You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by John Hardin <jh...@impsec.org> on 2016/06/03 13:36:57 UTC
Re: Rule updates are too old - 2016-06-03
On Fri, 3 Jun 2016, darxus@chaosreigns.com wrote:
> 20160602: Spam or ham is below threshold of 150,000: http://ruleqa.spamassassin.org/?daterev=20160602
> 20160602: Spam: 589792, Ham: 138721
We've been hovering *just* below the ham threshold for a week or so now.
Anyone who can contribute to masscheck please get in touch with Kevin
McGrail! Non-English ham is especially welcome. Even a little.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
From the Liberty perspective, it doesn't matter if it's a
jackboot or a Birkenstock smashing your face. -- Robb Allen
-----------------------------------------------------------------------
3 days until the 72nd anniversary of D-Day
Re: Rule updates are too old - 2016-06-03
Posted by Kim Roar Foldøy Hauge <ki...@samfunnet.no>.
>>>> If you join, you might relax a bit on rejecting spam, but saving it
>>>> for masschecks.Thats what I do... I do reject something, but not
>>>> everything I could.
>>>
>>> That's probably not a good idea if it leads to unrepresentative spam.
>>>
>>> In particular it may lead to botnet related tests being seriously
>>> overscored, causing extra FPs for little benefit to the TP rate. This
>>> seems to be already happening.
>>>
>>> There's could be a similar problem with spamtrap spam too. For RBLs and
>>> hashing it's OK to look at everything that goes to the address. SA
>>> QA should only use the spam that would have made it through to SA.
>>
>> That would tend to *under*score those rules for sites that have SA but
>> few or no MTA-time DNSBL checks, wouldn't it?
>>
>> Yes, I know, "proper admin"; but such sites probably do exist - should
>> we punish them by underscoring those rules?
>
> Okay. Now we need a consensus on this subtopic, right? I do not want to
> do harm to the project or users of it.
The spam scores should be tuned for a well-configured server. Mail that
can be trivially rejected by greylisting, rbl, spf and similar tools isn't
all that interesting to use as a basis for the scores.
--
Kim Roar Foldy Hauge
Event:Presse - The Gathering 2016
webmaster@samfunnet.no
Root@HC,HX,JH,LZ,OT,P,VH
Re: Rule updates are too old - 2016-06-03
Posted by Jari Fredriksson <ja...@iki.fi>.
On 3.6.2016 19.21, John Hardin wrote:
> On Fri, 3 Jun 2016, RW wrote:
>
>> On Fri, 03 Jun 2016 17:54:59 +0300
>> Jari Fredriksson wrote:
>>>
>>> If you join, you might relax a bit on rejecting spam, but saving it
>>> for masschecks.Thats what I do... I do reject something, but not
>>> everything I could.
>>
>> That's probably not a good idea if it leads to unrepresentative spam.
>>
>> In particular it may lead to botnet related tests being seriously
>> overscored, causing extra FPs for little benefit to the TP rate. This
>> seems to be already happening.
>>
>> There's could be a similar problem with spamtrap spam too. For RBLs and
>> hashing it's OK to look at everything that goes to the address. SA
>> QA should only use the spam that would have made it through to SA.
>
> That would tend to *under*score those rules for sites that have SA but
> few or no MTA-time DNSBL checks, wouldn't it?
>
> Yes, I know, "proper admin"; but such sites probably do exist - should
> we punish them by underscoring those rules?
>
>
Okay. Now we need a consensus on this subtopic, right? I do not want to
do harm to the project or users of it.
--
jarif.bit
Re: Rule updates are too old - 2016-06-03
Posted by John Hardin <jh...@impsec.org>.
On Fri, 3 Jun 2016, RW wrote:
> On Fri, 03 Jun 2016 17:54:59 +0300
> Jari Fredriksson wrote:
>>
>> If you join, you might relax a bit on rejecting spam, but saving it
>> for masschecks.Thats what I do... I do reject something, but not
>> everything I could.
>
> That's probably not a good idea if it leads to unrepresentative spam.
>
> In particular it may lead to botnet related tests being seriously
> overscored, causing extra FPs for little benefit to the TP rate. This
> seems to be already happening.
>
> There's could be a similar problem with spamtrap spam too. For RBLs and
> hashing it's OK to look at everything that goes to the address. SA
> QA should only use the spam that would have made it through to SA.
That would tend to *under*score those rules for sites that have SA but few
or no MTA-time DNSBL checks, wouldn't it?
