On Thursday 13 November 2003 01:03 pm, Derek Jennings wrote: > OK I have adjusted some of the scores and it is all working nicely, but I > have a question? > > What is the difference between RCVD_IN_SORBS and the specific Sorbs tests > like X_SORBS_SOCKS ?
RCVD_IN_SORBS is triggered when any one of the multi zone tests comes back positive. The X_SORBS_SOCKS is the single zone test for an open SOCKS proxy. > If a mail fails a specific Sorbs test then won't it by definition also > trigger the general test? Yes, but the reason that I included all of those is that some people, including myself may not want to block on some of the specific zones that SORBS lists. For intance, I might want to block only known spam sources as opposed to merely open relays. SORBS actually has more zones than I have listed in my cf file, those are just the ones that I want to block on. You can also include settings that will check for multiple hits and assign a weighted score to each one so that it would require say, a hit on open proxy coupled with a hit on spam source to trigger a block. I am fairly aggressive on my system and want to block even if the provider just maintains or doesn't close open relays, proxies, etc., again YMMV. That is why I suggested checking the score factors carefully before using the file. However, the benefit of including the individual zone tests is that in the spam report, either added to headers or placed in the message, SA will show the individual tests that trigger the score. So, for instance, if you get a lot of false positives from the SPEWS zone and you want to avoid that, you can remove it or even place a lower score on that individual zone. It is even possible to place a negative score, such that a hit on X_SPEWS_SORBS would reduce the count by 5 but a general hit on RCVD_IN_SORBS would be 7, thus a total of 2 if the hit came from SPEWS but was not included in any of the other zones. By granting different weights to the individual tests, it is possible to tailor SA to your specific needs based on your results. Aggressive scoring works really well for me but I know that it is not for everyone. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
