Hi, On Fri, Dec 27, 2002 at 10:01:24AM -0500, H. S. Teoh wrote: [SNIP] > > > X-Mailer: FoxMail 4.0 beta 2 [cn] > > FoxMail isn't really a spam client (google for FoxMail sometime---it's a > legit MUA). Nevertheless, in my local config I give it a positive score > because an unfortunately high percentage of spam I get comes from FoxMail > users. Yep. Spamassassin already flags a lot of things that are no indication of spam in and of themselves, but that do raise the likelihood of the message being spam if found together with other indications. If it's valid to flag on MUA at all (or indirectly, platforms the MUA runs on) for Debian-related lists, then it's definitely legitimate to add a rule for FoxMail I'd say. [SNIP] > > * empty subject or 'Unidentified subject!', could get a score > > I believe this is already getting caught by SUBJ_MISSING. Perhaps the > score for that should be bumped up a bit. Yes, and yes, definitely. General netiquette-related problems are perfectly fine indications of spam. That we may catch some non-spammers that just don't observe netiquette is not something I'd heavily protest against. On the contrary. > > * needlessly high priorities should definitely get a score > > This is a bit questionable. It is quite plausible that legit mail to the > Debian lists will get sent with high priorities. Of course, one could > argue that Debian list users should know better than to set Outlook > priorities, but the point is that this isn't a particularly reliable > indicator of spam. I think it is, see above. This is one of those netiquette-related things. Spammers violate rule #1 of email netiquette; they are likely to violate others, so flagging other violations may help indicate spam. > > * FoxMail could get a score (there's already a negative spam score for > > USER_AGENT_MUTT and _PINE, so why not a positive one for this MUA?) > > Like I said before, FoxMail is legit. The score for it should be low, if > at all. False negatives are better than false positives, even though they > are quite annoying nonetheless. True, but Spamassassin already violates the principle 'innocent until proven guilty' in *lots* of places; most rules form only circumstantial evidence. If you're worried about that, you shouldn't run spamassassin at all. But if you accept it, then every item that has a certain correlation with spam, no matter how legitimate it may be in itself, is a valid candidate for a spamassassin score. [SNIP] > Maybe you really want to install SA on your local machine. :-) Perhaps it's indeed time for that. In addition to rblsmtpd with a few blacklists, I already run all mail through a perl script that checks each IP in each Received: header against a the same blacklists. I used to get a lot of spam through my ISP's backup MTA before I implemented that. It already catches a lot of spam from mailing lists as well, but despite that, the few debian lists I'm subscribed to still get me more spam than anything else. Cheers, Emile. -- E-Advies / Emile van Bergen | emile@e-advies.info tel. +31 (0)70 3906153 | http://www.e-advies.info
Attachment:
pgpXX3iyj7hwh.pgp
Description: PGP signature