On Wed, 2009-03-04 at 16:02 +0100, Andrzej Adam Filip wrote: > Karsten Bräckelmann <guent...@rudersport.de> wrote:
> > About 98-99% of my spam in-stream scores as high, that any such proposal > > results in a useless increase of the score. > > > > The problem lies with the LOW scoring spam. Alas, these do not tend to > > trigger on a solid subset or meta as you proposed. In particular, RBL > > hits are quite rare, even more so for multiple hits. The few rules hit > > by low scorers are quite diverse, which complicates this. > > May be spamassassin should create set of tests intended for use before > replying "RCPT TO:" in SMTP session? > [ test based on: sending IP address, envelope sender, envelope > recipient, and name in helo/ehlo ] This would be an entirely different application, not SA, wouldn't it? Well, this probably could be done in SA using a multi-level protocol capable of returning values at different stages. However, this seems perfectly suited for a lightweight tool, rather than a hog that is designed to scan and process entire messages. :) > Possible "recommended actions": accept, temporary reject, permanent > reject - with choice based on "spam score" *AND* mail source reputation. > > Temporary reject in SMTP session should increase chances of DNSBL hits > by reducing "blind spot" period of newly created spam sources. Experience with grey-listing, tempfail or whatever varies wildly given the posts to this list. Some do report, that the zombies won't retry anyway after being tempfailed once. So a later DNSBL hit after the list catching up and DNS propagation may be even irrelevant. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}