You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/11/25 14:40:54 UTC
[Bug 5891] Let AWL keep separate records for DKIM-signed and
unsigned mail
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5891
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |FIXED
--- Comment #7 from Mark Martinec <Ma...@ijs.si> 2009-11-25 05:40:51 UTC ---
(In reply to comment #6)
> Mark, you positive adding a awl.signedby column is going to change AWL's life?
>
> Isn't that most of the dkim and spf-signed mail from freemail providers is
> after all coming from a well-defined bunch of net bunches? This would end in a
> co-relation between the signedby field and the ip one. Signedby would then add
> almost nothing to the equation.
Let's keep the awl.signedby optional, as it is now for some time (enabled
by setting the: auto_whitelist_distinguish_signed 1).
I agree there is a strong correlation between an IP address and a signing
domain for direct mail. But it also does help validate some re-routed mail
(forwarding, and non-clobbering mailing lists like the users@spamassassin
or postfix-users). The collected data is also useful for assessing domain
reputations (the code to dynamically do that was in the awl for a while,
but I removed it, as it suffices to collect reputations offline from the
awl database).
> Also, please note that a awl.signedby would make the AWL test a network-based
> one, which actually is not.
Right.
> I do understand AWL needs to adjust for ipv6 addresses. I would also agree it
> could be "squeezed" a bit further. But my very personal thinking about this,
> that is the one of (mostly) a SA user, is that anything is going to break
> existing setups must be worth the troubles.
>
> So, the ipv6 problem do or will exist. Since patching it would require some
> changes to the AWL table structure, I am quite in favor of adding anything can
> squeeze more from AWL. But pardon me, I think a signedby column may at most
> make a difference in border cases.
The IPv6 issues and the configurable net mask length is now tracked by Bug
6203.
> In another bug you opened about AWL I said that detecting the assigned bunch
> address to which a source belongs was unfeasible. Well, that's true, but I
> forgot ASN routes. We can instead use ASN routes to discriminate the source. SA
> already uses the ASN plugin to discover the ASN number related to a source. The
> ASN plugin issues a DNS query to ans.routeviews.org in order to get it, but the
> reply from routeviews.org also contains route netaddress and netmask length...
> So, AWL should store a cidr instead of a fixed-length address. This would at
> least mean adding a column to the AWL table and change somehow the content (and
> possibly the name) of the ip one in order to accomodate a variable-length, IPvX
> network address. This would add a bit of complexity to the AWL code, but I
> believe it is worth the effort. I don't have numbers for this and I really
> would like to. What do you think about it?
It is a good idea worth remembering, indeed the ASN data is already available
(if the plugin is enabled), it would just need to be passed to awl and managed
somehow. Let's leave this for some future version, where awl could be enhanced
into a more general purpose reputation-assessing tool.
I'd just close this ticket for now (3.3.0), but may be reopened later for
some new thoughts on future versions.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.