blacklisting by SORBS
jdow
jdow at earthlink.net
Tue Aug 16 23:39:49 UTC 2005
From: "Les Mikesell" <lesmikesell at gmail.com>
> On Tue, 2005-08-16 at 11:01, Thomas Cameron wrote:
>> I use SpamAssassin and milter-greylist. SA uses blocklists, but it only
>> assigns a positive score if a blocklist pops, it doesn't reject out of
>> hand.
>>
>> I do *not* reject based on single blocklist entries.
>
> That makes sense, but it's what the rest of the world does that
> matters if you fall in a blacklisted block and want your mail
> to be accepted by others.
These are the various SORBS scores in SpamAssassin
50_scores.cf:score RCVD_IN_SORBS_BLOCK 0
50_scores.cf:score RCVD_IN_SORBS_DUL 0 0.137 0 1.987
50_scores.cf:score RCVD_IN_SORBS_HTTP 0 0 0 0.043
50_scores.cf:score RCVD_IN_SORBS_SOCKS 0 0 0 0.338
50_scores.cf:score RCVD_IN_SORBS_MISC 0 1.597 0 2.493
50_scores.cf:score RCVD_IN_SORBS_SMTP 0 1.847 0 2.054
50_scores.cf:score RCVD_IN_SORBS_WEB 0 0 0 0.007
50_scores.cf:score RCVD_IN_SORBS_ZOMBIE 0 0.819 0 0
On the whole these are not very high scores. SORBS is not regarded as
being all that reliable. So far this week SORBS_DUL is triggering on
only 22% of spam and is triggering on 0.29% of ham. The other SORBS
rules aren't even in my top 100 rules.
Spam Cop gets:
50_scores.cf:score RCVD_IN_BL_SPAMCOP_NET 0 1.832 0 1.216
That's another unimpressive set of scores. SpamCop's record here is even
more dismal. It is hitting on 40% of the spam, which is good; but it is
hitting on 1.5% of the ham. So it's hitting in the 10th position for ham
and the 34th position for ham. There are other BLs that perform very much
better.
Of course, the BAYES_99 rule is king of the road for spam, 90.47% of spam
and 0% ham. BAYES_00 hits 93.37% of my ham and 0.16% of my ham. It has a
fairly hefty negative score here.
Now, I am NOT running stock Fedora Core 4 SpamAssassin. I had to rip it
out and go to CPAN to make it "behave" with the options and added rules
I am using. So stock FC 4 installations may give (will give) worse
performance.
(And as an aside the recent SpamAssassin user's list buzz involves
locally blacklisting uk.geocities.com due to the number of spams for
throw away sex and other spam that feature uk.geocities.com sites.
For example, when it makes it back to me THIS email will score high
due to including those addresses.)
{^_^}
More information about the fedora-list
mailing list