Of 185 spams I have that were tagged correctly by SA, 10 have SMTPD32 received headers, only one of which was an eval version. Looking at the headers, all of the SMTPD's were open-relays, and many operated on cable/dsl subnets. Perhaps it's popular for DSL/cable subscribers to pirate this app and run it misconfigured, but it doesn't seem to be all that common.
For comparison, a search of the headers for my current inbox of snort users matches 45 emails, from 8 different users, but that's a lot more email. I'd say it's fair to say this rule isn't that good, but the cost of the app isn't really a consideration for wether or not spammers will use a tool, piracy is way too common. At 03:55 PM 7/18/2002 -0400, Tom Grandgent wrote: >That software costs $1000 minimum. However, there is an evaluation >version available. I don't see why spammers would use the eval version >of a full-fledged mail server instead of one of the great many free >or cheap programs designed solely to do mass mailing, but I accept that >it's within the realm of possibility. > >I would be interested in seeing the ratio of spams detected versus >false-positives based on this test. Is that what determines the >"default score" for a test, by the way? Or is it something else? > > >Vince Puzzella ([EMAIL PROTECTED]) wrote: > > > > It's probably because a lot of small-time, DYI spammers use that > > software to perform bulk mailing. > > > > -----Original Message----- > > From: Tom Grandgent [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, July 18, 2002 3:30 PM > > To: [EMAIL PROTECTED] > > Subject: [SAtalk] SMTPD_IN_RCVD test is unfair discrimination...? > > > > > > Hi, > > > > I run Ipswitch Mail Server, a popular mail server on Win32, and recently > > > > one of my users had a legitimate email he sent flagged as spam by > > SpamAssassin running on the receiving server. What caught my attention > > was the line: > > > > SMTPD_IN_RCVD (2.1 points) Received via SMTPD32 server > > (SMTPD32-n.n) > > > > (SMTPD32-n.n) is how IMail identifies itself. So this test is saying > > that > > if the message is coming from an IMail server, it's probably spam. > > Right? > > To my knowledge, IMail is as secure against spammers as any other good > > mail > > server. It's dirt simple to configure as a closed relay. The > > documentation strongly recommends doing this and explains the problems > > with open relays in detail. > > > > I searched for more information on this test on the SpamAssassin web > > site > > and the list archives but couldn't find anything. Can anyone explain > > the > > reasoning behind this test? > > > > Thanks, > > > > Tom > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf _______________________________________________ > > Spamassassin-talk mailing list [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Spamassassin-talk mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > > > > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >_______________________________________________ >Spamassassin-talk mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
