SpamAssassin - blackhole.securitysage.com

Hi guys,

Is there anyone else getting false possitives in SpamAssasin scores?

It looks like securitysage.com no longer exists! I had to manually comment out the test against blackhole.securitysage.com in SpamAssassins dnsbl_tests file because all recieved mail on our server got 2 added to the spam score by this test.

I have read some articles on this issue and most people recommend that you should stop using this blacklist immediately and permanently. And even if they do get online again, they don’t have a good track record of staying online.

I recommend you to check your spam scores that you don’t get 2 points added to the score due to this test.

Regards,
Leif

I believe RBLs are only a +1, by default, so this would be a bit less dramatic for most folks. I haven’t noticed an increase in my false positives, but it’s probably worth making sure that DNSBL in the SpamAssassin configuration is disabled. If it’s always returning invalid data, it’s just gonna damage the auto-whitelist/blacklist data, and eventually would impact accuracy.

Hi Joe,

Actually all mails got 2 added, like this:
2.0 DNS_FROM_SECURITYSAGE RBL: Envelope sender in
blackholes.securitysage.com

And that is 40% of the total max score.

I got aware of this efter several users complaining about "missing" e-mails.

Also there seems to be some problem with FORGED_MUA_OUTLOOK rule.
Something with MS Outlook Express not identifying it self properly.
I hade to lower the score to 1, (it was adding 3,360) because those using MS Outlook Express got over 3 points added to their score.
And this on top of the Securitysage issue did push the mails "over the edge".

After I made the changes to the rules all is working fine.

I thought maybe there where other users unaware of this.

Regards,
Leif Blafors