On Mon, 11 Oct 2021, David B Funk wrote:
On Mon, 11 Oct 2021, Jerry Malcolm wrote:
I am getting tons of emails that are very obviously spam (elongation,
russian beauties, etc) that are getting a -5 score added on the white list
tes
t:
CVD_IN_DNSWL_HIRBL: Sender listed at https://www.dnswl.org/, high trust
I'm curious about the usefulness of a white list that spammers have
obviously been able to defeat. And with the -5.0 score added (subtracted)
in to the total, there's almost no chance for other tests to overcome it
with 10 points to get the score to 5.0
Whaat is the easiest way to disable this 'trusted white list' tester that
is sabotaging so many of my spam scores?
That's one of the several sets of evals derived from the __RCVD_IN_DNSWL test
of the "list.dnswl.org" rbl.
You can disable just the RCVD_IN_DNSWL_HI rule by setting its score to 0
EG: in your local.cf add a like that looks like:
# disable RCVD_IN_DNSWL_HI
score RCVD_IN_DNSWL_HI 0
You can disable the whole kit of rules derived from that rbl by setting the
base rule to 0:
score __RCVD_IN_DNSWL 0
The other thing you should do is to report false-positives to the dnswl.org
site.
See: https://www.dnswl.org/?page_id=17
You first might want to verify that your FPs aren't being generated by some
upstream relay that is is trusted but due to some configuration issue is
"masking" the spam source.
If you put a copy of one of the offending spams in pastebin.com and post the URL
here we can look at it with you to see if we can spot your issue.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
