Dennis B. Hopp began: >>> I received the following e-mail http://pastebin.com/JXr9buxi >>> >>> It had a total score of 4.973 (blocked at 5). [...] it hit: >>> >>> KHOP_RCVD_TRUST=-1.75,RCVD_IN_DNSWL_MED=-0.5,SPF_PASS=-0.001
Michael Scheidell responded: >> is that an old rule? i just checked SA updates, and I don't see >> that rule in current SA 3.3.1 >> >> so, who is KHOP? I looked in rule sets and don't know them. >> were these rules inherited form some outside trusted source? KHOP is short for khopesh (or khopis), which are my handles. I've quite purposefully left rules like KHOP_RCVD_TRUST and other adjustors out of subversion despite that the lion's share of the khop-* channels' content is. This is because they would radically change the way that SpamAssassin scores things (for the better in my opinion, but that will cause some level of debate that I don't have the time to participate in at the moment). The gist of KHOP_RCVD_TRUST and its companion KHOP_RCVD_UNTRUST, the former of which was well summarized by Greg, is simple: Give a boost to non-overlapping* whitelisted relays that provide assurance against spoofing and reduce the trust factor on whitelisted relays that lack it. (* if it's already listed in multiple relay whitelists, there's no need to help the negative score.) Trust within whitelists is (in my opinion) is a little too strongly placed, especially given how much harder it is to remove a whitelisted relay from a DNS-whitelist than it is to remove a blacklisted relay from a DNSBL. Furthermore, any sender who goes to the trouble of getting on a DNS-whitelist is probably also going to set up SPF or DKIM to assure users against spoofing, which means they'll hit KHOP_RCVD_TRUST and not its companion. Dennis B. Hopp then wrote: > http://khopesh.com/wiki/Anti-spam#sa-update_channels > > Some of his rules I believe have been incorporated into mainline > sa. I'm using 3.3.1. I just got an update from some of the KHOP > channels yesterday so they appeared to be maintained. Yes, some of my channel's rules have found their way into the 3.3 branch, specifically DEAR_EMAIL, HELO_NO_DOMAIN, and TWO_IPS_RCVD. It took me a while to dig through SA3.3 and clean up my rules to play nice with it, and I've been busy on other projects so the channels only got minor updates as they worked pretty well. Since khop-sc-neighbors is an automatically updated channel, it been updated continuously during this period. As noted in bug 6114 and bug 6390, I've recently finished rigging unattended automatic svn checkins so that it is up to date for masscheck, too.
