|
SA Bugzilla – Full Text Bug Listing |
Summary: | too many DOS_RCVD_IP_TWICE_B ? | ||
---|---|---|---|
Product: | Spamassassin | Reporter: | Pascal <pascal> |
Component: | Rules | Assignee: | SpamAssassin Developer Mailing List <dev> |
Status: | NEW --- | ||
Severity: | minor | CC: | billcole, pascal |
Priority: | P3 | ||
Version: | SVN Trunk (Latest Devel Version) | ||
Target Milestone: | Undefined | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Attachments: | some headers |
Description
Pascal
2022-04-14 11:46:45 UTC
DOS_RCVD_IP_TWICE_B has not changed since 2008. See https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/dos/70_other.cf?r1=627944&r2=627945& That rule depends on specific mail routing details and configuration of local parameters like trusted_networks and internal_networks, so it is impossible to analyze what is causing you to see a lot of hits on that without full sample emails. I do not see a large number of hits on this rule in the systems I work with. However, I do see *some* hits that are on definite ham, resulting from local mail submission on a public address. That's not common but it is also not "wrong" and in this specific case there's a solid reason for it. Looking at RuleQA I see that the rule is fairly reliable and hits a large amount of spam, but it also has substantial hits on ham at most reporting sites (as much as 2.5% of all ham!) and hits only ham at a few. I've limited the score to 2.0 in revision 1899866. I am very reluctant to modify the rule to reduce its hits on ham based solely on the idiosyncratic examples that I have in hand from 1 source. If you have matching non-spam samples that you can share, please attach them to this ticket so that we can (maybe) refer to them and modify the rule to avoid problems. Created attachment 5768 [details]
some headers
|