[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: *Please* fix spamassassin's score configuration



Hi,

On Fri, Dec 27, 2002 at 10:01:24AM -0500, H. S. Teoh wrote:

[SNIP]
>
> > X-Mailer: FoxMail 4.0 beta 2 [cn]
> 
> FoxMail isn't really a spam client (google for FoxMail sometime---it's a
> legit MUA). Nevertheless, in my local config I give it a positive score
> because an unfortunately high percentage of spam I get comes from FoxMail
> users.

Yep. Spamassassin already flags a lot of things that are no indication
of spam in and of themselves, but that do raise the likelihood of the
message being spam if found together with other indications.

If it's valid to flag on MUA at all (or indirectly, platforms the MUA
runs on) for Debian-related lists, then it's definitely legitimate to
add a rule for FoxMail I'd say.

[SNIP]

> > * empty subject or 'Unidentified subject!', could get a score
> 
> I believe this is already getting caught by SUBJ_MISSING. Perhaps the
> score for that should be bumped up a bit.

Yes, and yes, definitely. General netiquette-related problems are
perfectly fine indications of spam. That we may catch some non-spammers
that just don't observe netiquette is not something I'd heavily protest
against. On the contrary.

> > * needlessly high priorities should definitely get a score
> 
> This is a bit questionable. It is quite plausible that legit mail to the
> Debian lists will get sent with high priorities. Of course, one could
> argue that Debian list users should know better than to set Outlook
> priorities, but the point is that this isn't a particularly reliable
> indicator of spam.

I think it is, see above. This is one of those netiquette-related
things. Spammers violate rule #1 of email netiquette; they are likely
to violate others, so flagging other violations may help indicate spam.

> > * FoxMail could get a score (there's already a negative spam score for
> >   USER_AGENT_MUTT and _PINE, so why not a positive one for this MUA?)
> 
> Like I said before, FoxMail is legit. The score for it should be low, if
> at all. False negatives are better than false positives, even though they
> are quite annoying nonetheless.

True, but Spamassassin already violates the principle 'innocent until
proven guilty' in *lots* of places; most rules form only circumstantial
evidence. If you're worried about that, you shouldn't run spamassassin
at all. But if you accept it, then every item that has a certain
correlation with spam, no matter how legitimate it may be in itself, is
a valid candidate for a spamassassin score.

[SNIP]

> Maybe you really want to install SA on your local machine. :-)

Perhaps it's indeed time for that. In addition to rblsmtpd with a few
blacklists, I already run all mail through a perl script that checks
each IP in each Received: header against a the same blacklists. I used
to get a lot of spam through my ISP's backup MTA before I implemented
that.

It already catches a lot of spam from mailing lists as well, but despite
that, the few debian lists I'm subscribed to still get me more spam than
anything else.

Cheers,


Emile.

-- 
E-Advies / Emile van Bergen   |   emile@e-advies.info
tel. +31 (0)70 3906153        |   http://www.e-advies.info

Attachment: pgpW17dK9RrCY.pgp
Description: PGP signature


Reply to: