Re: Tweaking Rules

2008-01-29 Thread Matus UHLAR - fantomas 
> On Mon, Jan 28, 2008 at 04:10:39PM -0600, Matt wrote:
> > score SPF_FAIL 10
> > score SPF_SOFTFAIL 5
> > score SPF_NEUTRAL 2

On 28.01.08 17:28, Theo Van Dinter wrote:
> If you wanted to give a small positive score for these, that might not be
> terrible.  Anything over 1 is asking for trouble IMO.

funny, since at lease the SPF FAIL status means that the message should be
rejected. I guess most of the SPF FAIL FP's (if we can speak about FPs in
this case) comes out of forwarders not rewriting sender adddress or
misconfigured MTAs, where both should be fixed

I have SPF_FAIL 10 and SPF_SOFTFAIL 5 too...

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)

Re: Tweaking Rules

2008-01-28 Thread Theo Van Dinter 
On Mon, Jan 28, 2008 at 04:10:39PM -0600, Matt wrote:
> Does anyone see anything wrong with these scores?  The RDNS_DYNAMIC
> worries me a bit since I know a few email servers hosted on dynamic
> looking reverse DNS's.

Well, first, the scores are really aggressive.  Generally speaking, you don't
want single rules to make something considered spam due to the likely FP rate.

> score RCVD_IN_PBL 3
> score RCVD_IN_XBL 5
> score RDNS_NONE 5
> score RCVD_IN_SORBS_DUL 3
> score RDNS_DYNAMIC 3

Here are my results for these from the last weekly mass-check run:

 62.565  66.5706   0.1.000   1.000.00  RCVD_IN_PBL
 34.530  36.7400   0.1.000   0.970.00  RCVD_IN_SORBS_DUL
 57.274  60.9301   0.15310.997   0.940.00  RCVD_IN_XBL
 35.354  37.5632   0.84940.978   0.780.10  RDNS_DYNAMIC
 47.812  50.6487   3.49150.936   0.660.10  RDNS_NONE

IMO, the PBL is good enough for a 4.5 or so.  SORBS_DUL seems similar.  XBL is
probably worth a 2.5, and after that I would max out at 1.5 due to the high FP
rate.

> score SPF_FAIL 10
> score SPF_SOFTFAIL 5
> score SPF_NEUTRAL 2

If you wanted to give a small positive score for these, that might not be
terrible.  Anything over 1 is asking for trouble IMO.

  5.742   6.1008   0.13330.979   0.880.00  SPF_SOFTFAIL
  2.536   2.6963   0.02470.991   0.880.00  SPF_NEUTRAL
  4.554   4.8255   0.31610.939   0.820.00  SPF_FAIL

For completeness:

  1.064   1.1314   0.00990.991   0.820.00  SPF_HELO_SOFTFAIL
  3.515   0.4903  50.75810.010   0.520.00  SPF_PASS
  0.000   0.   0.0.500   0.480.00  SPF_HELO_FAIL
  0.000   0.   0.0.500   0.480.00  SPF_HELO_NEUTRAL
  0.980   0.2159  12.92410.016   0.470.00  SPF_HELO_PASS


-- 
Randomly Selected Tagline:
You are dishonest, but never to the point of hurting a friend.


pgp2fYo6N5ktg.pgp
Description: PGP signature

Tweaking Rules

2008-01-28 Thread Matt 
I have added the following to the local.cf to decrease the spam that
gets through.

score RCVD_IN_PBL 3
score RCVD_IN_XBL 5
score RDNS_NONE 5
score RCVD_IN_SORBS_DUL 3
score SPF_FAIL 10
score SPF_SOFTFAIL 5
score SPF_NEUTRAL 2
score RDNS_DYNAMIC 3

Does anyone see anything wrong with these scores?  The RDNS_DYNAMIC
worries me a bit since I know a few email servers hosted on dynamic
looking reverse DNS's.

Matt