On Fri, 2010-08-20 at 23:05 +0200, Jacek Politowski wrote:
> On Fri, Aug 20, 2010 at 08:54:57PM +0200, Karsten Bräckelmann wrote:
> > Moreover, IMHO you are barking up the wrong tree. In your OP you said, a
> > message has been *rejected* by your SMTP. Yet, you are focusing entirely
> > on the RCVD_IN_BL_SPAMCOP_NET and RCVD_IN_SORBS_WEB hits. Which by
> > itself won't even push the score above the default spam threshold.
>
> Unfortunately, number of spam getting through, while I was using
> default SpamAssassin configuration, was way too high. So I'm playing a
> bit with a razor here (hoping I won't hurt myself too much).
Ah! A self-inflicted wound. :)
> I've made some statistics, which showed that most of spams getting
> through scored (almost) only on a few DNSBL rules, so I raised the
> score for them (but still not high enough to block e-mail mail with
> single DNSBL hit).
>
> This, however, left me with the situation I described in my first post.
Good to see you didn't raise any of them to a poison-pill single-hit
kill. Preserving the fundamental scoring approach of SA.
However, it appears you raised the score of some rules too much. Way too
much. The stock scores are set for a reason. And btw, you still didn't
tell your local scores and reject threshold.
If the $version stock doesn't cut it for you any more, I'd say upgrading
SA to the latest version is most likely to help -- seriously help.
> I was hoping I'll be able to limit "depth" of "Received:" checks in
As I said -- you can, but that's on a per-rule basis. The hop(s) checked
against any given BL are carefully considered in stock SA.
Anyway, the reason you want to do this in the first place is your
messing with the scores. A band-aid, to fix side-effects of excessive
score raising. You just entered whack-a-mole level.
> SA. This seemed like an easier option than implementing such logic
> directly in the MTA, as most of required stuff is already present in
> SpamAssassin.
>
> I don't think I can afford rejecting emails based solely on just one
> DNSBL - I don't trust any of them that much.
>
> So, probably I'll just have to write my own checks for SA, giving them
> scores useful in my situation.
That definitely sounds like a good idea. :) Better than what I just
understood you have done before.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
