Riccardo Alfieri skrev den 2023-01-11 22:18:
46.183.103.8 is listed because it's an emitter of spam, it has been
PSA: everyone using public mirrors should switch to free DQS
current spamassassin rule sets uses multiple check_rbl where most of
them should be check_rbl_sub to avoid
46.183.103.8 is listed because it's an emitter of spam, it has been
heloing with "host-41.36.37.63.tedata.net" and it is hitting traps. I
could tell you exactly what botnet family these type of heloes comes
from, but I can't. Believe me, that host is infected.
So you have an emitter that is
Riccardo Alfieri skrev den 2023-01-11 18:36:
No.
it checks if an emission is done by an IP that is listed in SBL, and
add 3 points if it is (in our DQS implementation at least). IPs listed
in SBL are deemed "bad" by default, so an emission from them, even if
it's not direct to mx, is bad
No.
it checks if an emission is done by an IP that is listed in SBL, and add
3 points if it is (in our DQS implementation at least). IPs listed in
SBL are deemed "bad" by default, so an emission from them, even if it's
not direct to mx, is bad enough.
If you found an FP I encourage you to
it should only check received last ip, not deeap all ips :/
