 70_sc_top200.cf channel?
January 11th, 2007
Looking at my httpd logs for the sa-update channel for SARE’s 70_sc_top200.cf that I host at 70_sc_top200.cf.sare.sa-update.dostech.net (howto), I’m wondering why about 25% of the IPs (and about 17% of the /24s) use it. If you’re running network tests SpamAssassin already queries SpamCop by default, so if you’re also using this channel (or ruleset via RDJ directly from SARE) you’re just adding a, usually outdated, copy of the same data you’re getting via DNS lookups.
My guess is that there’s a lot of people just not paying too much attention. I can’t imagine that there’s that many systems running without network tests, at least not on purpose (I know there’s a lot of people that think they’re using network test, or all the tests available to them, but don’t realize that their distro disabled network tests by default).
I mentioned that the SpamCop data in this channel/ruleset is usually outdated… here’s a list of the updates since the beginning of December (I don’t know why Fred hasn’t automated the updates, last I heard he was manually uploading the ruleset — which itself is generated automatically):
Dec 1 13:04 200612011100.tar.gz
Dec 1 19:04 200612011700.tar.gz
Dec 2 15:04 200612021300.tar.gz
Dec 2 16:04 200612021400.tar.gz
Dec 5 18:04 200612051600.tar.gz
Dec 6 14:04 200612061200.tar.gz
Dec 6 18:04 200612061600.tar.gz
Dec 9 13:04 200612091100.tar.gz
Dec 13 18:04 200612131600.tar.gz
Dec 23 16:04 200612231400.tar.gz
Jan 2 11:24 200701020900.tar.gz
Jan 8 10:24 200701080800.tar.gz
Jan 9 12:24 200701091000.tar.gz
The update frequency is just weird… in the past I’ve noticed that it is sometimes updated three times in the span of two hours and then not updated again for weeks.
Entry Filed under: Email, Technology
2 Comments Add your own
1. Justin Mason | January 11th, 2007 at 6:01 pm
hi Daryl — this is why I’m not a fan of the SARE 0, 1, 2, 3, 4 system, where they have multiple levels, and you’re only supposed to use level 4 (for example) if you don’t mind too much about false positives, or whatever. I’ll bet most users just go for the lot…
2. dos | January 11th, 2007 at 11:11 pm
Hey Justin — I’m not a huge fan of the multiple rulesets either, but at least they’re not just included with their base rulesets.
Things might not be too bad though… it appears that only 1.5% of IPs are using “level” 3 or 4 rulesets, 3% levels 2-4 and 5% levels 1-4.
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed