Mike Cardwell wrote:
Matus UHLAR - fantomas wrote:
I've also just recently enabled these lists in SA so am still in
the very early stages of testing. I initially did get one FP hit
against the whitelist (spam message sent through an ISP smtp server
in the whitelist)
On 20.05.09 13:41, Mike Cardwell wrote:
Can you let us know what that IP is please? Then Marc can explain
how it managed to get on the whitelist. No ISP SMTP server should
be in a whitelist imho...
That really depends on the blacklist's policy. I think Marc wants to
eliminate FPs this way - an ISP can do whatever against spam, still
customers can manage to send some. Botnets and lame organizations'
servers
cause much more harm that most if ISPs...
I just think that a whitelist entry should be an absolute "no spam
comes from here unless something goes tits up" type entry, and all
hosts on it should be manually checked...
I started querying the whitelist from spamassassin 4 hours ago. I
don't have a high volume of mail. SpamAssassin has only scanned 273
messages since then, yet the hostkarma whitelist has already
incorrectly tagged 2 of that small sample of mail:
1.) May 20 13:34:34 haven spamd[4500]: spamd: result: Y 21 -
BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_QP_LONG_LINE,PYZOR_CHECK,RCVD_IN_JMF_W,SPF_PASS,URIBL_BLACK,URIBL_SBL
scantime=7.5,size=25057,user=doug,uid=1003,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd.sock,mid=<jbsq02c0003f3002000ceunh047...@bp06.net>,bayes=1.000000,autolearn=spam
Which came from: mail.s57.93.bp06.net, 81.252.93.57
2.) May 20 14:05:49 haven spamd[4500]: spamd: result: Y 11 -
BAYES_99,GREPULAR_RBL_RHSBL,HTML_MESSAGE,RCVD_IN_JMF_W,SPF_HELO_PASS,SPF_PASS,URIBL_GREY
scantime=5.1,size=36224,user=doug,uid=1003,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd.sock,mid=<uhojlfmlslzacfb2fs5hc4ljonb...@dm.msg>,bayes=1.000000,autolearn=spam
Which came from: mta242c.dm-4.com, 64.40.120.242
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists#The_Magic_is_in_the_White_Lists
states:
"White on our lists means that anything that comes from the source is
good email and needs no further testing" ...
Well, I don't think the list is accurate enough to justify that
statement.
Thanks for the feedback on those 2 errors. No list is perfect. I am
however a little less concerned about a few errors in the white list
that errors in the black list. Since I'm in the spam filtering business
if I block good email I get a lot more negative feedback than missing spam.
