iXhash does a good job
Some weeks ago I installed the iXhash spamassassin plugin and the spamtagging became noticeable better. Just look at the spam stats page.
What is does is it creates md5 checksums of parts of the body of an email and compares them to those of tagged spam using DNS.
Installation is very easy, just follow the online documentation. The default scores for the four zones are a on the safe site, so after I had monitored the results for a week I raised the scores to 1.5 for all zones.
Below you can see the result of a debug test to see if iXhash is working correctly. At the end of the test you’ll find an short explanation on how it works.
spamassassin -D IXHASH < iXhash.eml [4346] dbg: IXHASH: Using iXhash plugin 1.5.5 [4346] dbg: IXHASH: IxHash querying ctyme.ixhash.net [4346] dbg: IXHASH: Computed hash-value cbdc00eaaf002aad4448b75f47a9784f via method 1, using perl exclusively [4346] dbg: IXHASH: Now checking cbdc00eaaf002aad4448b75f47a9784f.ctyme.ixhash.net [4346] dbg: IXHASH: Computed hash-value 464d43b6999bdbdf6071b8b1d3f9a525 via method 2, using perl exclusively [4346] dbg: IXHASH: Now checking 464d43b6999bdbdf6071b8b1d3f9a525.ctyme.ixhash.net [4346] dbg: IXHASH: Computed hash-value b02ad35492c64f721e97e9a2f63b700c via method 3 [4346] dbg: IXHASH: Now checking b02ad35492c64f721e97e9a2f63b700c.ctyme.ixhash.net [4346] dbg: IXHASH: IxHash querying hosteurope.ixhash.net [4346] dbg: IXHASH: Hash value for method #1 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking cbdc00eaaf002aad4448b75f47a9784f.hosteurope.ixhash.net [4346] dbg: IXHASH: Hash value for method #2 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking 464d43b6999bdbdf6071b8b1d3f9a525.hosteurope.ixhash.net [4346] dbg: IXHASH: Hash value for method #3 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking b02ad35492c64f721e97e9a2f63b700c.hosteurope.ixhash.net [4346] dbg: IXHASH: IxHash querying generic.ixhash.net [4346] dbg: IXHASH: Hash value for method #1 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking cbdc00eaaf002aad4448b75f47a9784f.generic.ixhash.net [4346] dbg: IXHASH: Received reply from generic.ixhash.net:127.0.0.2 [4346] dbg: IXHASH: IxHash querying ix.dnsbl.manitu.net [4346] dbg: IXHASH: Hash value for method #1 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking cbdc00eaaf002aad4448b75f47a9784f.ix.dnsbl.manitu.net [4346] dbg: IXHASH: Hash value for method #2 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking 464d43b6999bdbdf6071b8b1d3f9a525.ix.dnsbl.manitu.net [4346] dbg: IXHASH: Hash value for method #3 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking b02ad35492c64f721e97e9a2f63b700c.ix.dnsbl.manitu.net X-Spam-Virus: No X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on vleeuwen.net X-Spam-Level: ** X-Spam-Status: No, score=2.0 required=5.0 tests=BAYES_50,GENERIC_IXHASH, MISSING_DATE,NO_RECEIVED,NO_RELAYS autolearn=no version=3.2.5 From: "iXhash plugin test mail" spamtrap@ixhash.net Message-ID: mEsSaGeId@sOmEwHeRe.CoM To: admin@testsite.com Subject: iXhash plugin test mail This is an e-mail designed to test the iXhash plugin's functionality.
If you run this mail through SpamAssassin (using 'spamassassin -D IXHASH < iXhash.eml', you should see the plugin score with the list 'generic.ixhash.net'.
This is because the hashes this mail generates ( cbdc00eaaf002aad4448b75f47a9784f and 464d43b6999bdbdf6071b8b1d3f9a525 ) are permanently listed on that list.
Apart from that this mail is of no use.
Just checking this with a manual DNS lookup:
$ host cbdc00eaaf002aad4448b75f47a9784f.generic.ixhash.net cbdc00eaaf002aad4448b75f47a9784f.generic.ixhash.net has address 127.0.0.2 $
What a surprise, it turns out to be a valid A record. The iXhash will tag the email with the score you set for ‘GENERIC_IXHASH’.