On 25-01-16 16:38, Reindl Harald wrote:
>
> Am 25.01.2016 um 16:22 schrieb Matus UHLAR - fantomas:
>> On 25.01.16 15:17, Reindl Harald wrote:
>>> not worth an argument when it's simply wrong and hits mostly clear ham
>>> and is broken by definition looking at *random* headers?
>>>
>>> cat maillog | grep FSL_HELO_BARE_IP_2 | grep "result: Y" | wc -l
>>> 21
>>>
>>> cat maillog | grep FSL_HELO_BARE_IP_2 | wc -l
>>> 130
>>>
>>> cat maillog | grep FSL_HELO_BARE_IP_2 | grep BAYES_00 | wc -l
>>> 93
>>
>> excuse me, did you get a FP?
>> Together with BAYES_00?
>
> excuse but the point of a rule hit is not "did it end in a complete FP"
> but "if the rule bahvior is reasonable and hits more spam than ham"
>
> yet talked with another sysadmin
>
> same numbers, all spam-hits between 10-36, so without the rule a sure
> mitler-reject and most hits where clear ham, a few only rescued with
> BAYES_00 and otherwise tagged
>
The way this rule works, sounds to me like it catches a lot of crappy
mailers that send through a legitimate relay. I've also seen issues with
this and its score is lowered to 0.001 @here too.
However the main cause for FPs seems to me internal mail (reporting
scripts sending mail to sysadmin or BI people) which is semi-whitelisted
anyway. This means it only hurts when the client is not able to
whitelist (maybe even before mail hits SA).
@Reindl: maybe you could check with your client(s) what type of mail it
is? Especially if you see the hits popping at regular (cron-like)
intervals. And then inform them that their phpmailer (or whatever crap
mailer they use) could need an upgrade.
In any way, it would be interesting to see what type of ham mail
triggers such a rule when masscheck allows such a high score, before
starting an argument about it.
Regards,
Tom
