Craig, I don't use any of the Declude WHITELIST features
due to the potential for giving the sender carte blanche access; if a known good
sender is sending crap, I still want to have a chance to block the
crap.
What I do is counterweight.
I create a filter file called, say, CounterWeight.txt and
in the global.cfg I give it zero weight for passing or
failing.
Inside the filter file, I put in lines like
this:
#Feb-01-2006 AC SurveyMonkey.com MAILFROM spoofs the email
address of whomever is sending out the survey invitations
REMOTEIP -10 CIDR 66.179.50.160/27
REVDNS -5 ENDSWITH .surveymonkey.com
REMOTEIP -10 CIDR 66.179.50.160/27
REVDNS -5 ENDSWITH .surveymonkey.com
My preference is to use REMOTEIP tests, then REVDNS, then
HELO, then HEADERS, then MAILFROM for reliablity and antispoofedness.
Likewise, they get decending amounts of negative weight.
Another tip:
I put a test at the top of my CounterWeight file(s)
that aborts processing if I don't want to reward a message with negative weight,
such as if a prior filter test (according to the top-down order in global.cfg)
of mine detected a known virus or junk email that I know I want to block
regardless of whom it came from, e.g.
TESTSFAILED END CONTAINS VIRUSBOUNCE
TESTSFAILED END CONTAINS
COMBOSNIFFER
Andrew 8)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds
Sent: Wednesday, November 08, 2006 10:25 AM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] whitelisting based on rev dns
Importance: High
Sensitivity: ConfidentialHow can I whitelist based on Reverse DNS?
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
