Am 21.09.2014 um 03:29 schrieb John Hardin: > On Sun, 21 Sep 2014, Reindl Harald wrote: > >> Am 20.09.2014 um 23:54 schrieb RW: >>> On Sat, 20 Sep 2014 15:48:05 +0200 >>> Reindl Harald wrote: >>> >>>> http://www.antivirushelptool.com/spamassassin/header/USER_IN_DEF_DKIM_WL >>>> that's too much and gives even a message on systems where >>>> BAYES_99 and BAYES_999 would reach 8.0 a negative score >>> >>> Do you have any evidence for it being too much? It seems about right >>> to me. >>> >>> If you have an actual problem I'd suggest you use unwhitelist_from_dkim >>> locally and report the domain so it can be considered for delisting. >>> >>> The dkim default whitelist contains domains that send a lot of >>> autogenerated and bulk mail, but have a very low probabilty of sending >>> spam >> >> how can -7.5 be right? >> >> it bypasses unconditional any bayse regardless if it is trained >> with 100, 1000 or 10000 messages ham / spam and that can not >> be the the right thing > > That's kinda the *point* to a whitelist.
unconditional whitelists are as bad as unconditional blacklists > I would suggest getting BAYES_999 on a message that has a valid DKIM > signature for a domain in the default DKIM > whitelist may instead indicate either bayes mistraining or somebody has put > something into the default DKIM > whitelist locally that they shouldn't have. none of both i would say no bayes mistraining and there is no sender host which never is affected by something bad passing by - recently had the same happening on the own network thats's why you have a *content* filter which should not unconditionally whitelist > Would you care to share the spam that you posted the scores for at the start > of this thread? There's not much we > can do with just the rules that hit beside post vague guesses. The critical > part is: which domain is that > whitelisted DKIM signature for? no message content available - we don't store anything on the gateway 3 cases with score -5 twice and one time -2 message-id=<....@xtinmta4208.xt.local bounce-...@bounce.mail.hotels.com > Is it possible that your bayes has been trained with legit[1] newsletters > that someone is dropping into their > spambox rather than unsubscribing from? unlikely - i am the only one who trains the bayes frankly i collected a lot of newsletters and stuff for HAM where i thought "well, how that message is built normally would not deserve any good scoring" 0.000 0 1592 0 non-token data: nspam 0.000 0 1627 0 non-token data: nham 0.000 0 318955 0 non-token data: ntokens > [1] "legit" meaning that the person actually subscribed to, or from a sender > that the person actually is a customer > of or does have a business relationship with even if - the bayes should not be *that* outbeated and the fear from a possible FP is not a good reason for nearly unconditional whitelists and -2 + 7.5 would have been 5.5 which is still fine having a milter-reject of 8.0 what if a account there is hacked which can happen everytime? until such a WL is terminated a spam wave makes it's way
signature.asc
Description: OpenPGP digital signature
