Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
Habeas network tests? (was Re: Habeas status?)
mailings02 at ttlexceeded
Mar 10, 2004, 8:46 AM
Post #1 of 2 (253 views)
Permalink
Owen McShane wrote:
> [...]
> I for one give Habeas a + score.

I've recently started getting more of these. I'm not to the point of
giving up on habeas yet (and have reported the offending messages). I
understand that this is an effort-in-progress, but I am surprised that
NONE seem to be scoring in the HABEAS_VIOLATOR network tests. Aren't
these included as part of the network tests by default, or is there
something I need to enable?

- Bob
Re: Habeas network tests? (was Re: Habeas status?) [ In reply to ]
kelson at speed
Mar 10, 2004, 10:50 AM
Post #2 of 2 (245 views)
Permalink
At 07:46 AM 3/10/2004, Bob George wrote:
>I am surprised that NONE seem to be scoring in the HABEAS_VIOLATOR network
>tests. Aren't these included as part of the network tests by default, or
>is there something I need to enable?

AFAIK they are included by default, but the source of HABEAS_VIOLATOR is an
IP-based blacklist. At the time Habeas was designed, most spam was coming
through open relays/proxies or directly from the spammer's IP range. The
rise of virus-infected zombie relays, however, has made IP-based blacklists
useless against spammers that use them.

The next step that's needed is a URI-based list of infringers, which is
what I do locally. Back during the first attack, and again yesterday, I
looked for the websites being advertized, created a URI rule, then created
my own HABEAS_VIOLATOR_LOCAL meta-rule to counteract the score. It takes
all of three minutes to set up.

Sure, that won't scale if the abuse increases, but neither will most
anti-spam solutions. We just have to keep layering them on top of each
other. Relay limits + IP blacklists + domain blacklists + domain
validation + HELO validation + content filtering + hash comparison + sender
verification - it just goes on and on.


Kelson Vibber
SpeedGate Communications <www.speed.net>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal