Warren Togami wrote:
> On 09/28/2009 06:53 PM, Marc Perkel wrote:
>>
>>
>> Warren Togami wrote:
>>> On 09/28/2009 01:32 PM, Marc Perkel wrote:
>>>>
>>>> I'd be interested in how well it worked. Is there anything I need
>>>> to do
>>>> to help?
>>>
>>> http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
>>> Could you provide a URL redirector to this page? This URL is very
>>> long. Perhaps shorter URL in the describe of each rule like:
>>> http://hostkarma.junkemailfilter.com ?
>> I'm working on that. Trying to figure out how to give it an A record.
>>>
>>> This URL will be in spam reports so folks can click-thru and see why
>>> their message triggered on this rule.
>>>
>>> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6212
>>> I filed the request to add it to sandbox for testing here. The line
>>> wrapping got screwed up in Bugzilla.
>>>
>>> You might also want to consider standardizing the name of the
>>> blacklist. You called it JEF earlier in this thread. Your Wiki page
>>> calls the rules JMF. And it also seems to be called Hostkarma. It will
>>> be confusing to people if they see different names referring to the
>>> same thing. Perhaps we should call it JMF to avoid confusion?
>>
>> I'd like to keep the name HOSTKARMA as standard.
>
> If that's so, then we probably want that in the spamassassin rule
> name. Your wiki page suggests JMF is the name. A number of people
> probably already configured their spamassassin using your suggested
> JMF rule names and they would need to be educated to remove it.
>
> How about these for rule names, so the rule names are not too long?
>
> RCVD_HOSTKARMA_BL Black
> RCVD_HOSTKARMA_WL White
> RCVD_HOSTKARMA_YL Yellow
> RCVD_HOSTKARMA_BR Brown
>
> Warren Togami
> wtogami@redhat.com
>
Hi Warren,
No one has actually implemented the rules for my blacklists correctly.
My lists support both IP and hostname lookups. The hostname assumes that
you have forward confirmed the RDNS so that you eliminate those who
might spoof.
Yellow means that the IP or hostname contains no useful information as
to spam or no spam. On my system once I determine a host is yellow I
skip all blacklists and whitelists tests. Yellow is for Yahoo, Hotmail,
Gmail, etc where the IP has no information and all host tests are
meaningless.
My NoBL list is similar to yellow except that you can skip black list
lookup but maybe might be whitelisted somewhere.
If you just want to score points then Black, White, and Brown can be
assigned points. Yellow should be zero points regardless of how it tests.
I think the real power of my lists is in the host name lookups. It would
be worthwhile to implement that.
I think my white listing is very accurate at this point. The thing about
white servers is that they aren't evasive like spammers. There should be
some short circuiting options to reduce system load on SA for white
lookups.
And - I'm hoping others will catch on to some of the things I'm doing
because when other people adopt my tricks they usually improve them.
Let me know what I need to do to help make this happen.