I get it, no one likes doing the boring work.. In the old days, I would
just jump in and clean stuff up myself, but the team doesn't really like
me spending my time on coding anymore .. Trying to keep one day a week
to keep my hand in, but lately not even getting that.
But Spamassassin is so crucial to the world still, even if it doesn't
always get the respect it deserves.. and everyone is playing with AI
now, so even less people thinking of cleanup of SA, as long as it is
working..but..
Just had a chance to check out and install/test a virgin instance of SA
4.XX, and here are some of my notes.. take it for what it is worth..
Missing descriptions on upstream rules..
(instill confidence in the product)
78 RULES with no description..
Jan 22 20:43:54.808 [7283] dbg: config: no description set for rule
STOX_AND_PRICE
Jan 22 20:43:54.809 [7283] dbg: config: no description set for rule
MSOE_MID_WRONG_CASE
....
Jan 22 20:43:54.836 [7283] dbg: config: no description set for rule
STOX_REPLY_TYPE
Jan 22 20:43:54.837 [7283] dbg: config: no description set for rule
TVD_RCVD_SPACE_BRACKET
Undefined Dependencies..
(confusing)
Most of this is simply because we aren't using checks for if the plugin
is being used .. If you don't have the SPF/DKIM/ARC plugins, then
everything that is the fruit of that vine is also poisoned..
Imagine people wanting to create new rules that use SPOOF_GMAIL_MID..
Jan 22 20:43:54.868 [7283] dbg: rules: meta test DIGEST_MULTIPLE has
undefined dependency 'DCC_CHECK'
...
Jan 22 20:43:55.043 [7283] dbg: rules: meta FORGED_SPF_HELO inherits
tflag net, depends on SPF_HELO_PASS
...
Jan 22 20:43:55.044 [7283] dbg: rules: meta KHOP_HELO_FCRDNS inherits
tflag net, depends on __RCVD_IN_DNSWL
Jan 22 20:43:55.044 [7283] dbg: rules: meta __VIA_RESIGNER inherits
tflag net, depends on __RESIGNER1
Jan 22 20:43:55.044 [7283] dbg: rules: meta __BITCOIN_SPAM_05 inherits
tflag net, depends on __SPOOFED_FREEMAIL
Jan 22 20:43:55.046 [7283] dbg: rules: meta PDS_FROM_2_EMAILS inherits
tflag net, depends on __VIA_RESIGNER
Jan 22 20:43:55.047 [7283] dbg: rules: meta ARC_INVALID inherits tflag
net, depends on ARC_SIGNED
...
Jan 22 20:43:55.047 [7283] dbg: rules: meta SPOOFED_FREEMAIL_NO_RDNS
inherits tflag net, depends on __SPOOFED_FREEMAIL
Jan 22 20:43:55.048 [7283] dbg: rules: meta SPOOF_GMAIL_MID inherits
tflag net, depends on SPOOFED_FREEMAIL
...
Jan 22 20:43:55.048 [7283] dbg: rules: meta __NOT_SPOOFED inherits tflag
net, depends on SPF_PASS
Maybe, we are at the point where some of those plugins, should not be
optional?
Remote Checks..
I do believe that while it is nice for most beginner users, to get the
advantages of things like the SPAMHAUS uri checks, some of these checks
could run into issues.. eg, the server is blocked from those queries..
Are our mass checks putting too much emphasis on those checks? How well
does it work with remote checks off vs on?
Do we need to make greater emphasis on the risk?
Should remote checks be something that is off by default, and only
enabled when the admin understands the risk? Just a conversation, based
on reports we hear..
And then of course DNS issues.. eg, open resolvers.. not to mention the
movement towards API's instead of DNS direct lookups.
............
These are just some comments I think developers might want to think
about that should be addressed/considered.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
