On 14 Apr 2019, at 4:03, Jari Fredriksson wrote:
We have had some discussions of this in the past. But now I became
worried that all SA users do not have access to their border smtp and
are NOT configuring postfix with this: https://pastebin.com/LGkdi7NM
<https://pastebin.com/LGkdi7NM>
That's far more specified than my own postscreen config, and I'm a
verifiable anti-spam obsessive...
It's absolutely the case that MOST de facto SA users (many of whom have
no idea that they ARE SA users) don't control their SMTP edge. Most of
those who do have control will not replicate any particular Pre-SA
configuration. As a result, what SA sees as as total mailstream is not
just a function of the fact that every person receives their own unique
collection of ham and is targeted by a unique collection of spam, but
also by the fact that the pre-SA filtering is bespoke, at least for
each server and sometimes for each user.
Now, I am part of RuleQA. Should I accept everything and pass it so
SpamAssassin and to my corpus or not?
I don't know whether there is an official policy on this so, even though
I am a committer and a PMC member, my opinions in this message are NOT
official positions of the ASF SpamAssassin Project.
I believe that submissions to RuleQA should include all mail that is
likely to be seen by SA anywhere. That does NOT include mail from
systems that talk before greeting banners or pipeline improperly or use
blatantly fraudulent HELO names but it would include mail which is
easily rejected by sites using a mosaic of DNSBLs akin to those used in
your postscreen config.
Reindl Harald may have his say as a corporate maintainer or something
but the SpamAssassin user base is more.
To my knowledge, he has never made a positive contribution to SA as an
ongoing open source project and user community, due largely to his
choice of a confrontational and disrespectful communication style. Being
frequently wrong in the context of mail systems and mailstreams unlike
his own doesn't help.
ALL SA users share that problem of myopia. We can't know anything about
the mailstreams of others or even about the mail aimed at us which we
reasonably reject before seeing the actual data. Having mail that most
sites could properly reject by using distributed reputation systems
(i.e. DNSBLs) in the masscheck submissions makes the output of RuleQA
more useful in identifying spam from sources that have not yet hit those
distributed reputation systems.
How can I best support SpamAssassin besides having a mass check
automation and mirrors for the sa-update?
Those are both large contributions. Thank you for that support.
The obvious repository of things we need fixed is the Bugzilla. There
are a lot of open bugs, most of which require some Perl prowess and
substantial time to fix, because we've done pretty well on attacking
simple bugs as they are reported. There are gaps and flaws in the
documentation, both on the Wiki and internal to the code, where many
authors have used only standard commenting instead of POD, effectively
hiding documentation. rule development is also potentially quite
helpful, if you are good at it and have the patience to deal with the
testing process (e.g. like John Hardin.)
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole