spamassassin-dev April 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: [Bug 6568] New: Evaluate Spamhaus Whitelist

[Bug 6568] New: Evaluate Spamhaus Whitelist

From: <bugzilla-daemon_at_nospam>
Date: Sun Apr 03 2011 - 02:23:14 GMT
To: dev@spamassassin.apache.org

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6568

           Summary: Evaluate Spamhaus Whitelist
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules (Eval Tests)
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: Darxus@ChaosReigns.com
                CC: Darxus@ChaosReigns.com

http://www.spamhauswhitelist.com/en/usage.html

I've been using these since December 2010. Very low hit rate. 2 out of 935
hams in March. 1/824 in February. 0/733 in January. No spam hits in my false
negatives, although I was deleting everything flagged as spam.
Listed IPs (2 were from emails from the same person):

173.10.94.185 RCVD_IN_SWL_INDIV
209.191.158.252 RCVD_IN_SWL_TRANS_TEMP
204.89.241.253 RCVD_IN_SWL_INDIV

"senders vetted to the Spamhaus Whitelist are extremely unlikely to transmit
spam, there is no reason to put any type of spam filter either in front of or
after the whitelist"
So I guess they're saying these should all have a very large negative score.
Although later it says this is only valid with a DKIM signature. So maybe
small scores with these rules alone, and large negative scores if these hit in
combination with passing DKIM.

ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_SWL eval:check_rbl('swl-firsttrusted', 'swl.spamhaus.org.')
tflags __RCVD_IN_SWL nice net

header RCVD_IN_SWL_INDIV eval:check_rbl_sub('swl-firsttrusted', '127.0.2.2')
describe RCVD_IN_SWL_INDIV Sender listed at http://www.spamhauswhitelist.com/,
individual
tflags RCVD_IN_SWL_INDIV nice net

header RCVD_IN_SWL_TRANS eval:check_rbl_sub('swl-firsttrusted', '127.0.2.3')
describe RCVD_IN_SWL_TRANS Sender listed at http://www.spamhauswhitelist.com/,
transactional
tflags RCVD_IN_SWL_TRANS nice net

header RCVD_IN_SWL_INDIV_TEMP eval:check_rbl_sub('swl-firsttrusted',
'127.0.2.102')
describe RCVD_IN_SWL_INDIV_TEMP Sender listed at
http://www.spamhauswhitelist.com/, individual temporary
tflags RCVD_IN_SWL_INDIV_TEMP nice net

header RCVD_IN_SWL_TRANS_TEMP eval:check_rbl_sub('swl-firsttrusted',
'127.0.2.103')
describe RCVD_IN_SWL_TRANS_TEMP Sender listed at
http://www.spamhauswhitelist.com/, transactional temporary
tflags RCVD_IN_SWL_TRANS_TEMP nice net

score RCVD_IN_SWL_INDIV 0 -2.3 0 -2.3
score RCVD_IN_SWL_TRANS 0 -5 0 -5
score RCVD_IN_SWL_INDIV_TEMP 0 -0.1 0 -0.1
score RCVD_IN_SWL_TRANS_TEMP 0 -0.1 0 -0.1
endif

Maybe it would be better to do them all as a single rule, since the hit rate is
so low:

header RCVD_IN_SWL_INDIV eval:check_rbl('swl-firsttrusted',
'^127\.0\.2\.(?:10)?[23]$')
describe RCVD_IN_SWL_INDIV Sender listed at http://www.spamhauswhitelist.com/
tflags RCVD_IN_SWL_INDIV nice net

-- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.