Charles Gregory wrote:
On Fri, 18 Dec 2009, Christian Brel wrote:
On he subject of Spammy whitelists...
* -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
low
* trust
* [212.159.7.100 listed in list.dnswl.org]
Yet the same IP is on and off SORBS and part of an ongoing spam
problem. Perhaps this can be reviewed and given a zero score by default?
I see these from time to time. This is what gave rise to my intial
inquiry about the frequency with which whitelited servers are hacked.
Ideally, the whitelist should have a mechanism for temporarily
suspending IP's that have been hacked. Perhaps running a check of their
list against internet blacklists would help? If a spammer gets an IP
blacklisted, at the least DNSWL and HABEAS should make note of this and
remove the IP....
Or we could have the whitelist rules in a meta such that they only hit
when a blacklist rule doesn't, if this is a common enough problem. It
might also allow people to get past the high negative score for the
whitelists.
