https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6579
Kevin A. McGrail <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected], | |[email protected] --- Comment #8 from Kevin A. McGrail <[email protected]> 2011-07-01 16:45:15 UTC --- (In reply to comment #6) > I'm only approaching this from the POV of a SA user, but I never understood > why > SA doesn't have a meta rule that does the following > > meta DNS_CHECK_PASSED (SPF_PASS || DKIM_VALID) > > And then use that for other rules such as any rules that shouldn't trigger > when > a DNS check passes. > > I agree that the specific exclusion for Twitter would inevitably lead to a > whack-a-mole situation with other exclusions being required in the future. > > My solution is a bit more lenient, but would do the job. How many spam e-mails > truly hit these rules, and actually pass SPF or DKIM? In general, this is the point for HAM rules that score negative. However, just because something has valid SPF or DKIM, doesn't mean it isn't spam. In fact, I remember an old statistic that David Skoll with MIMEDefang mentioned that he saw this being adopted far quicker by the spammers ;-) What we need to do to solve this problem is get more legit examples of the email into the masscheck so that the system will score the rule lower because it hits on HAM by accident. Looking at the overall rule, though, this rule is very prone to misfires and needs to be capped on scoring ASAP. Theo, did you intend META all to be the only rule or did you mean to let TVD_PH_SUBJ_ACCOUNTS_POST be scored? If the TVD_PH_SUBJ_ACCOUNTS_POST and the related 4 other rules are changed to sub rules (i.e. prefixed with __), this issue becomes solved. However, if they are meant to fire alone, we need to cap the scores because of FP concerns. It looks like TVD_PH_SUBJ_META_ALL meta fires if any of the subrules hit so I believe you meant these to be subrules. But TVD_PH_SUBJ_META_ALL hasn't been promoted to active. Anyway, I believe right now we are capping scores in mass check to the scores in the sandbox. Can you add something like this to your sandbox file ASAP? score TVD_PH_SUBJ_ACCOUNTS_POST 1.0 score TVD_PH_SUBJ_ACCOUNTS_PRE 0.1 score TVD_PH_SUBJ_SEC_MEASURES 0.1 score TVD_PH_SUBJ_UPDATE 0.1 score TVD_PH_SUBJ_META_ALL 1.0 Or change to be subrules and add a max score you feel comfortable with to the meta rule? -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
