Marc Perkel wrote:
I just think that a whitelist entry should be an absolute "no spam
comes from here unless something goes tits up" type entry, and all
hosts on it should be manually checked...
I started querying the whitelist from spamassassin 4 hours ago. I
don't have a high volume of mail. SpamAssassin has only scanned 273
messages since then, yet the hostkarma whitelist has already
incorrectly tagged 2 of that small sample of mail:
1.) May 20 13:34:34 haven spamd[4500]: spamd: result: Y 21 -
BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_QP_LONG_LINE,PYZOR_CHECK,RCVD_IN_JMF_W,SPF_PASS,URIBL_BLACK,URIBL_SBL
scantime=7.5,size=25057,user=doug,uid=1003,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd.sock,mid=<jbsq02c0003f3002000ceunh047...@bp06.net>,bayes=1.000000,autolearn=spam
Which came from: mail.s57.93.bp06.net, 81.252.93.57
2.) May 20 14:05:49 haven spamd[4500]: spamd: result: Y 11 -
BAYES_99,GREPULAR_RBL_RHSBL,HTML_MESSAGE,RCVD_IN_JMF_W,SPF_HELO_PASS,SPF_PASS,URIBL_GREY
scantime=5.1,size=36224,user=doug,uid=1003,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd.sock,mid=<uhojlfmlslzacfb2fs5hc4ljonb...@dm.msg>,bayes=1.000000,autolearn=spam
Which came from: mta242c.dm-4.com, 64.40.120.242
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists#The_Magic_is_in_the_White_Lists
states:
"White on our lists means that anything that comes from the source is
good email and needs no further testing" ...
Well, I don't think the list is accurate enough to justify that
statement.
Thanks for the feedback on those 2 errors. No list is perfect.
There are many automated processes you could use to flag up items that
should be manually checked before whitelisting.
1.) Google for: "mail.s57.93.bp06.net spam" (without the quotes). There
are results... There are examples of spam from that host.
2.) Strip mta242c.dm-4.com down to it's domain name part and visit
http://dm-4.com/ or http://www.dm-4.com/. There are a bunch of keywords
on that page that should flag up warnings. Eg, "Email Marketing"
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
