"Simon Wilson via users" <users@spamassassin.apache.org> writes:
> OK, back to the purpose of this list - spamassassin! :)
> Validity are planning to enforce limits (although how they will
> enforce remains unknown - timeouts? false -ves? false +ves?). Given
> that these DNS BLs are in the standard config, and I'm apparently
> exceeding the free threshold of 10,000 queries in 30 days I need to
> explore ways to reduce consumption.
> From looking in 20_dnsbl_tests.cf, the Validity tests seem to be
> generating queries to sa-trusted.bondedsender.org,
> sa-accredit.habeas.com and bl.score.senderscore.com.
I have no recollection of signing up in any form, and have not gotten an
email asking me to pay. I actually had no idea these were pay/limited
until your mail, as I figured free access to SAFE/CERTIFIED for relying
parties was part of the business model of charnging "high volume email
senders" to be certified as not spammers. (To be fair, my analysis of
30 days of logs did not find any CERTIFIED or SAFE senders as spam.)
Reading 20_dnsbl_tests.cf, I notice:
Indeed there are 3 tests, for 3 rules. (Interesting that it isn't a
combined answer.)
There are _BLOCKED rules, checking for 127.255.255.255, and code to
stop querying (I think) if that rule fires.
Looking in my logs, there are enough emails that I should be seeing a
somehwhat higher query volume than you, although if TTLs are reasonably
long a fair bit of mailinglist traffic may avoid lookups. Still, I'm
almost certainly over 10000/month.
I didn't react to 10000/month when you said it but having done the math,
finding my usage (definitely personal) over, and that it's only just
over 100 messages/day, it seems clear that 10K is way too low a limit
for a service to be included in the default ruleset. But maybe with an
overlimit response and SA configured to just stop after getting that
once, it's ok. I don't remember doctrine accomodating that but I
suspect I would have missed discussion depending on when.
Are you using SA 4, that should handle *_BLOCKED? If not, upgrading
seems in order. Or is that rule firing?
Looking at scores:
33 messages had both RCVD_IN_VALIDITY_CERTIFIED and RCVD_IN_VALIDITY_SAFE
seems like all ham
27 messages hit RCVD_IN_VALIDITY_RPBL
3 are ham, same host
24 were very high scoring and I can comfortably say all spam
I'm not sure how much it would have hurt my classification to skip these rules.
For your amusement, my custom scores, adjusted ad hoc over time. I
don't remember clearly, but I think I was getting spam that was hiting
SAFE (and you can see by the comments that SAFE seems to include "single
opt in").
score RCVD_IN_VALIDITY_SAFE 2 # was -2
score RCVD_IN_VALIDITY_CERTIFIED -2 # was -3
# VALIDITY's blocklist appears good.
score RCVD_IN_VALIDITY_RPBL (2) # was 1.3
Based on recent log analysis, I changed to:
score RCVD_IN_VALIDITY_SAFE -1 # was -2
#score RCVD_IN_VALIDITY_CERTIFIED -3 # was -3
