|
DANGER WILL ROBINSON! Scott, that might not be good newbie advice to implement that config, but thanks for the credit :) I think what Matt should probably look first at what would be how to configure the tests to do lookups from the same domain for all three tests in order to be a tad bit more efficient, and remove possible double tests when using the combo SBL-XBL domain (as you pointed out). Matt, I would first remove CBL and BLITZED tests from your config, they are also in SBL-XBL and you don't want to be scoring them twice. Assuming that you don't score on multiple hops and that you would like to score according to the accuracy of the test in question, I would recommend using the following as a starting point on a system that holds E-mail on a score of 10: SBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 10 0 XBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 7 0 BLITZED ip4r sbl-xbl.spamhaus.org 127.0.0.6 7 0 SBL is 99.9% static sources of spam, but they do have a couple of places listed that probably shouldn't despite their violations, so credit/whitelist when appropriate. XBL and BLITZED are designed to track spam zombies (hijacked computers/open relays), though there will be some static sources listed and things like virus infections can cause XBL to list a legitimate server if it looks like a broadband/DSL IP or has no reverse DNS entry, but they allow anyone to remove any IP with jut a few clicks unless you are a repeat offender. If you would like to score them all the same and you only score on the last hop, you could use the following instead: SBL-XBL ip4r sbl-xbl.spamhaus.org * 7 0 Take note of what Scott pointed out as far as what test equals what other test. Note that the config in that post that Scott linked to are only appropriate for Declude Pro users with multiple hop scanning configured. That is the best way (staggered scoring with multiple hop scanning), but you really need to know what each RBL does and how things work before you approach that. Matt Scott Fisher wrote: SBLl is a subset of SBL-XBL sbl-xbl return code 127.0.0.2 = SBL sbl-xbl return-code 127.0.0.6 = XBL from Blitzed-all sbl-xbl return-code 127.0.0.4 = XBL from CBL The blitzedall + CBL are referred to as the XBLI use some of the ideas laid out by Matt with his configuration. He posted it in early June in this thread: http://www.mail-archive.com/[EMAIL PROTECTED]/msg19062.html Scott Fisher Director of IT Farm Progress Companies[EMAIL PROTECTED] 07/06/04 01:55PM >>>Hello All, I am new to declude and trying to figure all of this out. So far things have been going very well. I have been reading the mail archives and seen a few global.config examples and have pulled a few tests out to run. In my global.config I am running these two tests: SBL-XBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 5 0 SBL ip4r sbl.spamhaus.org * 5 0 Are these basically the same tests? If not, what are the differences between the two? Does anyone have any links to some global.configs that I could look at as well to see where mine might need some adjusting? Thanks. Matt Goodhue CSComputing.biz --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
