spamassassin-users January 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Fwd: Re: Q about short-circuit over ruli

Re: Fwd: Re: Q about short-circuit over ruling blacklisting rule

From: J4 <junk4_at_nospam>
Date: Tue Jan 18 2011 - 16:12:54 GMT

On 01/18/2011 04:20 PM, Martin Gregorie wrote:
> On Tue, 2011-01-18 at 09:00 -0500, Bowie Bailey wrote:
>> On 1/18/2011 4:13 AM, J4 wrote:
>>> I have Dovecot LDA so Sieve might well be a good idea, but I would
>>> like to inform the sender that the Email was dropped as spam, and
>>> avoid backscatter. I don't think I can do this with Sieve/Dovecot LDA.
>> You cannot do this from the delivery agent without creating
>> backscatter. If you want to inform the sender, the only reliable way to
>> do it is to scan the message when it first comes in and simply reject
>> the spam. This way, you never accept the message and the sending system
>> is responsible for notifying the sender that the message did not go through.
> If you're thinking of detecting spam at SMTP time you should consider
> greylisting. When my ISP implemented it the spam I get dropped
> immediately from 80% of my mail to 8%, where its remained ever since.
> After that you can take a view whether you want to:
> - scan the remaining mail at SMTP time (and reject spam as you
> originally described)
> - use SA as an MTA filter and let the recipient's MUA put it in a spam
> folder or bin depending on what the user decides. Or your MTA filter
> could silently bin spam or feed it to Bayes to be learned as spam.
> Your choice: you just can't reject it at this stage.
> - use a procmail recipe to scan mail and either reject spam or pass it
> to the recipient's MUA as above. Use this if you want the recipients
> to have some control over spam recognition, individual Bayes filters,
> etc.
> Martin

    Right - I've moved the SA scanning to the front of postfix, and it
scans accordingly and adds headers.

What is odd, is that :-
    It seems that the AWL white-lists the email addresses that were
black-listed. Additionally, the shortcircuit should have classes these
as blacklisted addresses.
Tue Jan 18 17:07:18 2011 [28825] info: spamd: clean message (-0.1/6.0)
for nobody:5002 in 0.9 seconds, 2231 bytes.
Tue Jan 18 17:07:18 2011 [28825] info: spamd: result: . 0 -

The mysql spamassassin.userpref table has the entry in it:
| username | preference |
| prefid |
| | blacklist_from |
| 19 |

Here is the entry it added to the awl table:
select * from awl;
| username | email | ip | count |
totscore |
| | | 62.58 | 1 | -0.7 |
| nobody | | 62.58 | 7 | -0.7 |

My testing was based on rejecting spam using a blacklist, and now this
test method has been circumvented :D Brought a smile to my face. I
could simply disable AWL for testing purposes...

Q) I would like to understand why a blacklisted address in the userpref
table is overridden. Does anyone know?