https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6114
Summary: SpamCop top spammers and top spamming networks
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Rules
AssignedTo: [email protected]
ReportedBy: [email protected]
70_sc_top200's main merit was that you could give extra points to the bigger
offenders of SpamCop. It is no longer maintained, but when it was, it would
assign three points to each offender.
SpamCop also publishes the top /8 and /24 CIDR networks by several metrics,
including spam volume. I've created some rules that examine the top offending
networks at those two levels plus the top offending individual servers (/32
CIDRs) at several thresholds.
This currently exists as an sa-update channel (khop-sc-neighbors at
http://khopesh.com/Anti-spam#sa-update_channels ) that is repopulated from its
source SpamCop/SenderBase data every four hours. I also have an experimental
DNSBL, which is somewhat nonsensical given the extremely small size of the data
(the generated BIND configuration is 49KB while the generated SA config is only
8.4KB!), but it might facilitate a better test given how rulesqa can't deal
with channels yet...
KHOP_SC_CIDR8 does contain a number of false positives. For the most part, the
scores are all tried-and-true, though the channel only recently got the /32
offenders and only recently started allowing RCVD_IN_BL_SPAMCOP_NET overlap
with the CIDR tests.
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
