You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2006/11/26 19:27:20 UTC
[Bug 5209] New: Suggest checking all untrusted addresses against XBL.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5209
Summary: Suggest checking all untrusted addresses against XBL.
Product: Spamassassin
Version: 3.1.7
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Rules (Eval Tests)
AssignedTo: dev@spamassassin.apache.org
ReportedBy: vectro@vectro.org
Today I recieved a piece of spam with the following routing:
Spammer -> Open Proxy (XBL listed) -> Open Relay (unlisted) -> My host
Because spamassassin does not check the XBL except with -lastexternal, and
because the open relay was unlisted, the spam was falsely marked as ham.
Is there a good reason why we only check the XBL against the last connecting
machine? Even if you assume all open relays are listed somewhere, the spammer
can still connect to a closed relay (that is open to the spammer).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5209] Suggest checking all untrusted addresses against XBL.
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5209
------- Additional Comments From jm@jmason.org 2006-11-27 08:31 -------
actually, something along those lines appears to be going on here:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4728
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5209] Suggest checking all untrusted addresses against XBL.
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5209
------- Additional Comments From vectro@vectro.org 2006-11-27 08:20 -------
(In reply to comment #1)
> yes, the measured FP rate was lower.
I suppose that that's because of machines that are infected with rootkits but
are also used by authors of genuine ham.
What if we allowed the perceptron to score XBL-lastexternal and XBL-untrusted
seperately? Just because -lastexternal has greater predictive power doesn't mean
that -untrusted has none.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5209] Suggest checking all untrusted addresses against XBL.
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5209
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From jm@jmason.org 2006-11-26 14:59 -------
'Is there a good reason why we only check the XBL against the last connecting
machine?'
yes, the measured FP rate was lower.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.