Author: jm
Date: Wed Jan 17 07:09:18 2007
New Revision: 497041
URL: http://svn.apache.org/viewvc?view=rev&rev=497041
Log:
bug 4728: fix -notfirsthop DNSBL lookup rules to use -lastexternal instead, since it reduces FPs and is easier for legit senders to avoid
Modified:
spamassassin/rules/trunk/sandbox/dos/70_bugs.cf
spamassassin/trunk/rules/20_dnsbl_tests.cf
Modified: spamassassin/rules/trunk/sandbox/dos/70_bugs.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/dos/70_bugs.cf?view=diff&rev=497041&r1=497040&r2=497041
==============================================================================
--- spamassassin/rules/trunk/sandbox/dos/70_bugs.cf (original)
+++ spamassassin/rules/trunk/sandbox/dos/70_bugs.cf Wed Jan 17 07:09:18 2007
@@ -32,31 +32,32 @@
tflags T_RCVD_IN_MAPS_DUL net
### see how checking only the -lastexternal host affects hit rates of various DNSBLs ###
+# jm: applied, see bug 4728 cmt 17
-header T_E_RCVD_IN_NJABL_DUL eval:check_rbl('njabl-lastexternal', 'combined.njabl.org.', '127.0.0.3')
-describe T_E_RCVD_IN_NJABL_DUL NJABL: dialup sender did non-local SMTP
-tflags T_E_RCVD_IN_NJABL_DUL net
-
-header T_E_RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
-describe T_E_RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
-tflags T_E_RCVD_IN_SORBS_DUL net
+# header T_E_RCVD_IN_NJABL_DUL eval:check_rbl('njabl-lastexternal', 'combined.njabl.org.', '127.0.0.3')
+# describe T_E_RCVD_IN_NJABL_DUL NJABL: dialup sender did non-local SMTP
+# tflags T_E_RCVD_IN_NJABL_DUL net
+
+# header T_E_RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
+# describe T_E_RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
+# tflags T_E_RCVD_IN_SORBS_DUL net
# applied as part of bug 5294
# header T_E_RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal', 'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
# describe T_E_RCVD_IN_XBL Received via a relay in Spamhaus XBL
# tflags T_E_RCVD_IN_XBL net
-header T_E_RCVD_IN_WHOIS_INVALID eval:check_rbl('whois-lastexternal', 'combined-HIB.dnsiplists.completewhois.com.', '127.0.0.4')
-describe T_E_RCVD_IN_WHOIS_INVALID CompleteWhois: sender on invalid IP block
-tflags T_E_RCVD_IN_WHOIS_INVALID net
-
-header T_E_RCVD_IN_DSBL eval:check_rbl_txt('dsbl-lastexternal', 'list.dsbl.org.', '(?i:dsbl)')
-describe T_E_RCVD_IN_DSBL Received via a relay in list.dsbl.org
-tflags T_E_RCVD_IN_DSBL net
-
-header T_E_RCVD_IN_MAPS_DUL eval:check_rbl('dialup-lastexternal', 'dialups.mail-abuse.org.')
-describe T_E_RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.org/dul/
-tflags T_E_RCVD_IN_MAPS_DUL net
+# header T_E_RCVD_IN_WHOIS_INVALID eval:check_rbl('whois-lastexternal', 'combined-HIB.dnsiplists.completewhois.com.', '127.0.0.4')
+# describe T_E_RCVD_IN_WHOIS_INVALID CompleteWhois: sender on invalid IP block
+# tflags T_E_RCVD_IN_WHOIS_INVALID net
+
+# header T_E_RCVD_IN_DSBL eval:check_rbl_txt('dsbl-lastexternal', 'list.dsbl.org.', '(?i:dsbl)')
+# describe T_E_RCVD_IN_DSBL Received via a relay in list.dsbl.org
+# tflags T_E_RCVD_IN_DSBL net
+
+# header T_E_RCVD_IN_MAPS_DUL eval:check_rbl('dialup-lastexternal', 'dialups.mail-abuse.org.')
