On 09/28/2009 10:07 PM, Marc Perkel wrote:
I'd like to keep the name HOSTKARMA as standard.
If that's so, then we probably want that in the spamassassin rule
name. Your wiki page suggests JMF is the name. A number of people
probably already configured their spamassassin using your suggested
JMF rule names and they would need to be educated to remove it.
How about these for rule names, so the rule names are not too long?
RCVD_HOSTKARMA_BL Black
RCVD_HOSTKARMA_WL White
RCVD_HOSTKARMA_YL Yellow
RCVD_HOSTKARMA_BR Brown
Hi Marc,
I appreciate your desire for everyone to wholly benefit from your work,
but please let us implement this for spamassassin in stages starting
from the lowest hanging fruit.
First please confirm that you approve of the above new rule names, if
you don't want it to be known as JMF.
Hi Warren,
No one has actually implemented the rules for my blacklists correctly.
My lists support both IP and hostname lookups. The hostname assumes that
you have forward confirmed the RDNS so that you eliminate those who
might spoof.
Please explain in greater detail? Can this be determined wholly from
the Headers and message body after the MTA had passed the mail to the MDA?
Yellow means that the IP or hostname contains no useful information as
to spam or no spam. On my system once I determine a host is yellow I
skip all blacklists and whitelists tests. Yellow is for Yahoo, Hotmail,
Gmail, etc where the IP has no information and all host tests are
meaningless.
My NoBL list is similar to yellow except that you can skip black list
lookup but maybe might be whitelisted somewhere.
Please help me better understand, what are examples of a sequence of
events that would land an IP address on the NoBL?
If you just want to score points then Black, White, and Brown can be
assigned points. Yellow should be zero points regardless of how it tests.
I am aware that Yellow isn't useful for scores. It is however useful
for statistical analysis in masschecks, and it doesn't cost spamassassin
any more to print if it hits. In particular I'm looking to see if there
are any reliable trends of overlap between Yellow and other spamassassin
rules.
I think the real power of my lists is in the host name lookups. It would
be worthwhile to implement that.
Please describe how this is more effective than IP lookups?
I think my white listing is very accurate at this point. The thing about
white servers is that they aren't evasive like spammers. There should be
some short circuiting options to reduce system load on SA for white
lookups.
Generally spamassassin does not short-circuit by default for any reason.
There is an option to do so, but I think it is only to stop testing
rules if the score goes beyond a certain point. Please file a separate
bug for this if it is important to you.
Warren Togami
wtog...@redhat.com
