Interpreting headers added by Postini
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Interpreting headers added by Postini
Re: Interpreting headers added by Postini
21-12-2007 10:36 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
x-pstn-level - This is the only one which actually scores the email, the others are hints that can be used with this header. The first number after the S: goes from 99.9999, not spam, to 0 which is definite spam. If we were using the Postini quarantine system on level 1 anything which was 0.15 would land in their quarantine, level 2 is 0.25. The R:, P:, M:, and C: scores are ratings for specific types of spam. These are "Sexually Explicit", "Get Rich Quick", "Special Offers", and "Racially Insensitive". The closer they get to 100 the more probable the email is spam. Each one of these can be set to a different level, but again changing this only has relevance when using the Postini quarantine at the moment.
X-pstn-settings - This gives the current levels which are set for the detection engine, and we use level 1. This actually has little relevance due to not using the Postini quarantine.
x-pstn-2strike - If an email is received from a source, and looks like spam, then the first instance is assumed to be "clear". Postini block spams which they are 100% sure of, and so if a source is spamming until it generates a level great enough to trigger blocking this header can be used to tag an email as suspect, rather than definitive spam.
You may also see a header for "neptune", though this one is still being worked on by Postini. At the moment we don;'t make use of this as we only got access to the header one week before commencing the live trial.
How do we use this. Well to be brief we add the x-pn-pstn header according to the following rules;
x-pn-pstn = 1 means that 2strike is present and not set to clear. Plus the S: level is less than 0.3.
x-pn-pstn = 2 means that the 2strike is not present, or present and set clear. Also the S: level is < 0.2
NOTE - If all your emails are missing these headers, but you are on the trial and can see a Postini server in the received list of the header, this would mean that your default user is missing from your domain.
I hope this helped to clarify some points. Have a good Christmas and new year.
Geoff
Re: Interpreting headers added by Postini
21-12-2007 10:41 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Interpreting headers added by Postini
21-12-2007 12:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
x-pn-pstn = 1
* This means that 2strike is present and not set to clear. Plus the S: level is < 1
x-pn-pstn = 2
This means that either:
* The 2strike is not present and the S: level is < 0.3
* Or, present and set clear. Also the S: level is < 0.06
Just as an aside. These levels were determined after a lot of testing on our internal mail platform, tweaking the values and getting feedback of false positives and negatives.
Re: Interpreting headers added by Postini
21-12-2007 2:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Interpreting headers added by Postini
21-12-2007 3:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
In the new year we'll have a look through the headers as they are now and look to getting some testing on the internal mail again if they have changed.
Re: Interpreting headers added by Postini
21-12-2007 3:46 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: jelv Still haven't seen a Spam 1.
I created a folder in Outlook set to collect Spam 1 when this header marker was initiated.
Nothing has ever gone into it.
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Re: Interpreting headers added by Postini
03-01-2008 9:51 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Just to test a theory, I switched my message rules back to keeping the messages that would be marked Spam 1 on our corporate mail.
Over Christmas I have received messages picked up by this, sample headers are:
[tt]X-pstn-2strike: 7236
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.96331/99.72917 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 3 (1.0000:1.0000) s gt3 gt2 gt1 r p m c[/tt]
Based on this, I reckon that it is maybe just the differences between customer and corporate mail that mean this is rarely (if ever) used.
Re: Interpreting headers added by Postini
03-01-2008 1:50 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Also there's in interesting "s" in that 'settings' line. Haven't seen that in the header descriptions.
Re: Interpreting headers added by Postini
05-01-2008 12:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Well, whatever the situation might be in reality, x-pstn-2strike: [number] still continues to be an undocumented feature so far as all publicly available postini data is concerned. I did raise the question of postini versions and updates etc ages back as well as identifying the relatively recent appearance of x-pstn-xfilter: header. I did also suggest that maybe it was 'old' information from a previous version of the system that was no longer relevant somewhere as well. But either way and whatever the real answer might be, something really does tell me that as also threatened ages back, I probably do indeed need to wheel out Mr.RTFM here in order to demonstrate 'best practice' in such situations rather than taking the suck-it-and-see, trial-and-error or we-have-always-done-it-so-it-must-be-right stylee approach
However, it is quite interesting that an example was apparently found during the Christmas break seeing that the latest release of postini documentation appears to be V6.12 dated 14th December which implies no formal changes since then. When was that message actually received ?
Of course, all this does raise yet another very serious potential issue. If postini can and do make random changes to fundamental headers willy-nilly then what exactly are PN going to do to ensure that such actions are not going to 'upset' their analysis and result in problems for customers ?
How are PN going to track and evaluate any changes that postini may make to their systems so that they can take appropriate action to ensure that customers don't get problems ?
How are such version changes or other tweaks announced and monitored ?
It would appear that some form of reliable configuration management is going to be pretty essential here to avoid customers experiencing problems that PN could and should have sorted way before they happened.
B T Plusnet, a bit kinda like P T Barnum ...
... but quite often appears to feature more clowns
Re: Interpreting headers added by Postini
05-01-2008 2:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Interpreting headers added by Postini
05-01-2008 11:46 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The postini header analyzer also appears to completely ignore any value other than "clear". Mind you, there was a time when the analyzer also appeared to basically ignore any reference to x-pstn-2strike whatsoever, but more recently it has been taking note if it has the value "clear". It seems that postini do go a tweaking as/when required but I've not found any status, update notification or similar info page anywhere - not that I've tried particularly hard TBH.
I suspect that it is either a very old and subsequently removed condition, another configuration problem somewhere or simply that the PN internal and customer facing postini systems/configurations are fundamentally different. Either way it raises an 'interesting' potential problem regarding postini making changes that could break PNs implementation. It also casts more doubt on the validity of the PN internal trial and comparing results of that trial with the current set up or using historic data to make decisions on what to do now. I still find it incredibly odd and quite unlikely that none of the strange issues that have come up were ever seen internally.
B T Plusnet, a bit kinda like P T Barnum ...
... but quite often appears to feature more clowns
Re: Interpreting headers added by Postini
09-01-2008 10:52 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If S=99.999 then that's zero % chance of it being Spam
If S=0 then that's 100% chance of it being Spam
Well that's logical enough for anyone ::):D
Edit: I think I'll stick to Spam 2 for now.
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Re: Interpreting headers added by Postini
09-01-2008 3:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If S=99.999 then it's 99.999% chance of being OK
If S=0 then it's 0% chance of being OK
bobp
Re: Interpreting headers added by Postini
09-01-2008 6:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The 2strike header does not show up on the postini account used by my employer, the only postini headers I get in a message are:
Quote X-pstn-neptune: 13/1/0.08/43
X-pstn-levels: (S:24.66688/99.90000 R:95.9108 P:95.9108 M:95.5423 C:86.0174 )
X-pstn-settings: 4 (1.5000:1.5000) s gt3 gt2 gt1 r p m c
SW.
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed
Re: Interpreting headers added by Postini
09-01-2008 6:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Interpreting headers added by Postini