My guess is if you contact the admin of hostkarma directly and offer to
host a honeypot he might take you up on it. But that still won't give
you the ability to change anything in the database.
I cannot imagine trusting a RBL that allowed any humans to blacklist
something. Whitelisting is different - you cannot trust the computer
to get it right all the time and there's going to always be IPs BLed
that shouldn't be. But allowing people to BL stuff is just opening the
door for attackers to target or retaliate against hosts.
Ted
On 4/27/2021 3:55 PM, Greg Troxel wrote:
I have generally been a fan of the HOSTKARMA DNSBL over the long term.
Fuzzy memeory is that the operator was responsive and reaasonable.
Long ago (2014) I complained somewhat generally about spamassassin's
DNSBL inclusion policy, and was (quite reasonably) asked for specifics.
This report is technically off base, because it's about
RCVD_IN_HOSTKARMA_W which is in KAM but not the standard rules. But I
think whether HOSTKARMA_W is ok is of broad interest to SA users.
I got spam with a received line:
Received: from mx31.a.outbound.createsend.com
(mx31.a.outbound.createsend.com [203.55.21.31])
which is indeed on Hostkarma white. The mail has the the flavor of
pretending to be legit, but it's an ad for a book from someone who
writes Dear Friend, and I don't know them.
I found
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
but I cannot find a way to report IP addresses that are incorrectly
whitelisted.
In the meantime I've set the score to -1. While there is likely a very
large fraction of ham coming from the listed addresses, I'm not
comfortable with -2.5 points for lists that contain spamming IP
addresses.
It looks like the KAM ruleset already has the notion of undoing the
HOSTKARMA_W score if the address is also in a blocklist -- which makes
me think that my problem is not wicked unusual.
Looking up this IP address:
http://multirbl.valli.org/lookup/203.55.21.31.html
I see 14 blocks, and only hostkarma and abusix are positive.
So I'm curious:
Is there any documented/discoverable way to report that spam was
received from an address in HOSTKARMA_W?
Opinions on recommendations to rescore it to some value less negative
than the KAM-default -2.5?
Am I missing something?
Thanks,
Greg
