Bug 5863 - Rules to allow bypass of blacklist lookups
Summary: Rules to allow bypass of blacklist lookups
Status: NEW
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: unspecified
Hardware: Other All
: P5 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-24 12:47 UTC by Marc Perkel
Modified: 2008-03-24 12:47 UTC (History)
0 users



Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Perkel 2008-03-24 12:47:18 UTC
This suggestion might take some reengineering to accomplish. But I think it will be worth it.

Take this situation. Using forward confirmed rDNS a message is determined to come from yahoo servers. Thus any other network tests on that IP are a waste of resources and can lead to false positives. If the source of the email is yahoo, hotmail, aol, etc. then nothing is gained from doing lookups on that IP address.

Similarly, if the sending host is my bank, wellsfargo.com then it is a good email and no other tests need to be done.

What SA needs is a way to process certain rules so that if the rule matches then it can disable checking of other network DNS lookup rules.

Whitelist lookups for whitelisted IPs or whitelisted host names (FCrDNS) should be able to disable all blacklist rules and lookups.

What I call yellow lists (yahoo, hotmail, gmail) if found should bypass all white and black lists tests because the IP would not yeild and information as to whether or not it is ham or spam.

If this capability were in SA then one could first look up yellow list by name or IP, then look up white lists by name our IP, then look up black lists by name or IP. The result would be far less network lookups and far greater accuracy. Hosts that are white or yellow listed are protected from the effects of being falsely blacklisted.

With this in place then we can build an infrastructure to build and maintain white and yellow lists, improve accurate, improve throughput, and reduce system load and network traffic to blacklists.

I don't know what it will take to make this happen but I'm doing it with Exim rules and it works great. And it would work even better if others adopted this and there were bigger and better lists than what I maintain myself.

More information about this can be found on my wiki.

http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists