> On Thu, 15 Jun 2017, Gerald Turner wrote: > >> spamd[32137]: rules: meta test FREEMAIL_FORGED_FROMDOMAIN has >> dependency 'HEADER_FROM_DIFFERENT_DOMAINS' with a zero score >> [snip] >> - Is there a bug with the project's sa-update channel / auto- >> mass-check setup? > > That's what it sounds like to me - it should not be omitting or zeroing > the scores of rules that participate in metas. > > Something is odd. This didn't come up on the old masscheck host, but the > score generation code should not have changed since then... > > It looks like it's not setting both the net and non-net scores for a few > rules: > > score FROM_IN_TO_AND_SUBJ 1.099 0.000 1.099 0.000 > score HEADER_FROM_DIFFERENT_DOMAINS 0.001 0.000 0.001 0.000 > score HK_SCAM_N8 2.506 0.000 2.506 0.000 > score LOTTO_AGENT 2.609 0.000 2.609 0.000 > > The non-network-enabled scores should only be zero for rules marked as > being network-dependent rules, and *all* rules should have a nonzero > network-enabled score (which appears to be the problem here). > > Something else odd is going on in the score generation: some > well-performing rules (notably URI_WP_HACKED) are now getting scored at 1 > point. There are only 56 rules listed in 72_scores.cf (the output from the > masscheck score generator), the rest would be defaulting to 1 point. >
Yes I think something is wrong, here the 'HEADER_FROM_DIFFERENT_DOMAINS' rule gets scored at 1 since the 8th. That doesn't sound right as it hits on a lot of ham. > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > ----------------------------------------------------------------------- > If you ask amateurs to act as front-line security personnel, > you shouldn't be surprised when you get amateur security. > -- Bruce Schneier > ----------------------------------------------------------------------- > 3 days until SWMBO's Birthday >
