Re: RP_MATCHES_RCVD

[Niamh Holding <ni...@fullbore.co.uk>]

Hello Reindl,

Friday, September 5, 2014, 7:37:18 AM, you wrote:

RH> RP_MATCHES_RCVD removed 1.7 points

RH> is that not a little too much?

Now running at 2.1 :(

-- 
Best regards,
 Niamh                            mailto:niamh@fullbore.co.uk

Re: RP_MATCHES_RCVD

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

>>>>RH> RP_MATCHES_RCVD removed 1.7 points

>>On 11.05.16 16:29, Reindl Harald wrote:
>>>which proves again how badly auto-qa works and why you need to adjust
>>>some rules up to remove them eniterily with a zero score

>Am 11.05.2016 um 16:34 schrieb Matus UHLAR - fantomas:
>>afaik, auto-qa scores _are_ justified, just some are missed from this...

On 11.05.16 16:42, Reindl Harald wrote:
>rules like this need a way lower max-score

which is just what I have said. 

>>>/etc/mail/spamassassin/local-*.cf
>>>score RP_MATCHES_RCVD -0.001
>>
>>you can easily turn off that one (set to 0), I did.
>>There's __RP_MATCHES_RCVD that has to be used in metas.
>>
>>the fact that spam comes from compromised account doesn't mean it's less
>>spam ...
>
>looks like you don't understand what this rule does
>Envelope sender domain matches handover relay domain
>
>it's a *whitelistng rule*
>
>"the fact that spam comes from a domain where the PTR has the same 
>doesn't mean it's less spam" is the fixed version of your sentecne 

which is (in fact) just what I have said...

"spam from account@example.com is not less spam just because it's sent from
compromised account on example.com mailserver"

The mentioned rule just makes sending spam from compromised accounts on
companies' mailservers, which is quite common.

... and if someone wants to have this rule in metas, there's
__RP_MATCHES_RCVD that doesn't mess up score for spam

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*

Re: RP_MATCHES_RCVD

[Reindl Harald <h....@thelounge.net>]

Am 11.05.2016 um 16:34 schrieb Matus UHLAR - fantomas:
>> Am 11.05.2016 um 16:14 schrieb Niamh Holding:
>>> Friday, September 5, 2014, 7:37:18 AM, you wrote:
>>>
>>> RH> RP_MATCHES_RCVD removed 1.7 points
>>>
>>> RH> is that not a little too much?
>>>
>>> Now running at 2.1 :(
>
> On 11.05.16 16:29, Reindl Harald wrote:
>> which proves again how badly auto-qa works and why you need to adjust
>> some rules up to remove them eniterily with a zero score
>
> afaik, auto-qa scores _are_ justified, just some are missed from this...

rules like this need a way lower max-score

>> [root@mail-gw:~]$ sa-score.sh RP_MATCHES_RCVD
>> /usr/share/spamassassin
>>
>> /var/lib/spamassassin/3.004001/updates_spamassassin_org
>> score RP_MATCHES_RCVD                       -1.643 -2.079 -1.643 -2.079
>>
>> /etc/mail/spamassassin/local-*.cf
>> score RP_MATCHES_RCVD -0.001
>
> you can easily turn off that one (set to 0), I did.
> There's __RP_MATCHES_RCVD that has to be used in metas.
>
> the fact that spam comes from compromised account doesn't mean it's less
> spam ...

looks like you don't understand what this rule does
Envelope sender domain matches handover relay domain

it's a *whitelistng rule*

"the fact that spam comes from a domain where the PTR has the same 
doesn't mean it's less spam" is the fixed version of your sentecne above

Re: RP_MATCHES_RCVD

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

>Am 11.05.2016 um 16:14 schrieb Niamh Holding:
>>Friday, September 5, 2014, 7:37:18 AM, you wrote:
>>
>>RH> RP_MATCHES_RCVD removed 1.7 points
>>
>>RH> is that not a little too much?
>>
>>Now running at 2.1 :(

On 11.05.16 16:29, Reindl Harald wrote:
>which proves again how badly auto-qa works and why you need to adjust 
>some rules up to remove them eniterily with a zero score

afaik, auto-qa scores _are_ justified, just some are missed from this...

>[root@mail-gw:~]$ sa-score.sh RP_MATCHES_RCVD
>/usr/share/spamassassin
>
>/var/lib/spamassassin/3.004001/updates_spamassassin_org
>score RP_MATCHES_RCVD                       -1.643 -2.079 -1.643 -2.079
>
>/etc/mail/spamassassin/local-*.cf
>score RP_MATCHES_RCVD -0.001

you can easily turn off that one (set to 0), I did.
There's __RP_MATCHES_RCVD that has to be used in metas.

the fact that spam comes from compromised account doesn't mean it's less
spam ...
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...

Re: RP_MATCHES_RCVD

[Reindl Harald <h....@thelounge.net>]

Am 11.05.2016 um 16:14 schrieb Niamh Holding:
> Hello Reindl,
>
> Friday, September 5, 2014, 7:37:18 AM, you wrote:
>
> RH> RP_MATCHES_RCVD removed 1.7 points
>
> RH> is that not a little too much?
>
> Now running at 2.1 :(

which proves again how badly auto-qa works and why you need to adjust 
some rules up to remove them eniterily with a zero score

[root@mail-gw:~]$ sa-score.sh RP_MATCHES_RCVD
/usr/share/spamassassin

/var/lib/spamassassin/3.004001/updates_spamassassin_org
score RP_MATCHES_RCVD                       -1.643 -2.079 -1.643 -2.079

/etc/mail/spamassassin/local-*.cf
score RP_MATCHES_RCVD -0.001