On Sat, 12 Oct 2013, Stan Hoeppner wrote: >> and engage in discussion WRT lowering the score, eliminating the >> overlap with the other bare IP HELO rules, etc?
On 10/12/2013 07:28 PM, John Hardin wrote: > It seems that 94% of the ham hits in masscheck are against list mail, > and none of the spam hits are, so it would seem reasonable to add an > exclusion for list messages. > > Maddoc hasn't touched these rules since 2009, so I will go ahead and > add an exclusion for that. Actually, the overlap issue is quite real. These two rules <http://ruleqa.spamassassin.org/?daterev=20131014-r1531815-n&rule=FSL_HELO_BARE_IP_2+RCVD_NUMERIC_HELO&srcpath=&g=Change> are quite similar: MSECS SPAM% HAM% S/O RANK SCORE NAME 0 60.7267 0.3533 0.994 0.85 2.00 FSL_HELO_BARE_IP_2 <http://ruleqa.spamassassin.org/20131014-r1531815-n/FSL_HELO_BARE_IP_2/detail> 0 56.8567 0.0784 0.999 0.97 0.00 RCVD_NUMERIC_HELO <http://ruleqa.spamassassin.org/20131014-r1531815-n/RCVD_NUMERIC_HELO/detail> overlap spam: 99% of RCVD_NUMERIC_HELO <http://ruleqa.spamassassin.org/20131014-r1531815-n/RCVD_NUMERIC_HELO/detail> hits also hit FSL_HELO_BARE_IP_2 <http://ruleqa.spamassassin.org/20131014-r1531815-n/FSL_HELO_BARE_IP_2/detail>; 93% of FSL_HELO_BARE_IP_2 <http://ruleqa.spamassassin.org/20131014-r1531815-n/FSL_HELO_BARE_IP_2/detail> hits also hit RCVD_NUMERIC_HELO <http://ruleqa.spamassassin.org/20131014-r1531815-n/RCVD_NUMERIC_HELO/detail> (ham 100%) overlap spam: 93% of FSL_HELO_BARE_IP_2 <http://ruleqa.spamassassin.org/20131014-r1531815-n/FSL_HELO_BARE_IP_2/detail> hits also hit RCVD_NUMERIC_HELO <http://ruleqa.spamassassin.org/20131014-r1531815-n/RCVD_NUMERIC_HELO/detail>; 99% of RCVD_NUMERIC_HELO <http://ruleqa.spamassassin.org/20131014-r1531815-n/RCVD_NUMERIC_HELO/detail> hits also hit FSL_HELO_BARE_IP_2 <http://ruleqa.spamassassin.org/20131014-r1531815-n/FSL_HELO_BARE_IP_2/detail> (ham 22%) That's a lot of overlap. FSL_HELO_BARE_IP_2 may be well served by excluding RCVD_NUMERIC_HELO. Given its higher S/O, that might even get the latter rule a score again (I assume the zero score came from John's exclusion and a preference towards FSL_HELO_BARE_IP_2).
signature.asc
Description: OpenPGP digital signature
