On Mon, 2003-06-02 at 00:32, Justin Shore wrote:
> I noticed a problem just now that I really hadn't though about before. I
> recently added a number of DNSBLs to my sa-mimedefang.cf that weren't in
> the stock SA (2.6.0-cvs).
>
> proxy.relays.osirusoft.com
> socks.relays.osirusoft.com
> all of blackholes.us's country zones, not providers
> 7 SORBS BLs
> proxies.relays.monkeys.com
> proxies.blackholes.easynet.nl
> dynablock.blackholes.easynet.nl
> multihop.dsbl.org
> dialups.visi.com
>
> I noticed a reply that was apparently sent to a reply someone sent me on
> the Procmail list. I couldn't seem to find that reply for some reason.
> I checked my >= spambox and found it. That message received a score of
> 5.787. It received .6 for being in the ORSS, 1 for being in the NJABL,
> and 1 for being in dialups.visi (1 is the score I used for all the BLs I
> added). His IP was listed in those lists as a dialin IP. He effectively
> received a score of 2.6 just for being a dialin user and not SmartHosting
> to his provider's MTA. He also received 3.3 for a Forged Outlook MUA rule
> which I haven't sorted out yet (stock rule and score).
>
> This got me wondering. Is it a bad idea to call more than 1 DNSBL of a
> given type? For example, would it be wise querying 4 direct-to-MX BLs, 4
> proxy lists, 5 open relay lists, etc? I'm wondering if there's a better
> way to handle this. For example, group all direct-to-mx lists together.
> Query the first. If it matches, skip the rest. If it doesn't match,
> query the next. So on and so forth for the rest of the lists until the
> end. Is that a more logical way to handle it?
>
Call them all and use a meta || rule for the score, or call and score
them all then use a meta && rule to subtract some score back off, that's
what I'm doing here
meta Z_OPEN_PROXY (X_OSIRU_OPEN_PROXY || X_OSIRU_OPEN_SOCKS ||
X_MONKEYS_OPEN_PROXY)
describe Z_OPEN_PROXY Host is an open proxy server
score Z_OPEN_PROXY 1.4
Of course I could be totally wrong, but it works for me.
Yet again I could be totally wrong about this, but I think you're
wasting a lookup by querying proxies.relays.osirusoft.com, spamassassin
already did RCVD_IN_OSIRUSOFT_COM for you so all you need to do is
rbleval:check_rbl_results_for('osirusoft', '127.0.0.9')
I can't get to osirusoft website right now to check but istr something
like:-
127.0.0.2 = open relay
127.0.0.3 = dialup
127.0.0.4 = spam source
127.0.0.5 = smart host
127.0.0.6 = mirror of spamhaus.org/spamsites.org
127.0.0.7 = non-confirm mailing lists
127.0.0.8 = insecure formmail
127.0.0.9 = open proxy
as I said, I could be wrong, shouldn't be difficult to check when the
website comes back up.
Dave
> Justin
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: eBay
> Get office equipment for less on eBay!
> http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
> _______________________________________________
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
--
Scanned by MailScanner at wot.no-ip.com
-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
