Matthew, your MAILPOLICE tests are configured wrong. Those are rhsbl tests, not ip4r
tests. The config lines should read...
MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 10 0
MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 10 0
Bill
-----Original Message-----
From: Matthew Bramble
Sent: Wed, 20 Aug 2003 21:27:15 -0400
Subject: Re: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
I'd also like to share my configuration. We have about 50 E-mail
domains with about 250 users, with many addresses listed in who-is
records and on Web sites, along with "nobody" alias redirection for all
domains. This results in a lot of garbage coming our way. We are
definitely capturing 95%-97% of all the spam currently and our false
reject rate is less than 1-3 in 1000, most of which is automated
delivery messages, with user exceptions being mostly of the variety of
open relay users or that one person that uses Base64 encoding from a
poorly configured server. Unfortunately some addresses get litterally
hundreds of spams a day, often it's their own fault, but they need more
relief than I have been giving them.
I don't have the time to constantly monitor rejected mail (about ~15,000
a week), so we generally kill it at a score of 10 unless we tweak the
settings, in which case we monitor it as I am doing now. I think our
setup even without the Alligate is quite solid after a year of playing
with it occasionally, but it needs more than RFC and blacklist tests to
close the gap that's left. This BONDEDSENDER thing also looks like it
has promise as I found 19 examples today of E-mail that was saved,
probably all of it was ad-related, and some I would probably consider
spam, but not the brutal idiotic stuff that goes to harvested
addresses. I'm going to capture those messages for review since I can
only see the senders now. Anyway, here's teh beef of my config file:
--8<------------------------
SBL ip4r sbl.spamhaus.org
127.0.0.2 10 0
OSSOFT ip4r relays.osirusoft.com
127.0.0.6 10 0
SPAMCOP ip4r bl.spamcop.net
127.0.0.2 10 0
FIVETEN-BULK ip4r blackholes.five-ten-sg.com
127.0.0.4 10 0
MAILPOLICE-BULK ip4r bulk.rhs.mailpolice.com
127.0.0.2 10 0
MAILPOLICE-PORN ip4r porn.rhs.mailpolice.com
127.0.0.2 10 0
OSSRC ip4r relays.osirusoft.com
127.0.0.4 7 0
EASYNET-DNSBL ip4r blackholes.easynet.nl 127.0.0.2
7 0
EASYNET-PROXIES ip4r proxies.blackholes.easynet.nl
127.0.0.2 7 0
FIVETEN-SPAMSUPPORT ip4r blackholes.five-ten-sg.com
127.0.0.7 7 0
FIVETEN-MISC ip4r blackholes.five-ten-sg.com
127.0.0.9 7 0
BLITZEDALL ip4r opm.blitzed.org *
7 0
DSBL ip4r list.dsbl.org *
5 0
MONKEYPROXIES ip4r proxies.relays.monkeys.com *
5 0
OSFORM ip4r relays.osirusoft.com
127.0.0.8 5 0
OSPROXY ip4r relays.osirusoft.com
127.0.0.9 5 0
FIVETEN-SPAM ip4r blackholes.five-ten-sg.com
127.0.0.2 5 0
FIVETEN-MULTISTAGE ip4r blackholes.five-ten-sg.com
127.0.0.5 5 0
FIVETEN-SINGLESTAGE ip4r blackholes.five-ten-sg.com
127.0.0.6 5 0
FIVETEN-FREE ip4r blackholes.five-ten-sg.com
127.0.0.12 5 0
MONKEYFORMMAIL ip4r formmail.relays.monkeys.com *
4 0
ORDB ip4r relays.ordb.org *
4 0
OSDUL ip4r relays.osirusoft.com
127.0.0.3 4 0
OSRELAY ip4r relays.osirusoft.com
127.0.0.2 4 0
OSSMART ip4r relays.osirusoft.com
127.0.0.5 4 0
V6NET ip4r spammers.v6net.org
127.0.0.2 4 0
OSLIST ip4r relays.osirusoft.com
127.0.0.7 2 0
DSN rhsbl dsn.rfc-ignorant.org
127.0.0.2 1 0
NOABUSE rhsbl abuse.rfc-ignorant.org
127.0.0.4 1 0
NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org
127.0.0.3 1 0
BONDEDSENDER ip4r query.bondedsender.org
127.0.0.10 -20 0
MAILFROM envfrom x x 7 0
ROUTING spamrouting x x 7 0
HELOBOGUS helovalid x x 5 0
SPAMHEADERS spamheaders x x 5 0
BADHEADERS badheaders x x 3 0
BASE64 base64 x x 3 0
PERCENT percent x x 2 0
IPNOTINMX ipnotinmx x x 0 -2
ALLIGATE external nonzero
"C:\IMail\Alligate\NoXMail.exe" 3 0
WEIGHT10 weight x x 10 0
-->8------------------------
I believe some of these tests are not catching anything and could be
removed. Comments and questions are welcome.
Matt
Keith Johnson wrote:
>Rob,
> If you don't mind sharing, what config settings do you use for
>Alligate..
>
>Keith
>
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
