2221 – remove RCVD_IN_SORBS_SPAM

Bug 2221 - remove RCVD_IN_SORBS_SPAM

Summary: remove RCVD_IN_SORBS_SPAM

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	SVN Trunk (Latest Devel Version)
Hardware:	Other other

Importance:	P2 major
Target Milestone:	2.60
Assignee:	Theo Van Dinter

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-07-13 01:27 UTC by Daniel Quinlan
Modified:	2016-10-23 23:06 UTC (History)
CC List:	6 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
proposed fix	patch			None	Justin Mason
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Quinlan 2003-07-13 01:27:47 UTC

This DNSBL (only this one sub-rule) requires a $50 delisting fee,
so it should be removed or commented out.

Comment 1 Daniel Quinlan 2003-07-13 01:29:03 UTC

Try to fix for 2.60.  Justin/Theo, feel free to finish this off w/o me.
I still have sand in my eyes.  :-/

Comment 2 Theo Van Dinter 2003-07-17 13:20:26 UTC

+1

tis fine by me.  the GA disabled it anyway.

Comment 3 Justin Mason 2003-07-17 13:38:58 UTC

+1 on what, we haven't got a patch ;)
no, seriously, +1 on the trivial 2-line deletion that we're talking about.
I don't think we really need a patch.

Comment 4 Daniel Quinlan 2003-07-17 16:11:49 UTC

Subject: Re:  remove RCVD_IN_SORBS_SPAM

> tis fine by me.  the GA disabled it anyway.

Let's just comment it out rather than deleting it.

Comment 5 Theo Van Dinter 2003-07-18 19:56:28 UTC

after discussion, we'll just set the score to 0 with a disclaimer about the 
removal fee.

also assigning to myself.

Comment 6 Justin Mason 2003-07-22 17:52:16 UTC

Created attachment 1180 [details]
proposed fix

ok, here's a patch to set its score to 0 and note a comment....

Comment 7 Daniel Quinlan 2003-07-22 18:14:46 UTC

works for me

Comment 8 Daniel Quinlan 2003-07-22 18:15:13 UTC

+1 too

Comment 9 Theo Van Dinter 2003-07-24 20:50:08 UTC

committed.

Comment 10 Robert Brooks 2016-08-27 00:31:19 UTC

Can this be reviewed? Current delisting policy does not mention $50 fee...

http://www.sorbs.net/overview.shtml

Performance looks decent...

https://www.intra2net.com/en/support/antispam/blacklist.php_dnsbl=RCVD_IN_SORBS_NR_SPAM.html

Comment 11 Joe Quinn 2016-08-29 13:10:39 UTC

Is there an issue with the current ruleset wrt SORBS? I see a whole block of RBL rules for them that are active in the currently published rules.

Comment 12 AXB 2016-08-29 13:22:01 UTC

(In reply to Joe Quinn from comment #11)
> Is there an issue with the current ruleset wrt SORBS? I see a whole block of
> RBL rules for them that are active in the currently published rules.

Why should there be an issue? what is the problem?

Comment 13 Joe Quinn 2016-08-29 13:25:01 UTC

Not sure, but Robert Brooks is asking that this ticket be reviewed 13 years later.

Comment 14 AXB 2016-08-29 13:27:11 UTC

(In reply to Joe Quinn from comment #13)
> Not sure, but Robert Brooks is asking that this ticket be reviewed 13 years
> later.

ah!!
Probably due to the comment
# delist: $50 fee for RCVD_IN_SORBS_SPAM, others have free retest on request
I'll fix that so ppl can sleep in peace

Comment 15 RW 2016-08-29 16:05:12 UTC

It's not just the comment, the rule itself is commented-out

Comment 16 AXB 2016-08-29 16:47:35 UTC

(In reply to RW from comment #15)
> It's not just the comment, the rule itself is commented-out

Opps  - missed that - fixed
Next masscheck should set the score and we may need to adjust.
Please help watch perfomance and report to dev list

Comment 17 Robert Brooks 2016-08-29 17:35:54 UTC

I added -lastexternal to the rule thus...

header RCVD_IN_SORBS_SPAM      eval:check_rbl_sub('sorbs-lastexternal', '127.0.0.6')

Sorry for the thread necromancy here, I figured the history would help though ;-)

Comment 18 Mark London 2016-09-10 13:05:40 UTC

I had tons (thousands) of false positives, when this was turned on at the start of September.  Others on the spamassassin mailing had similar experiences.   And when it did trigger on a real spam message, others spam rules and DNSBLs had already flagged it as spam.  So at least for me, it's not useful at all.

Comment 19 Robert Brooks 2016-09-10 23:29:25 UTC

I'm not getting good results either.

Certainly not as good as https://www.intra2net.com/en/support/antispam/blacklist.php_dnsbl=RCVD_IN_SORBS_NR_SPAM.html would suggest.

I think they are specifically using new.spam.dnsbl.sorbs.net and recent.spam.dnsbl.sorbs.net (excluding old.spam). I think testing/scoring new.spam may be useful.

Comment 20 jcalvert 2016-10-23 21:47:43 UTC

I am getting RCVD_IN_SORBS_SPAM on emails from Gmail.  Their IPs are listed in SORBS SPAM, SORBS NEW, and CASA CBL block lists.  I am using SA version 3.3.1 on CentOS 6.6.  sa-update is up-to-date.

I see where RCVD_IN_SORBS_SPAM lines were commented out of 50_scores.cf; however "score RCVD_IN_SORBS_SPAM 0" was not added.

Questions...

1) How is RCVD_IN_SORBS_SPAM winding up in the envelope if not being placed there by my server.

2) What is it's score?

3) What is the upshot of Gmail emails being flagged like this?  Is this to be considered a threat to successful delivery of Gmail email?

thanks,
JC

Comment 21 Mark London 2016-10-23 22:12:57 UTC

JC - Updates are placed in /var/lib/spamassassin. The rule is in the following file:

/var/lib/spamassassin/3.004000/updates_spamassassin_org/20_dnsbl_tests.cf

- Mark

Comment 22 jcalvert 2016-10-23 22:52:21 UTC


OK, yes... I should have been looking in /var/lib/spamassassin.

My question now is, why should RCVD_IN_SORBS_SPAM have score set to 0.0 or 0.5?

Why isn't a listing in SORBS SPAM significant?

thanks,
JC

Comment 23 RW 2016-10-23 23:06:48 UTC

(In reply to jcalvert from comment #22)

Your question isn't very clear, but I don't think it's relevant to this bug report. It belong in the user list.