http://www.hughes-family.org/bugzilla/show_bug.cgi?id=1074
In short, X_OSIRU_DUL_FH should, in theory, be negative and that X_OSIRU_DUL is as it should be. However the GA assigned a small positive score to X_OSIRU_DUL_FH. I might theorize this as suggesting that since most spammers are playing the "whack-a-mole-dialup" game for their first delivery point, the fact that the first node is a dialup isn't really a good sign either way.
Increasing it to a large positive value (2.4), from the extremely small (0.36) value it has demonstrates a severe bias you have introduced artificially into SpamAssassin.
The net score of these rules as-delivered is 1.36. Perhaps the VERY small scores of these rules should speak strongly to you about how commonly they are false-positive. Really I take any rule with a score of less than 0.5 with a grain of salt and anything under 0.2 is almost entirely an academic study.
My own personal belief is that RCVD_IN_OSIRUSOFT_COM is worthless and should be removed from the ruleset, and there's some motion in that direction in some of the bugs on the devel list. I certainly question the value of doing a DNS lookup for any rule of less than 0.5 score from the GA. X_OSIRU_DUL_FH should be negative, zero, or out.
Currently I have both of these rules zeroed out to save the waste of time spent doing a DNS lookup for such poor performing rules.
At 03:49 PM 12/23/2002 -0500, John McCauley wrote:
Check these headers and the Spamassassin 2.43 results (real email addresses DELETED):Received: from out005.verizon.net ([206.46.170.143] verified) by ctgusa.com (CommuniGate Pro SMTP 4.0.1) with ESMTP id 1052087 for DELETED; Mon, 23 Dec 2002 12:27:03 -0500 Received: from 2hgnl01 ([138.88.118.143]) by out005.verizon.net (InterMail vM.5.01.05.20 201-253-122-126-120-20021101) with ESMTP id <20021223172703.KMEC19422.out005.verizon.net@2hgnl01> for <DELETED>; Mon, 23 Dec 2002 11:27:03 -0600 Message-ID: <014401c2aaa8$be804460$5916fea9@2hgnl01> SPAM: RCVD_IN_OSIRUSOFT_COM (1.4 points) RBL: Received via a relay in relays.osirusoft.com SPAM: [RBL check: found 143.118.88.138.relays.osirusoft.com., type: 127.0.0.3] SPAM: X_OSIRU_DUL (2.6 points) RBL: DNSBL: sender ip address in in a dialup block SPAM: X_OSIRU_DUL_FH (2.4 points) RBL: Received from first hop dialup listed in relays.osirusoft.com SPAM: [RBL check: found 143.118.88.138.relays.osirusoft.com., type: 127.0.0.3] (I upped the OSIRU scores to force a hit.) Seems wrong. I see a Verizon dsl user at 138.88.118.143 relaying through the proper Verizon smtp host at 206.46.170.143. So why did SA do a check on the first hop at 138.88.118.143? -- John McCauley CTGi, Oakton, VA, USA Www.ctgusa.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
