Re: IADB whitelist

Mon, 25 Dec 2017 07:00:44 -0800 


On 25/12/17 10:45, Reindl Harald wrote:



Am 25.12.2017 um 09:28 schrieb Sebastian Arcus:

On 23/12/17 10:01, Kevin A. McGrail wrote:

The 1st step is that a representaive of the rbl asks us to consider 
for inclusion.



Thank you. If enough people receive spam sanctioned by a particular 
whitelist, will the minus scores associated with their rule(s) be 
reduced over time?


maybe, but why not just override the score in local.cf

/etc/mail/spamassassin/local-*.cf
score RCVD_IN_IADB_DK -0.3
score RCVD_IN_IADB_DOPTIN -1.0
score RCVD_IN_IADB_DOPTIN_GT50 -0.5
score RCVD_IN_IADB_DOPTIN_LT50 -0.1
score RCVD_IN_IADB_LISTED -0.001
score RCVD_IN_IADB_ML_DOPTIN -2.5
score RCVD_IN_IADB_OPTIN -0.05
score RCVD_IN_IADB_OPTIN_GT50 -0.2
score RCVD_IN_IADB_OPTIN_LT50 -0.1
score RCVD_IN_IADB_RDNS -0.05
score RCVD_IN_IADB_SENDERID -0.5
score RCVD_IN_IADB_SPF -0.1
score RCVD_IN_IADB_VOUCHED -2.0



I know I can override the scores for all sorts of things in local.cf. 
The reason I was raising the question is because I was wondering if 
whitelists can be used by unscrupulous marketing organisations to 
effectively undo what is one of the main functions of SA - to reduce or 
stop unsolicited email.





Also, any idea why are there 6 different rules associated with this 
particular whitelist?



these are 6 different lists, just read the description you even posted 
on the right side of the score



Well, they might be technically 6 different lists, but IADB is one 
single entity, and including 6 different whitelists from them only looks 
like a way to reduce the SA score for email from their "certified" 
senders further. After all SA already checks separately for things like 
RDNS, DKIM, SPF.








On December 23, 2017 3:03:26 AM EST, Sebastian Arcus 
<s.ar...@open-t.co.uk> wrote:



    What is the process of including whitelists in SA default 
configs? It is

    not the first time I see pretty obvious mailing list spam which has
    quite high minus scores from 2-3 whitelists included in SA:


    -1.5 RCVD_IN_IADB_OPTIN     RBL: IADB: All mailing list mail is 
opt-in
                                   [205.201.128.83 
<http://205.201.128.83>  listed iniadb.isipp.com 
<http://iadb.isipp.com>]
    -0.1 RCVD_IN_IADB_DK        RBL: IADB: Sender publishes Domain 
Keys record

    -0.2 RCVD_IN_IADB_RDNS      RBL: IADB: Sender has reverse DNS record

    -0.0 RCVD_IN_IADB_SENDERID  RBL: IADB: Sender publishes Sender ID 
record
    -2.2 RCVD_IN_IADB_VOUCHED   RBL: ISIPP IADB lists as vouched-for 
sender

    -0.1 RCVD_IN_IADB_SPF       RBL: IADB: Sender publishes SPF record
    -0.0 RCVD_IN_IADB_LISTED    RBL: Participates in the IADB system

    -0.0 RCVD_IN_IADB_OPTIN_GT50 RBL: IADB: Opt-in used more than 50% 
of the

    time


    For the same message, Pyzor has a high score - which is correct:

    2.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                                   [cf: 100]
    2.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)






















					Reply via email to