On 27 Nov 2017, at 10:22 (-0500), RW wrote:
On Sun, 26 Nov 2017 23:54:12 -0500
Bill Cole wrote:
Any whitelisting in the default ruleset should carry MUCH lower
weight than local explicit whitelisting ... NO sender should get a
default -100 just because we (SA maintainers) think they generally
mean well.
This isn't new functionality, there are already such default
whitelisting entries based on
def_whitelist_from_rcvd
def_whitelist_from_spf
def_whitelist_from_dkim
I'm entirely aware of that...
The proposal is to add extra entries based on def_whitelist_auth,
which
is a shorthand for separate def_whitelist_from_spf and
def_whitelist_from_dkim entries.
Well, the actual *COMMIT TO TRUNK*
(http://svn.apache.org/viewvc?rev=1816394&view=rev) uses whitelist_auth
for 6 entities, which IMHO is a terrible idea for the reasons I noted in
my prior message.
Also terrible: whitelisting facebookmail.com, which really should be in
the freemail domains list. Looks like dropboxemail.com is fine (legit
use is DB->user mail) but email.dropbox.com belongs in the freemail
domains as well.
The current entries are a bit incoherent. The scores are:
score USER_IN_DEF_WHITELIST -15.000 (from def_whitelist_from_rcvd)
score USER_IN_DEF_SPF_WL -7.500
score USER_IN_DEF_DKIM_WL -7.500
which suggests that a lot of overlap is expected on the latter two.
But
the great majority of address globs are only for dkim.
I think a case can be made for transferring most of the score to a
single metarule.
I agree.
And, personally, I think -15 is a bit too much.
I mostly agree. Fooling def_whitelist_from_rcvd (given the actual list)
is likely a harder target than finding a permissively-typo'd SPF record
or cracking an account in one of the many domains in the other two, so
I've got no problem with it being as strong as both of them combined.
However, in my experience it is really rare for FP's to score more than
8 (absent grossly over-scored local rules) so maybe cutting each of
those in half would make sense.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
