On Wed, 2009-03-04 at 16:02 +0100, Andrzej Adam Filip wrote:
> Karsten Bräckelmann <guent...@rudersport.de> wrote:
> > About 98-99% of my spam in-stream scores as high, that any such proposal
> > results in a useless increase of the score.
> >
> > The problem lies with the LOW scoring spam. Alas, these do not tend to
> > trigger on a solid subset or meta as you proposed. In particular, RBL
> > hits are quite rare, even more so for multiple hits. The few rules hit
> > by low scorers are quite diverse, which complicates this.
>
> May be spamassassin should create set of tests intended for use before
> replying "RCPT TO:" in SMTP session?
> [ test based on: sending IP address, envelope sender, envelope
> recipient, and name in helo/ehlo ]
This would be an entirely different application, not SA, wouldn't it?
Well, this probably could be done in SA using a multi-level protocol
capable of returning values at different stages. However, this seems
perfectly suited for a lightweight tool, rather than a hog that is
designed to scan and process entire messages. :)
> Possible "recommended actions": accept, temporary reject, permanent
> reject - with choice based on "spam score" *AND* mail source reputation.
>
> Temporary reject in SMTP session should increase chances of DNSBL hits
> by reducing "blind spot" period of newly created spam sources.
Experience with grey-listing, tempfail or whatever varies wildly given
the posts to this list. Some do report, that the zombies won't retry
anyway after being tempfailed once. So a later DNSBL hit after the list
catching up and DNS propagation may be even irrelevant.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
