Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 172707

Summary: mail-filter/spamassassin-botnet is broken by design
Product: Gentoo Linux Reporter: Blu3 <david+gentoo.org>
Component: Current packagesAssignee: Patrick McLean <chutzpah>
Status: RESOLVED INVALID    
Severity: major    
Priority: High    
Version: 2006.1   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Blu3 2007-03-29 19:33:00 UTC
Please remove mail-filter/spamassassin-botnet from portage.  It is mislabeled.  The tests don't have any significant relevance to botnets, it is purely a DNS/MX dissector.  Simply put this matches the sending host to a cable, dsl, or dialup modem and if found scores it with +5 points.  Additionally, it doesn't pay attention to the authentication verbs in the headers.

5 points is the default cutoff as spam for spamassassin and few people raise it, rather they lower it.

This means that most installations using spamassassin with this ruleset will flag all cable/dsl/dialup users as botnets and bump their score to be at least 5 points.  Combine that with any other smaller values like missing DK, half a point here and there for bayesian stuff or maybe html and you're guaranteed to drop this email.
Comment 1 Patrick McLean gentoo-dev 2007-07-10 18:40:31 UTC
spamassassin-botnet is actually pretty useful, yes it can cause false positives, but generally only on mail servers that don't have a proper reverse DNS (ie ones running on cable/DSL lines without static IP addresses).