You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Marc Perkel <ma...@perkel.com> on 2009/10/05 17:47:26 UTC

Hostkarma White list Updated and Improved

In the last week I've put a lot of effort into improving the accuracy of 
my white lists. Especially for those of you who are critical of the 
accuracy of hostkarma white list I'd like you all to test it now and 
tell me how it works now. I have to admit that I have been less 
motivated in the past about getting the white list right than the black 
list because people complain a lot more about good email getting blocked 
than bad email getting through.

Also looking for suggestions about how to make my white list bigger and 
better.

One thing that is different about my white lists is that it is supposed 
to be only sites that send good email. Most other white lists are just 
for keeping IPs off of black lists. Our white list is supposed to be a 
source of pure good email. So if spam comes for any of the white listed 
IPs then it's an error. Sites like yahoo, gmail, hotmail, etc. would be 
on our yellow list because they send mixed spam/ham email.

Re: Hostkarma White list Updated and Improved

Posted by Marc Perkel <ma...@perkel.com>.


Jon Trulson wrote:
> On Mon, 5 Oct 2009, Marc Perkel wrote:
>
>>
>>
>> John Hardin wrote:
>>> On Mon, 5 Oct 2009, Marc Perkel wrote:
>>>
>>>> Our white list is supposed to be a source of pure good email. So if 
>>>> spam comes for any of the white listed IPs then it's an error.
>>>
>>> Whose? Yours or theirs?
>>>
>>> Meaning: is a single spam reason for an IP to be dropped from the 
>>> hostkarma whitelist?
>>>
>> It depends on what kind of spam it is. If it is a virus generated 
>> spam - then yes. If it's a spam determined by message content - no.
>>
>
>   Sorry if I missed this in the thread, but how do you determine
>   whether a spam originates from a bot-net vs. a 'lone wolf'?
>
>
A combination of several factors including hitting my tarbaby server AND 
not using QUIT to close the connection AND some HELO sins. I'm catching 
near 100% of botnet spam.

Re: Hostkarma White list Updated and Improved

Posted by Jon Trulson <jo...@radscan.com>.

On Mon, 5 Oct 2009, Marc Perkel wrote:

>
>
> John Hardin wrote:
>> On Mon, 5 Oct 2009, Marc Perkel wrote:
>> 
>>> Our white list is supposed to be a source of pure good email. So if spam 
>>> comes for any of the white listed IPs then it's an error.
>> 
>> Whose? Yours or theirs?
>> 
>> Meaning: is a single spam reason for an IP to be dropped from the hostkarma 
>> whitelist?
>> 
> It depends on what kind of spam it is. If it is a virus generated spam - then 
> yes. If it's a spam determined by message content - no.
>

   Sorry if I missed this in the thread, but how do you determine
   whether a spam originates from a bot-net vs. a 'lone wolf'?


-- 
"I drank what?"                      | Jon Trulson
    -Socrates                         | mailto:jon@radscan.com
                                      | A828 C19D A087 F20B DFED
                                      | 67C9 6F32 31AB E647 B345

Re: Hostkarma White list Updated and Improved

Posted by Marc Perkel <ma...@perkel.com>.


John Hardin wrote:
> On Mon, 5 Oct 2009, Marc Perkel wrote:
>
>> Our white list is supposed to be a source of pure good email. So if 
>> spam comes for any of the white listed IPs then it's an error.
>
> Whose? Yours or theirs?
>
> Meaning: is a single spam reason for an IP to be dropped from the 
> hostkarma whitelist?
>
It depends on what kind of spam it is. If it is a virus generated spam - 
then yes. If it's a spam determined by message content - no.

Re: Hostkarma White list Updated and Improved

Posted by John Hardin <jh...@impsec.org>.

On Mon, 5 Oct 2009, Marc Perkel wrote:

> Our white list is supposed to be a source of pure good email. So if spam 
> comes for any of the white listed IPs then it's an error.

Whose? Yours or theirs?

Meaning: is a single spam reason for an IP to be dropped from the 
hostkarma whitelist?

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   Vista is at best mildly annoying and at worst makes you want to
   rush to Redmond, Wash. and rip somebody's liver out.      -- Forbes
-----------------------------------------------------------------------
  Approximately 9185280 firearms legally purchased in the U.S. this year