Mike Cardwell wrote:
Matus UHLAR - fantomas wrote:
I've also just recently enabled these lists in SA so am still in
the very early stages of testing. I initially did get one FP hit
against the whitelist (spam message sent through an ISP smtp server
in the whitelist)
On 20.05.09 13:41, Mike Cardwell wrote:
Can you let us know what that IP is please? Then Marc can explain how
it managed to get on the whitelist. No ISP SMTP server should be in
a whitelist imho...
That really depends on the blacklist's policy. I think Marc wants to
eliminate FPs this way - an ISP can do whatever against spam, still
customers can manage to send some. Botnets and lame organizations'
servers
cause much more harm that most if ISPs...
I just think that a whitelist entry should be an absolute "no spam comes
from here unless something goes tits up" type entry, and all hosts on it
should be manually checked...
I started querying the whitelist from spamassassin 4 hours ago. I don't
have a high volume of mail. SpamAssassin has only scanned 273 messages
since then, yet the hostkarma whitelist has already incorrectly tagged 2
of that small sample of mail:
1.) May 20 13:34:34 haven spamd[4500]: spamd: result: Y 21 -
BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_QP_LONG_LINE,PYZOR_CHECK,RCVD_IN_JMF_W,SPF_PASS,URIBL_BLACK,URIBL_SBL
scantime=7.5,size=25057,user=doug,uid=1003,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd.sock,mid=<jbsq02c0003f3002000ceunh047...@bp06.net>,bayes=1.000000,autolearn=spam
Which came from: mail.s57.93.bp06.net, 81.252.93.57
I see a lot of trickle (snowshoe?) spam from bp06.net. They are even in
my own personal blacklist:
# bp06.net (unsubscribe attempted - still sending)
86.64.210.0/23 REJECT
83.206.208.128/25 REJECT
81.252.93.0/24 REJECT
I don't even bother scoring them, but just outright reject at the smtp
level.
