The company I work for is more concerned with removing all false positives than filtering absolutely every spam that comes though the system. This can usually be accomplished by using many reliable smaller carefully calibrated filtering techniques assuming our servers can support them and maintaining speed. We've found policyd invaluable in this sense.
However, while we were looking at the HRP module, we were concerned about false positives for the valid email servers that may use more than X helo names. We've come up with a change that should prevent those false positives while still filtering many false servers. By using a truncated version of the received helo name (which is usually a domain name of some kind - we truncated by 2 periods. Example: mx1.subdomain.test.com becomes test.com) , the real email servers are less likely to be tagged as randomizing their helo names, while fake servers, which seem to rarely use subdomains on the same network anyway, are still filtered out albeit at a slightly lower rate. In the case of a helo name being an IP address, we added a condition to only do the truncation if the last character in the helo name is non-numeric so that IPs would still retain all the information. What do you think about incorporating this change into policyd? ~Mike ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
