On 12/6/2011 12:59 AM, Dorian Chan wrote: > Hello all, > I've attached a newer version with Windows info. Thanks Daniel, > Patrick, and Ted.
A few comments: 1) There are multiple types of blacklists and whitelists. IP blacklists, URL blacklists, and address blacklists. IP and URL blacklists (and whitelists) are usually public and checked via DNS queries. Address blacklists (and whitelists) are usually stored on the local machine or shared in a local network rather than being public. 2) (Address) whitelists can trust emails pretending to be from whitelisted addresses, but this can be mitigated in SA by checking IP address, DKIM, SPF, or other methods to verify that the email is actually from the user it claims. 3) Recommended threshold (required_hits) is 5.0. All of the default scores are geared toward this. If you lower it, you will increase false positives. If you raise it, you will increase false negatives. 4) whitelist_from is not recommended, however if you know where the mail should be coming from, you can use whitelist_from_rcvd. If the sender uses DKIM or SPF, you can use whitelist_auth. 5) When checking rules, use 'spamassassin --lint'. This should give no output if the rule syntax is correct. Adding the '-D' option gives a bunch of extra debug information, which can make it more difficult (especially for a new user) to see whether the lint succeeded. Also, please use a font for command samples which can easily distinguish between '-' (a single dash) and '--' (a double dash). It is common to use courier or some other monospaced font for command samples in documents such as this. And make sure your editor does not automatically change the double dash to a long hyphen. The '--lint' option should start with two dashes. 6) You should note that 'spamassassin -t' will always claim that the message is spam. You should ignore that and refer to the score and rule hits instead. -- Bowie A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
