On 01/07/2011 2:15 PM, [email protected] wrote:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6579
Kevin A. McGrail<[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[email protected],
| |[email protected]
--- Comment #8 from Kevin A. McGrail<[email protected]> 2011-07-01 16:45:15
UTC ---
(In reply to comment #6)
I'm only approaching this from the POV of a SA user, but I never understood why
SA doesn't have a meta rule that does the following
meta DNS_CHECK_PASSED (SPF_PASS || DKIM_VALID)
And then use that for other rules such as any rules that shouldn't trigger when
a DNS check passes.
I agree that the specific exclusion for Twitter would inevitably lead to a
whack-a-mole situation with other exclusions being required in the future.
My solution is a bit more lenient, but would do the job. How many spam e-mails
truly hit these rules, and actually pass SPF or DKIM?
In general, this is the point for HAM rules that score negative. However, just
because something has valid SPF or DKIM, doesn't mean it isn't spam.
In fact, I remember an old statistic that David Skoll with MIMEDefang mentioned
that he saw this being adopted far quicker by the spammers ;-)
What we need to do to solve this problem is get more legit examples of the
email into the masscheck so that the system will score the rule lower because
it hits on HAM by accident.
Looking at the overall rule, though, this rule is very prone to misfires and
needs to be capped on scoring ASAP.
Theo, did you intend META all to be the only rule or did you mean to let
TVD_PH_SUBJ_ACCOUNTS_POST be scored?
If the TVD_PH_SUBJ_ACCOUNTS_POST and the related 4 other rules are changed to
sub rules (i.e. prefixed with __), this issue becomes solved. However, if they
are meant to fire alone, we need to cap the scores because of FP concerns.
It looks like TVD_PH_SUBJ_META_ALL meta fires if any of the subrules hit so I
believe you meant these to be subrules. But TVD_PH_SUBJ_META_ALL hasn't been
promoted to active.
Anyway, I believe right now we are capping scores in mass check to the scores
in the sandbox.
Can you add something like this to your sandbox file ASAP?
score TVD_PH_SUBJ_ACCOUNTS_POST 1.0
score TVD_PH_SUBJ_ACCOUNTS_PRE 0.1
score TVD_PH_SUBJ_SEC_MEASURES 0.1
score TVD_PH_SUBJ_UPDATE 0.1
score TVD_PH_SUBJ_META_ALL 1.0
Or change to be subrules and add a max score you feel comfortable with to the
meta rule?
Could we do something like put a upper cap on the score any rule can
have (outside of BAYES_XX of course)? On a server with required score
set to 5, 3.1 is simply too much.
Perhaps 2.5 with no net or bayes, 2.0 with net, and 1.5 with bayes or
net + bayes
Regards,
Lawrence
