Bill Cole <sausers-20150...@billmail.scconsult.com> writes: >> I've ended up giving a point each to FREEMAIL_FROM and TO_GMAIL, which >> sort of nulls that out. > > Also: the DNSWL rules in the default ruleset are mis-scored, based > apparently on a Perceptron run early in the history of SA and DNSWL. I > don't know exactly how to fix this at the distribution level because > the RuleQA system can't cope well with possibly labile network > reputation rules. The effect of this is that the DNSWL rule scores are > not routinely rescored. The fact that they've had the same scores for > ~10 years means that they are probably a fixed basis for static local > rules in many places. We don't want to disrupt anyone's working system > by changing the default scores.
It would be interesting to know what they would be set to, if there weren't the concern of things built on them. > With that said, I don't think anyone should use the RCVD_IN_DNSWL* > rule scores just because they are the default scores. I see your point that you think the defaults are bad, but it also seems awkward that basically every SA user be expected to change them. > Locally I use this: > score RCVD_IN_DNSWL_LOW 0.8 > score RCVD_IN_DNSWL_MED -0.2 > score RCVD_IN_DNSWL_HI -2 > > Those are NOT based on any formal analysis, but simply on my > eyeballing a bunch of local stats and heuristically picking values, > because I'm a bozo... Sure, I use that process myself, and that's fine because I have to answer to a tiny number of people. FWIW, I haven't really found a lot of problems from DNSWL. I file <1 into INBOX, >=1 to >=5 into spam.[12345], and accept that .spam.1 is going to have a lot of FPs as the cost of keeping FNs out of INBOX. That's of course contrary to doctrine, but it means that I look over any spam that makes it to INBOX carefully and I just haven't been seeing DNSWL_MED on spam very often. My view is that if -2.3 on DNSWL_MED leads people to want to change the score, that's a clue that there are things in MED that should not be listed. >> It would be really nice if there were an easy way to exclude a domain >> from whitelist checks. > > So, for the internal default "whitelist" this exists: unwhitelist_from (see > 'perldoc Mail::SpamAssassin::Conf') > > It is easy enough to construct rules that counteract DNSWL or other > external reputation sources, and the addition of ad hoc internal lists > (WLBLEval plugin) in 3.4.x makes it possible to do so in a > well-structured manner. Basically, you can create a list of domains > that should NOT get any DNSWL bonus and use a meta rule to counteract > that bonus. This isn't quite the same as excluding domains from a > check entirely, but you can get the same effect. Thanks - I realize I could do this somehow, but it feels fragile to have all these matching inverse points. I also realize writing the feature I want is a bunch of code and that I haven't attached a patch.
signature.asc
Description: PGP signature
