On Thu, 8 Sep 2016, RW wrote:
On Thu, 8 Sep 2016 15:53:00 -0500 (CDT)
Shane Williams wrote:
Hey all,
I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in
digging deeper, I realize that there are zero hits on this rule for
the two weeks prior to Aug. 31, and now I'm seeing it thousands of
times per week (not just against google IPs).
Was this rule added/changed/re-scored in a recent sa-update?
It was commented out for a long time because it had a delisting fee,
but was recently re-enabled.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=2221#c16
Thanks for that link, as it clarifies why it just started scoring
again.
This is the first time (at least in a long time) that I've looked at
ruleqa, but it seems like
http://ruleqa.spamassassin.org/20160904-r1759058-n/RCVD_IN_SORBS_SPAM/detail
would indicate that it should be scored at zero (since its S/O is
nearly .5), but instead it's 2.399, which is a lot to add for a rule
that's been napping for the last 13 years.
Perhaps more to the root issue, I'm concerned that it looks like
listing on SORBS is based on total volume rather than percentage.
Their summary page for the IP I checked (209.85.218.48), seems to say
that there have been 28 "recent" spam entries seen from this address,
but I would imagine this is a miniscule percentage off all email sent
from that address. If that's all it takes to get listed, I'm kind of
surprised that all of google's IPs aren't listed.
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT CompSci
=----------------------------------+-------------------------------
All syllogisms contain three lines | sha...@shanew.net
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
