[Bug 4356] tests for the same thing should be grouped

Wed, 25 May 2005 17:40:43 -0700 

http://bugzilla.spamassassin.org/show_bug.cgi?id=4356





------- Additional Comments From [EMAIL PROTECTED]  2005-05-25 17:40 -------
I think this would greatly improve accuracy. A message coming directly from a
host having a dynamic IP address has a certain likelihood of beeing spam.
Currently this is expressed as score and divided among the tests for this 
criteria.

A message is no more or less likely spam if the sender's IP is listed for
previous spamming / having an open relay / dynamic IP address, therefore it is
not wise to count every such listing toward the spam probability.

I currently use the following rules:
header RCVD_IN_BLACKLIST_ABUSEAT eval:check_rbl('abuseat', 'cbl.abuseat.org.')
header RCVD_IN_BLACKLIST_AHBL_COMPROMISED_WORM eval:check_rbl('ahbl',
'dnsbl.ahbl.org.', '127.0.0.17')
header RCVD_IN_BLACKLIST_AHBL_PROVISIONAL eval:check_rbl('ahbl',
'dnsbl.ahbl.org.', '127.0.0.5')
header RCVD_IN_BLACKLIST_AHBL_SPAM eval:check_rbl('ahbl', 'dnsbl.ahbl.org.',
'127.0.0.4')
meta RCVD_IN_BLACKLIST_AHBL (RCVD_IN_BLACKLIST_AHBL_COMPROMISED_WORM ||
RCVD_IN_BLACKLIST_AHBL_PROVISIONAL || RCVD_IN_BLACKLIST_AHBL_SPAM)
header RCVD_IN_BLACKLIST_NJABL eval:check_rbl('njabl', 'combined.njabl.org.',
'127.0.0.4')
header RCVD_IN_BLACKLIST_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.',
'127.0.0.6')
header RCVD_IN_BLACKLIST_SPAMCOP eval:check_rbl('spamcop', 'bl.spamcop.net')
header RCVD_IN_BLACKLIST_SPAMHAUS eval:check_rbl('spamhaus', 'sbl.spamhaus.org')
meta RCVD_IN_BLACKLIST (RCVD_IN_BLACKLIST_ABUSEAT || RCVD_IN_BLACKLIST_AHBL ||
RCVD_IN_BLACKLIST_NJABL || RCVD_IN_BLACKLIST_SORBS || RCVD_IN_BLACKLIST_SPAMCOP
|| RCVD_IN_BLACKLIST_SPAMHAUS)
score RCVD_IN_BLACKLIST 90

header RCVD_IN_RELAY_AHBL_CGI eval:check_rbl('ahbl', 'dnsbl.ahbl.org.', 
'127.0.0.6')
header RCVD_IN_RELAY_AHBL_COMPROMISED_RELAY eval:check_rbl('ahbl',
'dnsbl.ahbl.org.', '127.0.0.15')
header RCVD_IN_RELAY_AHBL_PROXY eval:check_rbl('ahbl', 'dnsbl.ahbl.org.',
'127.0.0.3')
header RCVD_IN_RELAY_AHBL_SMTP eval:check_rbl('ahbl', 'dnsbl.ahbl.org.',
'127.0.0.2')
meta RCVD_IN_RELAY_AHBL (RCVD_IN_RELAY_AHBL_CGI ||
RCVD_IN_RELAY_AHBL_COMPROMISED_RELAY || RCVD_IN_RELAY_AHBL_PROXY ||
RCVD_IN_RELAY_AHBL_SMTP)
header RCVD_IN_RELAY_BLITZED eval:check_rbl('blitzed', 'opm.blitzed.org.')
header RCVD_IN_RELAY_DSBL eval:check_rbl('dsbl', 'list.dsbl.org.')
header RCVD_IN_RELAY_NJABL_CGI eval:check_rbl('njabl', 'combined.njabl.org.',
'127.0.0.8')
header RCVD_IN_RELAY_NJABL_MULTI eval:check_rbl('njabl', 'combined.njabl.org.',
'127.0.0.5')
header RCVD_IN_RELAY_NJABL_PROXY eval:check_rbl('njabl', 'combined.njabl.org.',
'127.0.0.9')
header RCVD_IN_RELAY_NJABL_SMTP eval:check_rbl('njabl', 'combined.njabl.org.',
'127.0.0.2')
meta RCVD_IN_RELAY_NJABL (RCVD_IN_RELAY_NJABL_CGI || RCVD_IN_RELAY_NJABL_MULTI
|| RCVD_IN_RELAY_NJABL_PROXY || RCVD_IN_RELAY_NJABL_SMTP)
header RCVD_IN_RELAY_ORDB eval:check_rbl('ordb', 'relays.ordb.org.')
header RCVD_IN_RELAY_SORBS_HTTP eval:check_rbl('sorbs', 'dnsbl.sorbs.net.',
'127.0.0.2')
header RCVD_IN_RELAY_SORBS_MISC eval:check_rbl('sorbs', 'dnsbl.sorbs.net.',
'127.0.0.4')
header RCVD_IN_RELAY_SORBS_SMTP eval:check_rbl('sorbs', 'dnsbl.sorbs.net.',
'127.0.0.5')
header RCVD_IN_RELAY_SORBS_SOCKS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.',
'127.0.0.3')
header RCVD_IN_RELAY_SORBS_WEB eval:check_rbl('sorbs', 'dnsbl.sorbs.net.',
'127.0.0.7')
meta RCVD_IN_RELAY_SORBS (RCVD_IN_RELAY_SORBS_HTTP || RCVD_IN_RELAY_SORBS_MISC
|| RCVD_IN_RELAY_SORBS_SMTP || RCVD_IN_RELAY_SORBS_SOCKS || 
RCVD_IN_RELAY_SORBS_WEB)
meta RCVD_IN_RELAY (RCVD_IN_RELAY_AHBL || RCVD_IN_RELAY_BLITZED ||
RCVD_IN_RELAY_DSBL || RCVD_IN_RELAY_NJABL || RCVD_IN_RELAY_ORDB ||
RCVD_IN_RELAY_SORBS) && !RCVD_IN_BLACKLIST
score RCVD_IN_RELAY 60

header RCVD_IN_DUL_AHBL eval:check_rbl('ahbl-notfirsthop', 'dnsbl.ahbl.org.',
'127.0.0.9')
header RCVD_IN_DUL_NJABL eval:check_rbl('njabl-notfirsthop',
'combined.njabl.org.', '127.0.0.3')
header RCVD_IN_DUL_SORBS eval:check_rbl('sorbs-notfirsthop', 'dnsbl.sorbs.net.',
'127.0.0.10')
meta RCVD_IN_DUL (RCVD_IN_DUL_NJABL || RCVD_IN_DUL_SORBS) && !(RCVD_IN_BLACKLIST
|| RCVD_IN_RELAY)
score RCVD_IN_DUL 30




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Reply via email to