+# describe T_E_RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.org/dul/
+# tflags T_E_RCVD_IN_MAPS_DUL net
endif
Modified: spamassassin/trunk/rules/20_dnsbl_tests.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rules/20_dnsbl_tests.cf?view=diff&rev=497041&r1=497040&r2=497041
==============================================================================
--- spamassassin/trunk/rules/20_dnsbl_tests.cf (original)
+++ spamassassin/trunk/rules/20_dnsbl_tests.cf Wed Jan 17 07:09:18 2007
@@ -126,7 +126,7 @@
tflags RCVD_IN_SORBS_ZOMBIE net
#reuse RCVD_IN_SORBS_ZOMBIE
-header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-notfirsthop', 'dnsbl.sorbs.net.', '127.0.0.10')
+header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
describe RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
tflags RCVD_IN_SORBS_DUL net
#reuse RCVD_IN_SORBS_DUL
@@ -202,7 +202,7 @@
describe RCVD_IN_WHOIS_HIJACKED CompleteWhois: sender on hijacked IP block
tflags RCVD_IN_WHOIS_HIJACKED net
-header RCVD_IN_WHOIS_INVALID eval:check_rbl('whois-notfirsthop', 'combined-HIB.dnsiplists.completewhois.com.', '127.0.0.4')
+header RCVD_IN_WHOIS_INVALID eval:check_rbl('whois-lastexternal', 'combined-HIB.dnsiplists.completewhois.com.', '127.0.0.4')
describe RCVD_IN_WHOIS_INVALID CompleteWhois: sender on invalid IP block
tflags RCVD_IN_WHOIS_INVALID net
#reuse RCVD_IN_WHOIS_INVALID RCVD_IN_RFC_IPWHOIS
@@ -218,7 +218,7 @@
# transfers: yes - rsync and http, see http://dsbl.org/usage
# pay-to-use: no
# delist: automated/distributed
-header RCVD_IN_DSBL eval:check_rbl_txt('dsbl-notfirsthop', 'list.dsbl.org.', '(?i:dsbl)')
+header RCVD_IN_DSBL eval:check_rbl_txt('dsbl-lastexternal', 'list.dsbl.org.', '(?i:dsbl)')
describe RCVD_IN_DSBL Received via a relay in list.dsbl.org
tflags RCVD_IN_DSBL net
#reuse RCVD_IN_DSBL
@@ -252,7 +252,7 @@
describe RCVD_IN_MAPS_RBL Relay in RBL, http://www.mail-abuse.org/rbl/
tflags RCVD_IN_MAPS_RBL net
-header RCVD_IN_MAPS_DUL eval:check_rbl('dialup-notfirsthop', 'dialups.mail-abuse.org.')
+header RCVD_IN_MAPS_DUL eval:check_rbl('dialup-lastexternal', 'dialups.mail-abuse.org.')
