You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/03/03 20:06:05 UTC
[Bug 6080] New: new rule: RCVD_IN_SSBL
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6080
Summary: new rule: RCVD_IN_SSBL
Product: Spamassassin
Version: unspecified
Platform: Other
URL: http://www.returnpath.net/internetserviceprovider/blackl
ist/
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Rules
AssignedTo: dev@spamassassin.apache.org
ReportedBy: jdfalk@returnpath.net
please evaluate this additional blacklist rule:
header __RCVD_IN_SSBL eval:check_rbl('ssbl',
'bl.score.senderscore.com.')
describe __RCVD_IN_SSBL IP on Sender Score Blacklist;
https://www.senderscore.org/rtbl/
tflags __RCVD_IN_SSBL net
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6080] new rule: RCVD_IN_SSBL
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6080
--- Comment #5 from Justin Mason <jm...@jmason.org> 2009-03-14 14:42:08 PST ---
fwiw, here's the results:
MSECS SPAM% HAM% S/O RANK SCORE NAME WHO/AGE
0.00000 16.0554 0.0965 0.994 0.90 0.00 RCVD_IN_SSBL
http://ruleqa.spamassassin.org/20090314-r753615 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=753615 )n/RCVD_IN_SSBL/detail
looks pretty good, although not sure about those ham FPs, that'd limit the
score imo. also most of the spam hits are on high-scoring spam already.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6080] new rule: RCVD_IN_SSBL
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6080
J.D. Falk, Return Path <jd...@returnpath.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jdfalk@returnpath.net
--- Comment #2 from J.D. Falk, Return Path <jd...@returnpath.net> 2009-03-03 11:58:21 PST ---
(In reply to comment #1)
> I take it that according to https://www.senderscore.org/rtbl/ deep parsing of
> Received headers is safe? It does seem to potentially include end-user IPs, but
> states to list "large volume sending" IPs only, which should be fine.
Our system does try to figure out if an IP is dynamic, but if an IP hasn't been
sending any spam then we won't list it...so, that /should/ be safe.
> What about the access policy (bottom of the page) here:
> http://www.returnpath.net/internetserviceprovider/blacklist/
>
> All users of the blacklist are required to contribute to the Return Path
> Reputation Data Network.
>
> How is that supposed to work for SA users?
That's primarily intended for sites large enough to need zone transfers; with
SA, we'd be happy to simply get some ad-hoc feedback every now and then.
I can get a formal exception statement written up if you think it's
necessary....
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6080] new rule: RCVD_IN_SSBL
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6080
--- Comment #3 from Karsten Bräckelmann <gu...@rudersport.de> 2009-03-03 12:19:37 PST ---
(In reply to comment #2)
> Our system does try to figure out if an IP is dynamic, but if an IP hasn't
> been sending any spam then we won't list it...so, that /should/ be safe.
Right, that's how I understood the description. Indeed, that should be fine.
I specifically asked to verify the bulk-sending constraint. Other lists do
explicitly list IPs merely /because/ they are end-user IPs not intended to send
mail directly -- which of course is not safe for deep-parsing.
If dynamic / end-user IPs do not get listed in SSBL just for sending direct to
MX mail, *unless* they are sending huge volumes (as per the description), this
should be good for deep-parsing as opposed to last-external only.
> > What about the access policy (bottom of the page) here:
> > http://www.returnpath.net/internetserviceprovider/blacklist/
> That's primarily intended for sites large enough to need zone transfers; with
> SA, we'd be happy to simply get some ad-hoc feedback every now and then.
>
> I can get a formal exception statement written up if you think it's
> necessary....
Hmm, personally I don't think I'm in a position to demand such a statement,
though I sure would like to have one. :) I guess comments in here by Return
Path staff are already quite official... Alternatively it might be worth
clarifying the quoted policy, to specifically talk about rsync users.
Just trying to eliminate any confusion about allowed usage. I for one didn't
understand "all users" as limited to rsync. ;) Thanks for clarifying this,
J.D.
Nice to see the effort and offer. :)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6080] new rule: RCVD_IN_SSBL
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6080
--- Comment #7 from Justin Mason <jm...@jmason.org> 2009-03-16 09:36:05 PST ---
(In reply to comment #6)
> I'm not certain of the appropriate process, but would it make sense to leave
> this in the sandbox and then test it again once the new SSBL is available to
> everyone?
yep -- that should work fine. thanks!
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6080] new rule: RCVD_IN_SSBL
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6080
--- Comment #1 from Karsten Bräckelmann <gu...@rudersport.de> 2009-03-03 11:46:24 PST ---
I take it that according to https://www.senderscore.org/rtbl/ deep parsing of
Received headers is safe? It does seem to potentially include end-user IPs, but
states to list "large volume sending" IPs only, which should be fine.
What about the access policy (bottom of the page) here:
http://www.returnpath.net/internetserviceprovider/blacklist/
All users of the blacklist are required to contribute to the Return Path
Reputation Data Network.
How is that supposed to work for SA users?
Does it actually hold? What about an exception for free queries by SA, similar
to Barracude BRBL? (see bug 5984 comment 1)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6080] new rule: RCVD_IN_SSBL
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6080
--- Comment #6 from J.D. Falk, Return Path <jd...@returnpath.net> 2009-03-16 08:34:16 PST ---
> looks pretty good, although not sure about those ham FPs, that'd limit the
> score imo. also most of the spam hits are on high-scoring spam already.
About what I expected, actually. Thanks for running the test!
We've got a new version in the works, but it's not open for queries yet, so
it'd be difficult to share that with the full SA userbase. It should be
replacing the current SSBL (same zone, same rsync location) within a couple of
months.
I'm not certain of the appropriate process, but would it make sense to leave
this in the sandbox and then test it again once the new SSBL is available to
everyone?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6080] new rule: RCVD_IN_SSBL
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6080
--- Comment #4 from Karsten Bräckelmann <gu...@rudersport.de> 2009-03-03 13:52:35 PST ---
Committed revision 749770 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=749770 ), rules/trunk/sandbox/kb/20_bug_6080.cf
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.