Loren Wilton wrote:
the last byte of the return is a number from 1-255. This is the hosts
1 means "not only have we never seen ham come from this host, it has
all kinds of danger signals that indicate you shouldn't ever trust
them to do anything useful".
You probably really need one bit somewhere that says "this is a client
PC" or something like that.
If you think about it, the average home PC that is a zombie sends
absolutely nothing but spam to everyone but its owning ISP, so deserves
a 1 rating by your posited rule. But the owning ISP also see actual
legit mail from the clueless owner of the system that has no idea that
the PC is sending zillions of spam messages every second while he is
uploading pictures from his most recent party. So the owning ISP will
want to rate that PC as somewhere between 255 and 2.
There needs to be some way to resolve the fact that one major ISP sees
this as a slightly valid system, but everyone else sees it as absolute
junk.
I think this is already a solved problem.
Most MTAs already have an ability to whitelist local/client IPs. So,
the bit in question wouldn't be necessary. You tell Sendmail, via the
access file, that this is an "OK" block of network addresses, and use
delayed checks for RBLs ... now sendmail wont block those addresses.
With CGP, you tell CGP that it's a "client" address range, and same
thing (or, if you do this via a CGP plugin, then you only submit
messages to the CGP plugin if they're "not trusted").
I would imagine that postfix, qmail, etc., all have similar constructs
... otherwise, they're extremely deficient in their RBL handling.
For SA, if I were to write a plugin for this type of thing, it wouldn't
trigger against IPs that are in my trusted_networks.
