Hi, >>> I'm curious about the RCVD_IN_SBL_CSS rule and its 3.5 score. Doesn't >>> this seem a bit high? >>> >>> I'm already using postscreen to add 4 points to messages received with >>> zen/sbl with return code 127.0.0.3, but also seeing quite a few >>> RCVD_IN_SBL_CSS hits, so I'm assuming this is the result of the 4 >>> postscreen points not being enough for it to be rejected outright, >>> then subsequently being tagged by spamassassin. >>> >>> These are "deep header" rules, though. Should users be penalized so >>> severely for using a dynamic address when it may not have been them >>> responsible for sending the spam that blacklisted that IP? >> >> >> They are supposed to be addresses from blocks that are believed >> to have been allocated to snowshoe spammers > > the point is "supposed" > > the reality is infected machines are moving around ISP networks and you > sooner or later end in get one of the bused addresses - did the spam > originate from you? no it did not! > > it is *plain wrong* doing *any* deep header tests on received headers and > you will *never* achieve enough to outweight the fallout of hit innocent > victims > > you can argue if the *connection* comes from a host and that host don't stop > it's spamming users to block or penalty that host - fine, works for many > years > > but penalty a *dynaic and moving* enduser IP is broken by design from the > first moment and supposed to go wrong - the only question is how wrong > > the problem is with fewer and fewer ipv4 addresses the fallout is *growing* > from day to day > > dislcaimer: i am not affected by such rules because i dsiable anything in > context of RBL and replace it with my own rules as well as i dsiable *any > other* rule which appears to do deep-header testings
Are you saying you've disabled all RBL rules from within spamassassin and only use them in postfix? Benny wrote: > no one have created a bug on this so its not a fail Wait, what? Are you saying a bug report should be filed? > note this is NOT a deap header scanning How is this not a deep header rule? Please explain. Is there anyone who can explain why this rule is scored so high, or should a bug report be filed?
