https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6797
Priority: P2
Bug ID: 6797
Assignee: [email protected]
Summary: lower score for combined RCVD_IN_SORBS_HTTP and
RCVD_IN_SORBS_SOCKS hits
Severity: normal
Classification: Unclassified
OS: Linux
Reporter: [email protected]
Hardware: PC
Status: NEW
Version: unspecified
Component: Rules
Product: Spamassassin
rules RCVD_IN_SORBS_HTTP and RCVD_IN_SORBS_SOCKS seem to hit in together too
often, at least here:
% grep -Fh ']: spamd: result: ' /var/log/today/courier | grep -e
RCVD_IN_SORBS_HTTP -e RCVD_IN_SORBS_SOCKS | awk ' /RCVD_IN_SORBS_HTTP/ &&
/RCVD_IN_SORBS_SOCKS/ { both++} END {print NR, both;}'
12 12
% grep -Fh ']: spamd: result: ' /var/log/yesterday/courier | grep -e
RCVD_IN_SORBS_HTTP -e RCVD_IN_SORBS_SOCKS | awk ' /RCVD_IN_SORBS_HTTP/ &&
/RCVD_IN_SORBS_SOCKS/ { both++} END {print NR, both;}'
3 3
They both have similar scores about 2.5 in network&!bayes set.
I propose small score fix, so they together don't puth too hard:
meta SORBS_SOCKS_HTTP (RCVD_IN_SORBS_HTTP && RCVD_IN_SORBS_SOCKS)
describe SORBS_SOCKS_HTTP fix for HTTP&SOCKS proxies in SORBS (usually come
together)
score SORBS_SOCKS_HTTP 0 -2 0 0
Note they are both used in deep scanning, so this indicated that proxies are
often open for both HTTP and SOCKS, but mail from such hosts may be valid and
relayed through spam filtering MTAs.
--
You are receiving this mail because:
You are the assignee for the bug.