describe RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.org/dul/
tflags RCVD_IN_MAPS_DUL net
@@ -268,7 +268,7 @@
# "header" lines, not the "describe" or "tflags" lines) and uncomment the
# below lines
#header RCVD_IN_MAPS_RBL eval:check_rbl('rblplus', 'rbl-plus.mail-abuse.org.', '1')
-#header RCVD_IN_MAPS_DUL eval:check_rbl('rblplus-notfirsthop', 'rbl-plus.mail-abuse.org.', '2')
+#header RCVD_IN_MAPS_DUL eval:check_rbl('rblplus-lastexternal', 'rbl-plus.mail-abuse.org.', '2')
#header RCVD_IN_MAPS_RSS eval:check_rbl_sub('rblplus', '4')
#header RCVD_IN_MAPS_OPS eval:check_rbl_sub('rblplus', '8')
#describe RCVD_IN_MAPS_OPS Relay in OPS, http://www.mail-abuse.org/ops/
Date: Wed Jan 17 07:09:18 2007
New Revision: 497041
URL: http://svn.apache.org/viewvc?view=rev&rev=497041
Log:
bug 4728: fix -notfirsthop DNSBL lookup rules to use -lastexternal instead, since it reduces FPs and is easier for legit senders to avoid
Modified:
spamassassin/rules/trunk/sandbox/dos/70_bugs.cf
spamassassin/trunk/rules/20_dnsbl_tests.cf
Modified: spamassassin/rules/trunk/sandbox/dos/70_bugs.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/dos/70_bugs.cf?view=diff&rev=497041&r1=497040&r2=497041
==============================================================================
--- spamassassin/rules/trunk/sandbox/dos/70_bugs.cf (original)
+++ spamassassin/rules/trunk/sandbox/dos/70_bugs.cf Wed Jan 17 07:09:18 2007
@@ -32,31 +32,32 @@
tflags T_RCVD_IN_MAPS_DUL net
### see how checking only the -lastexternal host affects hit rates of various DNSBLs ###
+# jm: applied, see bug 4728 cmt 17
-header T_E_RCVD_IN_NJABL_DUL eval:check_rbl('njabl-lastexternal', 'combined.njabl.org.', '127.0.0.3')
-describe T_E_RCVD_IN_NJABL_DUL NJABL: dialup sender did non-local SMTP
-tflags T_E_RCVD_IN_NJABL_DUL net
-
-header T_E_RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
-describe T_E_RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
-tflags T_E_RCVD_IN_SORBS_DUL net
+# header T_E_RCVD_IN_NJABL_DUL eval:check_rbl('njabl-lastexternal', 'combined.njabl.org.', '127.0.0.3')
+# describe T_E_RCVD_IN_NJABL_DUL NJABL: dialup sender did non-local SMTP
+# tflags T_E_RCVD_IN_NJABL_DUL net
+
+# header T_E_RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
+# describe T_E_RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
+# tflags T_E_RCVD_IN_SORBS_DUL net
# applied as part of bug 5294
# header T_E_RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal', 'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
# describe T_E_RCVD_IN_XBL Received via a relay in Spamhaus XBL
# tflags T_E_RCVD_IN_XBL net
-header T_E_RCVD_IN_WHOIS_INVALID eval:check_rbl('whois-lastexternal', 'combined-HIB.dnsiplists.completewhois.com.', '127.0.0.4')
-describe T_E_RCVD_IN_WHOIS_INVALID CompleteWhois: sender on invalid IP block
-tflags T_E_RCVD_IN_WHOIS_INVALID net
-
-header T_E_RCVD_IN_DSBL eval:check_rbl_txt('dsbl-lastexternal', 'list.dsbl.org.', '(?i:dsbl)')
-describe T_E_RCVD_IN_DSBL Received via a relay in list.dsbl.org
-tflags T_E_RCVD_IN_DSBL net
-
-header T_E_RCVD_IN_MAPS_DUL eval:check_rbl('dialup-lastexternal', 'dialups.mail-abuse.org.')
-describe T_E_RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.org/dul/
-tflags T_E_RCVD_IN_MAPS_DUL net
+# header T_E_RCVD_IN_WHOIS_INVALID eval:check_rbl('whois-lastexternal', 'combined-HIB.dnsiplists.completewhois.com.', '127.0.0.4')
+# describe T_E_RCVD_IN_WHOIS_INVALID CompleteWhois: sender on invalid IP block
+# tflags T_E_RCVD_IN_WHOIS_INVALID net
+
+# header T_E_RCVD_IN_DSBL eval:check_rbl_txt('dsbl-lastexternal', 'list.dsbl.org.', '(?i:dsbl)')
+# describe T_E_RCVD_IN_DSBL Received via a relay in list.dsbl.org
+# tflags T_E_RCVD_IN_DSBL net
+
+# header T_E_RCVD_IN_MAPS_DUL eval:check_rbl('dialup-lastexternal', 'dialups.mail-abuse.org.')
