On 3 Mar 2018, at 3:54, Noel Butler wrote:
On 03/03/2018 11:40, John Hardin wrote:
On Sat, 3 Mar 2018, Noel Butler wrote:
On 03/03/2018 04:40, John Hardin wrote:
On Fri, 2 Mar 2018, Sebastian Arcus wrote:
-0.2 RCVD_IN_IADB_RDNS RBL: IADB: Sender has reverse DNS record
[199.127.240.84 listed in iadb.isipp.com]
-0.1 RCVD_IN_IADB_SPF RBL: IADB: Sender publishes SPF record
-0.1 RCVD_IN_IADB_OPTIN RBL: IADB: All mailing list mail is
opt-in
-0.0 RCVD_IN_IADB_SENDERID RBL: IADB: Sender publishes Sender ID
record
-0.0 RCVD_IN_IADB_LISTED RBL: Participates in the IADB system
-0.1 RCVD_IN_IADB_DK RBL: IADB: Sender publishes Domain Keys
record
-0.1 RCVD_IN_IADB_VOUCHED RBL: ISIPP IADB lists as vouched-for
sender
I am concerned when the default settings in SA effectively facilitate
marketing companies to stuff my Inbox full of junk.
-0.6 points makes the difference?
Perhaps the default scores need to be reviewed, but simply having the
rules isn't problematic.
Have to agree with him, it can make all the difference in some cases,
I'd prefer to see the rules stay, but all at score 0
-0.001 surely... 0 = disabled = breaks dependencies.
I would argue that the current scores work very well for default
installs. Likely, many users of SA lack the skills and data required to
optimize their setups, so they benefit from receiving an install that
will work well enough out of the box.
That would be acceptable :)
I disagree. Knee-jerk changes to rule scores based on a single report
that contradicts what others are seeing is detrimental to the stability
of SA. I'm either responsible or consult for filters that process ~10
million messages per day at a few corporate organizations where SA is
used extensively in both the inbound and outbound. Not a particularly
large number nor more than a few samples. Yet in all those cases I keep
the default IADB scores in place as they work well with our rule sets.
The only message that was marked as spam and triggered one of the IADB
rules in my archive was sent by an ex-customer of the IADB.
Based on my data, I'm seeing more false positives from other rules --
yet I'm not proposing to change the default SA configuration because of
this. I understand that factors such as geography or my user base change
effectiveness.
Some rules are more or less effective due to bias
https://esmtp.email/blog/2017/09/06/blacklist-bias/
At some point I did consider using the IADB rules as part of a metarule,
but that proved not more useful than leaving the rules as they were, so
I chalked that as a learning exercise and moved on.
(I usually disable all whitelists anyway, especially those scoring
influentially)
And this is sound advice to anyone with the skills to tune their SA
installation according to their specific needs. However this is probably
not so true for people that installs SA and leaves the default
configuration in place. Be it the one that SA ships or the one their
preferred linux distribution provides.
Best regards
-lem
