spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bowie Bailey <Bowie_Bai...@BUC.com>
Subject Re: RCVD_IN_SORBS_SPAM and google IPs
Date Fri, 09 Sep 2016 13:35:37 GMT
On 9/9/2016 9:24 AM, lists@rhsoft.net wrote:
>
>
> Am 09.09.2016 um 15:20 schrieb Bowie Bailey:
>> On 9/8/2016 6:29 PM, RW wrote:
>>> On Thu, 8 Sep 2016 15:53:00 -0500 (CDT)
>>> Shane Williams wrote:
>>>>
>>>> I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in
>>>> digging deeper, I realize that there are zero hits on this rule for
>>>> the two weeks prior to Aug. 31, and now I'm seeing it thousands of
>>>> times per week (not just against google IPs).
>>>>
>>>> Was this rule added/changed/re-scored in a recent sa-update?
>>> It was commented out for a long time because it had a delisting fee,
>>> but was recently re-enabled.
>>>
>>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=2221#c16
>>
>> Granted, my system is fairly low volume, but out of over 15,000 messages
>> scanned, I have only seen 88 hits for SORBS rules in general and no hits
>> at all for RCVD_IN_SORBS_SPAM.  If there's a problem, I'm not seeing it
>
> depends just on luck
>
> * how many mails came from gmail, yahoo, gmx & friends
> * from which server did they came
>
> sorbs don't list gmail or other freemail providers as a whole, just 
> the nodes which recently was absued by spammers and contacted 
> honeypots or where reported repeatly
>
> you can write the exactly same message to the same RCPT from a 
> freemail provider within 5 seconds and they may hit completly 
> different DNSBL/DNSWL listings

True, only 550 of my messages came from gmail or yahoo.  But if Shane is 
seeing thousands of hits a week, I would expect to see a few -- 
particularly if there is any problem with the SORBS listings or the rule 
definition.

I'm not trying to draw any conclusion, I'm just providing another data 
point.

-- 
Bowie

Mime
View raw message