Le 14/06/2011 23:21, Ansgar Wiechers a écrit : > On 2011-06-14 mouss wrote: >> Le 14/06/2011 20:35, Ansgar Wiechers a écrit : >>> On 2011-06-14 Rich Wales wrote: >>>>>> b) rdns for 95.53.111.119 gives >>>>>> pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru >>>>> >>>>> This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges: >>>>> http://www.hardwarefreak.com/fqrdns.pcre >>>> >>>> Additionally, a reliable DNSBL (block list) could be used to detect >>>> and block IP addresses which are known spam sources and/or are >>>> dynamically assigned. >>> >>> Personally I prefer policyd-weight (to avoid rejecting valid mails >>> because of false positives on a single RBL), but yes. >> >> non sense. > > IBTD. > >> just because they are a lot doesn't mean they are right. a single zen >> hit is more reliable than thousands of hits from arbitrary DNSBLs. > > You may want to take an actual look at the DNSBLs policyd-weight uses. > >> policyd-weight is nice. use it if you think it is the right tool for >> you. but for the sake of whatever you like: keep that for yourself >> unless you have real (mathematical) argments. > > My rationale is that no matter how reliable a single source is, they can > still be wrong at times. Getting a second opinion helps mitigating these > cases.
that's where you are wrong. if the second opinion is wrong, it doesn't help at all. the word is: quality, not quantity. review Bayes theorem again. now consider: P1 = listed on zen P2 = listed on spamcops do you really think that P1 & P2 is any better than P1 OR P2 ? explain why? do you believe P1 and P2 are independent? did you test that on a real system? not convinced yet? now replace P2 with korea.services and try to argue. then try with P2 = sorbs. etc etc. > The false negative rate is probably somewhat higher with this > setup, but I consider a limited amount of false negatives far more > tolerable than a single false positive. If you think there's something > wrong with this rationale: please elaborate. > while Bayes theorem can be applied to a "lot of attributes" (such as in spamassassin, ...) without the independence clause, this doesn't work when you only have very few attributes (such as what you get with the envelope).