+# describe T_E_RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.org/dul/
+# tflags T_E_RCVD_IN_MAPS_DUL net
endif
Modified: spamassassin/trunk/rules/20_dnsbl_tests.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rules/20_dnsbl_tests.cf?view=diff&rev=497041&r1=497040&r2=497041
==============================================================================
--- spamassassin/trunk/rules/20_dnsbl_tests.cf (original)
+++ spamassassin/trunk/rules/20_dnsbl_tests.cf Wed Jan 17 07:09:18 2007
@@ -126,7 +126,7 @@
tflags RCVD_IN_SORBS_ZOMBIE net
#reuse RCVD_IN_SORBS_ZOMBIE
-header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-notfirsthop', 'dnsbl.sorbs.net.', '127.0.0.10')
+header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
describe RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
tflags RCVD_IN_SORBS_DUL net
#reuse RCVD_IN_SORBS_DUL
@@ -202,7 +202,7 @@
describe RCVD_IN_WHOIS_HIJACKED CompleteWhois: sender on hijacked IP block
tflags RCVD_IN_WHOIS_HIJACKED net
-header RCVD_IN_WHOIS_INVALID eval:check_rbl('whois-notfirsthop', 'combined-HIB.dnsiplists.completewhois.com.', '127.0.0.4')
+header RCVD_IN_WHOIS_INVALID eval:check_rbl('whois-lastexternal', 'combined-HIB.dnsiplists.completewhois.com.', '127.0.0.4')
describe RCVD_IN_WHOIS_INVALID CompleteWhois: sender on invalid IP block
tflags RCVD_IN_WHOIS_INVALID net
#reuse RCVD_IN_WHOIS_INVALID RCVD_IN_RFC_IPWHOIS
@@ -218,7 +218,7 @@
# transfers: yes - rsync and http, see http://dsbl.org/usage
# pay-to-use: no
# delist: automated/distributed
-header RCVD_IN_DSBL eval:check_rbl_txt('dsbl-notfirsthop', 'list.dsbl.org.', '(?i:dsbl)')
+header RCVD_IN_DSBL eval:check_rbl_txt('dsbl-lastexternal', 'list.dsbl.org.', '(?i:dsbl)')
describe RCVD_IN_DSBL Received via a relay in list.dsbl.org
tflags RCVD_IN_DSBL net
#reuse RCVD_IN_DSBL
@@ -252,7 +252,7 @@
describe RCVD_IN_MAPS_RBL Relay in RBL, http://www.mail-abuse.org/rbl/
tflags RCVD_IN_MAPS_RBL net
-header RCVD_IN_MAPS_DUL eval:check_rbl('dialup-notfirsthop', 'dialups.mail-abuse.org.')
+header RCVD_IN_MAPS_DUL eval:check_rbl('dialup-lastexternal', 'dialups.mail-abuse.org.')
describe RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.org/dul/
tflags RCVD_IN_MAPS_DUL net
@@ -268,7 +268,7 @@
# "header" lines, not the "describe" or "tflags" lines) and uncomment the
# below lines
#header RCVD_IN_MAPS_RBL eval:check_rbl('rblplus', 'rbl-plus.mail-abuse.org.', '1')
-#header RCVD_IN_MAPS_DUL eval:check_rbl('rblplus-notfirsthop', 'rbl-plus.mail-abuse.org.', '2')
+#header RCVD_IN_MAPS_DUL eval:check_rbl('rblplus-lastexternal', 'rbl-plus.mail-abuse.org.', '2')
#header RCVD_IN_MAPS_RSS eval:check_rbl_sub('rblplus', '4')
#header RCVD_IN_MAPS_OPS eval:check_rbl_sub('rblplus', '8')
#describe RCVD_IN_MAPS_OPS Relay in OPS, http://www.mail-abuse.org/ops/