RE: [SAtalk] Detailed explanation of rules?

Mon, 29 Dec 2003 07:19:48 -0800 

Hi Gordon,

> 
> Firstly, I can bring up the list of tests, but is there any 
> way that I can find out more explanation of the tests? 

http://www.spamassassin.org/tests.html

There 
> are really two aspects to this question - the brief 
> descriptions of the tests often refer to technical details 
> about mail delivery that I (as a user, not administrator) 
> have never needed to know about - for example FAKE_HELO_AOL 
> refers to "Host HELO did not match rDNS". Is there anywhere 
> that gives a basic explanation of what this means with 
> respect to SpamAssassin?

You'd really need to understand how SMTP conversations work.  In your
example:
When one mailer speaks to another, the first thing it says is "HELO" and
announces its name.  The receiving server can then do a DNS lookup on
the IP address of the sending server (which can't be forged) to find out
what its true name is supposed to be.  Note that this is one of the most
misconfigured DNS records, on a global scale - it doesn't HAVE TO be
configured to make your mail server work, so many neophyte DNS or mail
admins don't know or bother to configure it, and in addition many ISPs
will not allow their customers control over their reverse DNS records.
So if my mailserver at 169.254.230.105 begins the conversation with HELO
FOO.COM but you ask your DNS server who  169.254.230.105 is and it
returns SOMETHING.ELSE.COM it will return this test as positive.

Since there are varying levels of understanding, and so many tests, it
would be a pretty big task to document all of this to a level that would
suffice for everyone.  So the answer is "Ask your mail admin" or "ask
here on this list".  I've tried explaining your example to people who
administer mailservers for a living, and they don't get it.  (Sad...)
However, the short explanation given there is enough for any competent
email administrator to know EXACTLY what it means.

 In addition, there are some things 
> that I can understand, but cannot figure out any reason for 
> the points assigned to them - for example why is HTML_00_10 
> worth a point, while HTML_20_30 worth only 0.69 points?

The developers ran half a million mail messages through spamassassin,
and it turns out that HTML_00_10 is a better indicator of spam than
HTML_20_30 is.  Many of the tests come out that way, counter to what we
would think at first glance.

> 
> Secondly, I am recently getting a lot of Spam that uses 
> constructs of the following form:
> 
> <p>Ban</duquesne>ned C</snazzy>D Gov</easygoing>

That'll be nailed by Jennifer's Most Excellent Rules.
Popcorn/Backhair/Weeds.  Save them into the directory where your
local.cf is, and restart spamd if you use it.
http://www.emtinc.net/spamhammers.htm

-tom


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to