Bug 172707

Summary:	mail-filter/spamassassin-botnet is broken by design
Product:	Gentoo Linux	Reporter:	Blu3 <david+gentoo.org>
Component:	Current packages	Assignee:	Patrick McLean <chutzpah>
Status:	RESOLVED INVALID
Severity:	major
Priority:	High
Version:	2006.1
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Blu3 2007-03-29 19:33:00 UTC

Please remove mail-filter/spamassassin-botnet from portage.  It is mislabeled.  The tests don't have any significant relevance to botnets, it is purely a DNS/MX dissector.  Simply put this matches the sending host to a cable, dsl, or dialup modem and if found scores it with +5 points.  Additionally, it doesn't pay attention to the authentication verbs in the headers.

5 points is the default cutoff as spam for spamassassin and few people raise it, rather they lower it.

This means that most installations using spamassassin with this ruleset will flag all cable/dsl/dialup users as botnets and bump their score to be at least 5 points.  Combine that with any other smaller values like missing DK, half a point here and there for bayesian stuff or maybe html and you're guaranteed to drop this email.

Comment 1 Patrick McLean gentoo-dev

2007-07-10 18:40:31 UTC

spamassassin-botnet is actually pretty useful, yes it can cause false positives, but generally only on mail servers that don't have a proper reverse DNS (ie ones running on cable/DSL lines without static IP addresses).