Good idea. I'll take a look at adding that. -- Sam Clippinger
Faris Raouf wrote: > Hi Paolo, > > Everybody's opinion of what to use is different but if you would like to > follow what I have done: > > reject-empty-rdns ... Definitely use this > reject-missing-sender-mx ... Definitely use this > reject-unresolvable-rdns ... Hmm...You will get some false positives if you > use this but *personally* I find it solves more problems than it creates. I > would probably not enable it on "mainstream" servers, but would enable it on > "anti-spam hardened" servers. > reject-ip-in-cc-rdns ... I do not use this personally as it would cause too > many false positives for me. > > > I do not use rhsbl's purely because I have not found a good comparison list. > Does anybody have any suggestions? > > With normal RBLs, I always use zen.spamhaus.org and bogons on "mainstream" > servers, and add sorbs and spamcop and maybe a few others to "anti-spam > hardened" servers. > > By "anti-spam hardened" servers, I mean servers whose email users are > willing to put up with some false positives in exchange for very little spam > getting through. And by "mainstream" servers, I mean ones where the users > need to put up with a higher level of spam getting through in order to make > sure there are no, or at least almost no false positives. A typical hosting > server with a large proportion of business customers, for example. > > This is nothing to do with spamdyke but similarly I would use spamassassin > drop/delete scores of 14 on "mainstream" servers, and 8 on "anti-spam > hardened" servers. If you have ever played with your spamassassin settings, > maybe these values will give you an indication of the difference in how > strict these two "types" of installation might be. > > VITAL: On a busy mainstream server, I always use the policy-url option, > linking to a page that explains what is going on and what to do about it, > and who to contact for help. If a legitimate sender gets blocked, and they > are able to read an error message, they will know what it happening and how > to resolve it. > > SAM: To go on the wishlist, please can you add an option where the policy > URL can have the block reason appended in some way (e.g. > www.domain.com/policyurl.php?error=WHATEVER, so that we can point people > directly to the info they need rather than making them match their error > with a list on our policy url page? > > > Remember, these are just what *I* use on our servers. I think they are > optimal. Others will completely disagree. It is down to personal preference. > The best option is to keep an eye on your logs to see how much spam they > block, and try to spot any false positives. Personally I'm very sad and > absolutely love and enjoy watching at maillogs in real time, seeing all the > moronic spammers (and most often compromised consumer PCs if the rDNS is > anything to go by) get blocked. > > > Faris. > > * The Asterisk (Voip) mailing list server has no rDNS. I can't believe it. I > had to whitelist it. It is one of the busiest mailing lists I belong to. The > people who run the mailing list are serious experts in the VoiP arena and > know their coding inside out, yet their mailserver has no rDNS. I did > politely email them to let them know, but I've not heard back :-) Anyway, it > does show how legitimate senders do sometimes have no rDNS, and how you will > sometimes have to whitelist. > > >> Paolo wrote: >>> Hello everybody, >>> >>> I hope this is not a FAQ , I'd like to know if there is some reason >> to >>> prefer rbl to rhsbl . >>> >>> Wouldn't it be nice to write down a list of options with explained >> how >>> much is the risk of rejecting good mail ? >>> >>> for example in my configuration I've not enabled these options and >> would >>> like to know if they could generate many false positive: >>> >>> reject-empty-rdns >>> reject-missing-sender-mx >>> reject-unresolvable-rdns >>> reject-ip-in-cc-rdns >>> >>> >>> Maybe it could be useful to make a survey of people's enabled options >>> and most used rbl ? >>> >>> Thank you >>> Ciao >>> Paolo >>> > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