Yes, I know, "proper admin"; but such sites probably do exist - should we
punish them by underscoring those rules?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
There is no better measure of the unthinking contempt of the
environmentalist movement for civilization than their call to
turn off the lights and sit in the dark. -- Sultan Knish
-----------------------------------------------------------------------
3 days until the 72nd anniversary of D-Day
Re: Rule updates are too old - 2016-06-03
Posted by RW <rw...@googlemail.com>.
On Fri, 03 Jun 2016 17:54:59 +0300
Jari Fredriksson wrote:
>
> If you join, you might relax a bit on rejecting spam, but saving it
> for masschecks.Thats what I do... I do reject something, but not
> everything I could.
That's probably not a good idea if it leads to unrepresentative spam.
In particular it may lead to botnet related tests being seriously
overscored, causing extra FPs for little benefit to the TP rate. This
seems to be already happening.
There's could be a similar problem with spamtrap spam too. For RBLs and
hashing it's OK to look at everything that goes to the address. SA
QA should only use the spam that would have made it through to SA.
Re: Rule updates are too old - 2016-06-03
Posted by Jari Fredriksson <ja...@iki.fi>.
3. kes�kuuta 2016 16.46.59 GMT+03:00 "Kim Roar Fold�y Hauge" <ki...@samfunnet.no> kirjoitti:
>On Fri, 3 Jun 2016, John Hardin wrote:
>
>> On Fri, 3 Jun 2016, darxus@chaosreigns.com wrote:
>>
>>> 20160602: Spam or ham is below threshold of 150,000:
>>> http://ruleqa.spamassassin.org/?daterev=20160602
>>> 20160602: Spam: 589792, Ham: 138721
>>
>> We've been hovering *just* below the ham threshold for a week or so
>now.
>>
>> Anyone who can contribute to masscheck please get in touch with Kevin
>
>> McGrail! Non-English ham is especially welcome. Even a little.
>>
>
>I have non-english ham and spam. I sent a mail ages ago about joining
>the
>masscheck. I don't think I got a reply.
>
>The traffic on the server isn't that high, 2500 connections per day.
>Most
>of the mail attempts are blocked by spf, rbl and greylisting. SA does
>however catch 5-10 norwegian UCBM per day, mostly thanks to custom
>rules.
>
If you join, you might relax a bit on rejecting spam, but saving it for masschecks.Thats what I do... I do reject something, but not everything I could. Quite low volume site, but still I think I do provide a considerable part of the ham we have in ruleqa.spamassassin.org. Most of that ham is finnish bulk, but also personal mails from several persons. I rely heavily SA cotegorization, but DO screen all ham and spam myself.
That said, spam is not so important anyway, as we are not short on that. Norwegian spam of course would be really cool!
>>
>> --
>> John Hardin KA7OHZ
>http://www.impsec.org/~jhardin/
>> jhardin@impsec.org FALaholic #11174 pgpk -a
>jhardin@impsec.org
>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873
>2E79
>>
>-----------------------------------------------------------------------
>> From the Liberty perspective, it doesn't matter if it's a
>> jackboot or a Birkenstock smashing your face. -- Robb Allen
>>
>-----------------------------------------------------------------------
>> 3 days until the 72nd anniversary of D-Day
>>
>>
--
L�hetetty Android-laitteestani K-9 Maililla. Pahoittelut v�h�sanaisuudestani.
Re: Rule updates are too old - 2016-06-03
Posted by Kim Roar Foldøy Hauge <ki...@samfunnet.no>.
On Fri, 3 Jun 2016, John Hardin wrote:
> On Fri, 3 Jun 2016, darxus@chaosreigns.com wrote:
>
>> 20160602: Spam or ham is below threshold of 150,000:
>> http://ruleqa.spamassassin.org/?daterev=20160602
>> 20160602: Spam: 589792, Ham: 138721
>
> We've been hovering *just* below the ham threshold for a week or so now.
>
> Anyone who can contribute to masscheck please get in touch with Kevin
> McGrail! Non-English ham is especially welcome. Even a little.
>
I have non-english ham and spam. I sent a mail ages ago about joining the
masscheck. I don't think I got a reply.
The traffic on the server isn't that high, 2500 connections per day. Most
of the mail attempts are blocked by spf, rbl and greylisting. SA does
however catch 5-10 norwegian UCBM per day, mostly thanks to custom rules.
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> From the Liberty perspective, it doesn't matter if it's a
> jackboot or a Birkenstock smashing your face. -- Robb Allen
> -----------------------------------------------------------------------
> 3 days until the 72nd anniversary of D-Day
>
>
--
Kim Roar Foldy Hauge
Event:Presse - The Gathering 2016
webmaster@samfunnet.no
Root@HC,HX,JH,LZ,OT,P,VH