A utility to display, edit and age the Spam Assassin Heuristic Email Address Tracker
This version contains a significant enhancment
There is now a parallel hash file containing date entries.
This utility now operates in a "current file in, new file out" mode as opposed to the previous
This very simple minded approach to aging permits expiring old entries without any impact on spamassassin's operation.
Recommended OperationRun daily from cron. Suggested script:
Display ham senders:
(Remember the date and time stamp is the time sa-heatu was run, not the time the email was received). average total count email address ip network address last time updated
-19.3 -96.3 5 email@example.com 222.154; kept, Aug 20 21:24 2010† -19.3 -96.3 5 firstname.lastname@example.org 77.48; kept, Aug 20 21:24 2010 -19.3 -115.6 6 email@example.com 204.89; new, -19.3 -115.6 6 firstname.lastname@example.org 62.232; new, Aug 27 21:59 2010 -19.3 -134.9 7 email@example.com 66.238; kept, Aug 20 21:24 2010
61.8 123.5 2 firstname.lastname@example.org 221.2; kept,Aug 20 21:24 2010 60.8 60.8 1 email@example.com 82.128; kept, Aug 20 21:24 2010 56.2 112.4 2 firstname.lastname@example.org 41.26; kept, Aug 20 21:24 2010 55.2 110.5 2 email@example.com 67.205; kept, Aug 20 21:24 2010
Find senders whose messages are incorrectly adjusted.
To display a single sender's record:
Remove the entries for a particular email address, for all IP networks :
Included in the tar is
HEAT BackgroundThe Heuristic Email Address Tracker feature in
When a new message is received, the final score is adjusted as a function of the previous average value resulting in a:
Negative values indicate senders of ham, positive values senders of spam.
The sender's email address, the IP adress, accumulated score, and number of emails received are stored is in a perl hash.
Spammers have been known to use this to their advantage by sending a benign email which scores high as ham.
They then send spam which has it's score "neturalized" by the Heuristic Email Address Tracker scheme
and the message will be, falsely, considered ham!
There is no mechanism within
Although this is a small amount of data, no mechanism is provided within
--dehammerdeletes all entries with a negative score i.e.previously sent ham.
This is an enhanced version of the original tool.
This document and version of sa-heatu can be downloaded at: sa-heatu.3.xx.tar
Previous versions of this utility included
"The size of the database can be significantly reduced by using:
This is definitly mistaken as if a spammer has recently sent a message he may soon send another.
sa-heatu -h or sa-heatu --changelog).
Requires Perl 5.14.0 do to :
printf "%s", ((localtime $twas) =~ s/... //r =~ s/:.. / /r);
Change to :
$disptime=localtime $twas; # don't include d-o-w, and drop seconds as that implies precision
$disptime =~ s/... //; #day o week out
$disptime =~ s/:.. / /; #seconds out
printf "%s", $disptime ;