Scalability of 'spam.whitelist.rules' facility

Quentin Campbell Q.G.Campbell at newcastle.ac.uk
Mon May 21 11:39:01 IST 2007 

>-----Original Message-----
>From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>bounces at lists.mailscanner.info] On Behalf Of Randal, Phil
>Sent: 21 May 2007 10:49
>To: MailScanner discussion
>Subject: RE: Scalability of 'spam.whitelist.rules' facility
>
>Is there no obvious pattern in the email addresses to be whitelisted?

Phil

Not usually. A large number may be from AOL or Yahoo accounts but I am
not about to whitelist those domains!
 
>
>Or spamassassin rules they are falling foul of?

As I said in my original mail we rely mostly now on the SA Bayesian
filter score. If that gives a low score (<60% certainty, say) but a
local rule pushes the score over the threshold then I will consider
removing/modifying the local rule if its weighting is too aggressive.
 
>
>The problem with whitelisting "From:" email addresses is that this will
>let in spams spoofing these from addresses.

Rarely a problem with individual addresses but a problem if I whitelist
domains such as 'ac.uk'. 

>
>You should only really be using whitelist_from_rcvd,
whitelist_from_spf,
>whitelist_from_dkim etc in spamassassin.

I was not aware of these features in SA. Not sure why they might help?

Have not found SPF particularly useful given the very wide range of
sources from which we receive genuine e-mail many of which do not
advertise SPF records or they use 'softfail' when they do.

>
>Our spam.whitelist.rules only includes 127.0.0.1, nothing more.
>
>It looks like you're trying to work around another problem rather than
>trying to address root causes.

What problems do you think we are trying to address?

The main problem is the rather informal or juvenile nature of the e-mail
formats used by lots of young people corresponding with lots of other
young people. Their messages tend to have some/lots of the
characteristics of spam. That, coupled with the sending ISP perhaps
being listed on one of the DNSBLs used by SA (_not_ the two DNSBLs we
check during the SMTP exchange), makes it more likely that their
messages achieve a score that is over the tagging threshold.

Our recipients can usually set up a personal mail filter to catch mail
from all their usual recipients whether MS tagged it or not. However
they cannot be bothered to do this. Our Helpdesk staff who field all
enquiries/complaints about false positives do not have the time to
investigate each request to whitelist (more than 300 last week); they
just add them to the file (using a web interface and CGI script I
provide).

Quentin 
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           Newcastle University,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------

More information about the MailScanner mailing list