Scoring for MAPS

[Frank Bures <li...@chem.toronto.edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I am new to spamassassin, quite old to *NIX administration.  I am in the 
process of testing spamassassin on my new server and replacing my current 
home-brewed antispam measures with it.

I am a subscriber to MAPS DNSBL.

Question:

What are recommended scoring settings for RCVD_IN_MAPS_* ?

Thanks


Frank Bures, Dept. of Chemistry, University of Toronto, M5S 3H6
fbures@chem.toronto.edu
http://www.chem.utoronto.ca
PGP public key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=Frank+Bures
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0 OS/2 for non-commercial use
Comment: PGP 5.0 for OS/2
Charset: cp850

wj8DBQFDncrnih0Xdz1+w+wRAor1AJ0XzMmQGw3bTXP8CBnUCHQ6PuofQwCgzs61
x+caPqrncUjHXztU/1cHC60=
=sfTT
-----END PGP SIGNATURE-----

Re: Scoring for MAPS

[Matt Kettler <mk...@evi-inc.com>]

Kai Schaetzl wrote:
> Matt Kettler wrote on Mon, 12 Dec 2005 17:12:50 -0500:
> 
> 
>>There's all different degrees of trust and more ways to go about it than we can 
>>count here :)
> 
> 
> I think simpler. Either I trust it or not, so either I use it or not. :-)
> 
> Kai
> 

Personally, I have yet to find a single RBL that's sufficiently accurate and FP
free for me to begin to consider it for use as an MTA layer rejection criteria.

But I consider using a RBL for MTA block an act of extreme trust.


FWIW I'd require at least 5 nines of S/O to consider using an RBL as a block.
Ideally I want it's FP rate to be on on the same order of magnitude as mail loss
due to hardware failure on a reasonably redundant server (note: I'm talking
probability of unrecoverable data loss, not percentage of uptime).


The only RBL close to that accurate in the SA testing is XBL. No RBL is 99.999%
accurate, Even XBL is only 99.994% (which rounds to a S/O of 1.000 in SA's
STATISTICS-set1.txt, but if you re-extrapolate the raw numbers it is 272715 spam
hits, 14 nonspam hits, or S/O 0.99994 which is still only 4 nines, not 5)

Re: Scoring for MAPS

[Kai Schaetzl <ma...@conactive.com>]

Matt Kettler wrote on Mon, 12 Dec 2005 17:12:50 -0500:

> There's all different degrees of trust and more ways to go about it than we can 
> count here :)

I think simpler. Either I trust it or not, so either I use it or not. :-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: Scoring for MAPS

[Matt Kettler <mk...@evi-inc.com>]

Kai Schaetzl wrote:
> Matt Kettler wrote on Mon, 12 Dec 2005 16:13:21 -0500:
> 
> 
>>Others would say they trust it explicitly and would 
>>immediately give it 10.0.
> 
> 
> If I trust it I use it at MTA level. My opinion ;-)
>

True, but depending on how you are set up, that may be an even further degree of
trust. If you merely tag/quarantine spam, it's a lot easier to recover a FP if
SA handles it it than if the MTA rejects entirely.

There's all different degrees of trust and more ways to go about it than we can
count here :)

Re: Scoring for MAPS

[Kai Schaetzl <ma...@conactive.com>]

Matt Kettler wrote on Mon, 12 Dec 2005 16:13:21 -0500:

> Others would say they trust it explicitly and would 
> immediately give it 10.0.

If I trust it I use it at MTA level. My opinion ;-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: Scoring for MAPS

[Matt Kettler <mk...@evi-inc.com>]

Frank Bures wrote:
> Hi,
> 
> I am new to spamassassin, quite old to *NIX administration.  I am in the 
> process of testing spamassassin on my new server and replacing my current 
> home-brewed antispam measures with it.
> 
> I am a subscriber to MAPS DNSBL.
> 
> Question:
> 
> What are recommended scoring settings for RCVD_IN_MAPS_* ?
> 
> Thanks

That's *highly* subjective. Some would say MAPS is too aggressive to be worth
any points at all. Others would say they trust it explicitly and would
immediately give it 10.0.

In my opinion, starting 0.5 would be appropriate. I suggest this as safe
starting point to see how much nonspam they end up hitting. After a while if
you're comfortable start nudging it up. I myself would be rather reluctant to go
over half your required_score value unless I was quite impressed with the results.