spamassassin-dev April 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: [Bug 6568] New: Evaluate Spamhaus Whitelist

[Bug 6568] New: Evaluate Spamhaus Whitelist

From: <bugzilla-daemon_at_nospam>
Date: Sun Apr 03 2011 - 02:23:14 GMT

           Summary: Evaluate Spamhaus Whitelist
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules (Eval Tests)

I've been using these since December 2010. Very low hit rate. 2 out of 935
hams in March. 1/824 in February. 0/733 in January. No spam hits in my false
negatives, although I was deleting everything flagged as spam.
Listed IPs (2 were from emails from the same person): RCVD_IN_SWL_INDIV RCVD_IN_SWL_TRANS_TEMP RCVD_IN_SWL_INDIV

"senders vetted to the Spamhaus Whitelist are extremely unlikely to transmit
spam, there is no reason to put any type of spam filter either in front of or
after the whitelist"
So I guess they're saying these should all have a very large negative score.
Although later it says this is only valid with a DKIM signature. So maybe
small scores with these rules alone, and large negative scores if these hit in
combination with passing DKIM.

ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_SWL eval:check_rbl('swl-firsttrusted', '')
tflags __RCVD_IN_SWL nice net

header RCVD_IN_SWL_INDIV eval:check_rbl_sub('swl-firsttrusted', '')
describe RCVD_IN_SWL_INDIV Sender listed at,
tflags RCVD_IN_SWL_INDIV nice net

header RCVD_IN_SWL_TRANS eval:check_rbl_sub('swl-firsttrusted', '')
describe RCVD_IN_SWL_TRANS Sender listed at,
tflags RCVD_IN_SWL_TRANS nice net

header RCVD_IN_SWL_INDIV_TEMP eval:check_rbl_sub('swl-firsttrusted',
describe RCVD_IN_SWL_INDIV_TEMP Sender listed at, individual temporary
tflags RCVD_IN_SWL_INDIV_TEMP nice net

header RCVD_IN_SWL_TRANS_TEMP eval:check_rbl_sub('swl-firsttrusted',
describe RCVD_IN_SWL_TRANS_TEMP Sender listed at, transactional temporary
tflags RCVD_IN_SWL_TRANS_TEMP nice net

score RCVD_IN_SWL_INDIV 0 -2.3 0 -2.3
score RCVD_IN_SWL_TRANS 0 -5 0 -5
score RCVD_IN_SWL_INDIV_TEMP 0 -0.1 0 -0.1
score RCVD_IN_SWL_TRANS_TEMP 0 -0.1 0 -0.1

Maybe it would be better to do them all as a single rule, since the hit rate is
so low:

header RCVD_IN_SWL_INDIV eval:check_rbl('swl-firsttrusted',
describe RCVD_IN_SWL_INDIV Sender listed at
tflags RCVD_IN_SWL_INDIV nice net

-- Configure bugmail: ------- You are receiving this mail because: ------- You are the assignee for the bug.