Raquel Rice wrote:
> [...]
> This is just a request to remove the two domains, wlu.edu and
> zworg.com from blacklist.cf. I'm having false positives on two
> different email lists: php-general@lists.php.net and
> users@httpd.apache.org
IMPORTANT: I personally think Chris Santerre and William Stearns are
doing wonderful things. Please DO NOT take any of this as criticism of
their efforts!
I think we're getting into an awkward place between trying to flag
'spammy' domains and avoiding false positives. blacklist.cf is a great
tool. blacklist-uri.cf and bigevil.cf are equally wonderful for flagging
likely spam.
However, after a few bad experiences with blacklists, AWL and scoring
based on domain of origin, I'm of two opinions:
1. AWL is a great feature. I want to use it. However, it does not play
well with "insanely high" scoring (i.e. blacklists) that slam high
numbers in. The fact that this effect is persistent after the
black/whitelistlist entry is deleted is particularly bothersome. I have
perused the Wiki and manpages, but haven't seen a way to bring down the
+/- 100 scoring associated with black/whitelists. I prefer the
"moderately scored" approach. Maybe a clipping factor for scores. Am I
missing something that exists already?
2. Hitting on domain of origin alone is fine, but I want to create a
local meta rule that moderates the effect of such hits (i.e. "spammy
domain AND one or more tell-tale spam signs"). Particularly useful to
those who are on lists with the odd useful post from someone from a bad
domain. Chris' bigevil approach of adding "moderate" scores to messages
from bad origin domains is close to what I'm after. I like the idea of
downloading a list of suspect domains, but I'd like an easier way to
tweak/modify the scores without resorting to filtering the file through
sed or similar.
Ideally, I'd like to have the "blacklist adjustment" and "whitelist
adjustment" values stored in a config separate from the rulesets (i.e.
blacklist.cf, 60_whitelist.cf) so I can change it once, and have it
remain in play even when I update those files.
Similarly, I'd like to be able to create a meta that says "if a hit from
this set (i.e. bigevil) [+optional other conditions] then score X". I'm
probably after a wildcard match for rule names in metas here, but even
that seems cumbersome and error-prone.
Is there any such capability I'm missing?
Thanks all,
- Bob
> [...]
> This is just a request to remove the two domains, wlu.edu and
> zworg.com from blacklist.cf. I'm having false positives on two
> different email lists: php-general@lists.php.net and
> users@httpd.apache.org
IMPORTANT: I personally think Chris Santerre and William Stearns are
doing wonderful things. Please DO NOT take any of this as criticism of
their efforts!
I think we're getting into an awkward place between trying to flag
'spammy' domains and avoiding false positives. blacklist.cf is a great
tool. blacklist-uri.cf and bigevil.cf are equally wonderful for flagging
likely spam.
However, after a few bad experiences with blacklists, AWL and scoring
based on domain of origin, I'm of two opinions:
1. AWL is a great feature. I want to use it. However, it does not play
well with "insanely high" scoring (i.e. blacklists) that slam high
numbers in. The fact that this effect is persistent after the
black/whitelistlist entry is deleted is particularly bothersome. I have
perused the Wiki and manpages, but haven't seen a way to bring down the
+/- 100 scoring associated with black/whitelists. I prefer the
"moderately scored" approach. Maybe a clipping factor for scores. Am I
missing something that exists already?
2. Hitting on domain of origin alone is fine, but I want to create a
local meta rule that moderates the effect of such hits (i.e. "spammy
domain AND one or more tell-tale spam signs"). Particularly useful to
those who are on lists with the odd useful post from someone from a bad
domain. Chris' bigevil approach of adding "moderate" scores to messages
from bad origin domains is close to what I'm after. I like the idea of
downloading a list of suspect domains, but I'd like an easier way to
tweak/modify the scores without resorting to filtering the file through
sed or similar.
Ideally, I'd like to have the "blacklist adjustment" and "whitelist
adjustment" values stored in a config separate from the rulesets (i.e.
blacklist.cf, 60_whitelist.cf) so I can change it once, and have it
remain in play even when I update those files.
Similarly, I'd like to be able to create a meta that says "if a hit from
this set (i.e. bigevil) [+optional other conditions] then score X". I'm
probably after a wildcard match for rule names in metas here, but even
that seems cumbersome and error-prone.
Is there any such capability I'm missing?
Thanks all,
- Bob