Markus Gufler wrote:
They are all in fact IP4R lookups (if that is what the test is set for). If you set Declude to say HOPHIGH 3 and use the test in standard fashion, Declude will test as many as 4 IP's against the 'ip4r' test. If you use the hack and define it as a 'dnsbl' test with the %IP4R% variable, regardless of the HOPHIGH setting, it will only test the last appropriate IP (bypasses IP's that are IPBYPASSed). I have been scoring last hop and all hops differently for several months now with good results. Certainly the last hop is most important, but a little bit of spam is being relayed through legitimate servers or from one open relay to another, which is why I test on multiple hops. There are noticeably more false positives though on tests that track open relays because many of those lists don't expire their listings quickly enough, re-test, or do anything at all to remove old entries. Because of this, I score the last hop relatively high with one test (now using the %IP4R% variable and a dnsbl type test), and another test that is set up the normal way and scored lower because it can hit any of the hops where it might hit one of those old entries in a spamtrap/open relay type test. I have found that this technique is not measurably useful with tests that track static sources such as SBL, AHBL-SOURCES, NJABL-SOURCES, and some others. The reason is because these are 99.9% IP's belonging to spammers, delegated to them by their ISP's. So if you chose to split up tests with this technique, you only need to use it on spamtrap/open relay tests like ORDB, XBL, SPAMCOP and other similar resources. Note that FIVETEN-SRC and SORBS-SPAM are supposedly source tests, but they do mix IP's from zombies that have sent them spam, and their removal procedures are almost non-existant. I also don't like their way of breaking down data, as FIVETEN for instance can produce a hit for an open relay on as many as 3 of their tests, and that doesn't work well with Declude unless you combo the test with a custom filter so that it only scores once. Matt -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
- Re: [Declude.JunkMail] ISBLANK is blank R. Scott Perry
- Re: [Declude.JunkMail] DUL skipping was ISBLANK is bla... Matt
- Re: [Declude.JunkMail] DUL skipping was ISBLANK is... R. Scott Perry
- Re: [Declude.JunkMail] DUL skipping was ISBLAN... Matt
- Re: [Declude.JunkMail] DUL skipping was ISBLAN... Don Brown
- Re: [Declude.JunkMail] DUL skipping was IS... Matt
- Re: [Declude.JunkMail] DUL skipping was IS... Bill Landry
- Re: [Declude.JunkMail] DUL skipping was IS... R. Scott Perry
- Re: [Declude.JunkMail] DUL skipping was IS... Matt
- RE: [Declude.JunkMail] DUL skipping was IS... Markus Gufler
- RE: [Declude.JunkMail] DUL skipping was IS... Matt
- RE: [Declude.JunkMail] DUL skipping was IS... Andy Schmidt
- Re: [Declude.JunkMail] DUL skipping was IS... Matt
- Re: [Declude.JunkMail] DUL skipping was IS... Don Brown
- RE: [Declude.JunkMail] DUL skipping was IS... Andy Schmidt
- Re: [Declude.JunkMail] DUL skipping was IS... Matt
- RE: [Declude.JunkMail] DUL skipping was IS... Andy Schmidt
- Re: [Declude.JunkMail] DUL skipping was IS... Matt
- [Declude.JunkMail] f-prot Larry Craddock
- RE: [Declude.JunkMail] f-prot Kami Razvan
- RE: [Declude.JunkMail] f-prot Jeff Maze
