From: "Marc Perkel" <m...@perkel.com>
Sent: Monday, 2009/September/28 19:07
Warren Togami wrote:
On 09/28/2009 06:53 PM, Marc Perkel wrote:
...
I'd like to keep the name HOSTKARMA as standard.
If that's so, then we probably want that in the spamassassin rule name.
Your wiki page suggests JMF is the name. A number of people probably
already configured their spamassassin using your suggested JMF rule names
and they would need to be educated to remove it.
How about these for rule names, so the rule names are not too long?
RCVD_HOSTKARMA_BL Black
RCVD_HOSTKARMA_WL White
RCVD_HOSTKARMA_YL Yellow
RCVD_HOSTKARMA_BR Brown
Warren Togami
wtog...@redhat.com
Hi Warren,
No one has actually implemented the rules for my blacklists correctly. My
lists support both IP and hostname lookups. The hostname assumes that you
have forward confirmed the RDNS so that you eliminate those who might
spoof.
Yellow means that the IP or hostname contains no useful information as to
spam or no spam. On my system once I determine a host is yellow I skip all
blacklists and whitelists tests. Yellow is for Yahoo, Hotmail, Gmail, etc
where the IP has no information and all host tests are meaningless.
My NoBL list is similar to yellow except that you can skip black list
lookup but maybe might be whitelisted somewhere.
If you just want to score points then Black, White, and Brown can be
assigned points. Yellow should be zero points regardless of how it tests.
I think the real power of my lists is in the host name lookups. It would
be worthwhile to implement that.
I think my white listing is very accurate at this point. The thing about
white servers is that they aren't evasive like spammers. There should be
some short circuiting options to reduce system load on SA for white
lookups.
And - I'm hoping others will catch on to some of the things I'm doing
because when other people adopt my tricks they usually improve them.
Let me know what I need to do to help make this happen.
So what SHOULD this, which I clipped off your site, really look like
for SpamAssassin rules?
===8<---
header __RCVD_IN_JMF
eval:check_rbl('JMF-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_JMF Sender listed in JunkEmailFilter
tflags __RCVD_IN_JMF net
header RCVD_IN_JMF_W eval:check_rbl_sub('JMF-lastexternal', '127.0.0.1')
describe RCVD_IN_JMF_W Sender listed in JMF-WHITE
tflags RCVD_IN_JMF_W net nice
score RCVD_IN_JMF_W -5
header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF-lastexternal', '127.0.0.2')
describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK
tflags RCVD_IN_JMF_BL net
score RCVD_IN_JMF_BL 3.0
header RCVD_IN_JMF_BR eval:check_rbl_sub('JMF-lastexternal', '127.0.0.4')
describe RCVD_IN_JMF_BR Sender listed in JMF-BROWN
tflags RCVD_IN_JMF_BR net
score RCVD_IN_JMF_BR 1.0
===8<---
You pick the names and then the world can use them. The JMF names are out
there today.
{^_^} Joanne
