Le 14/06/2011 23:21, Ansgar Wiechers a écrit :
> On 2011-06-14 mouss wrote:
>> Le 14/06/2011 20:35, Ansgar Wiechers a écrit :
>>> On 2011-06-14 Rich Wales wrote:
>>>>>> b) rdns for 95.53.111.119 gives
>>>>>> pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
>>>>>
>>>>> This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
>>>>> http://www.hardwarefreak.com/fqrdns.pcre
>>>>
>>>> Additionally, a reliable DNSBL (block list) could be used to detect
>>>> and block IP addresses which are known spam sources and/or are
>>>> dynamically assigned.
>>>
>>> Personally I prefer policyd-weight (to avoid rejecting valid mails
>>> because of false positives on a single RBL), but yes.
>>
>> non sense.
>
> IBTD.
>
>> just because they are a lot doesn't mean they are right. a single zen
>> hit is more reliable than thousands of hits from arbitrary DNSBLs.
>
> You may want to take an actual look at the DNSBLs policyd-weight uses.
>
>> policyd-weight is nice. use it if you think it is the right tool for
>> you. but for the sake of whatever you like: keep that for yourself
>> unless you have real (mathematical) argments.
>
> My rationale is that no matter how reliable a single source is, they can
> still be wrong at times. Getting a second opinion helps mitigating these
> cases.
that's where you are wrong. if the second opinion is wrong, it doesn't
help at all. the word is: quality, not quantity.
review Bayes theorem again. now consider:
P1 = listed on zen
P2 = listed on spamcops
do you really think that
P1 & P2
is any better than
P1 OR P2
?
explain why? do you believe P1 and P2 are independent? did you test that
on a real system?
not convinced yet? now replace P2 with korea.services and try to argue.
then try with P2 = sorbs. etc etc.
> The false negative rate is probably somewhat higher with this
> setup, but I consider a limited amount of false negatives far more
> tolerable than a single false positive. If you think there's something
> wrong with this rationale: please elaborate.
>
while Bayes theorem can be applied to a "lot of attributes" (such as in
spamassassin, ...) without the independence clause, this doesn't work
when you only have very few attributes (such as what you get with the
envelope).
