Hi SA fellows, I sometimes disagree with whitelists such as DNSWL_MED, chaosreigns.com/iprep/ or JMF-WHITE. There are 2 main issues:
1) Less often recently, but I did see freemail MTA IPs from Google, Yahoo! and other big players showing up on whitelists. Considering the amount of spam coming in from the networks of Google and Yahoo! I definitely do not want their IPs on whitelists, ever. 2) What's currently more annoying are colleagues of mine operating large mail servers (tu-graz.ac.at and ethz.ch are 2 examples) who forward their former users' mail to external addresses without prior filtering. Thus, we see spam coming from their (otherwise) trustworthy network. They are whitelisted (in this case by JMF-WHITE and DNSWL_MED) which (would) lead to false negatives. Moreover, it renders our statistical analyses useless for their IPs. There might be legal requirements explaining why they do forward spam. However, I still don't agree with the whitelists, then. For now, there are not that many cases, so I can work around them manually. Basically, I am using header __AS_FROM_2BIG Received =~ /\.(obsmtp|google|mac|yahoo)\.com/ header __AS_FROM_WHITE Received =~ /\.(tu-graz\.ac\.at|ethz\.ch)/ meta AS_DNSWL_NEUTRAL (RCVD_IN_DNSWL_MED && (__AS_FROM_2BIG || __AS_FROM_WHITE)) meta AS_IPREP_NEUTRAL (RCVD_IN_IPREPDNS_100 && (__AS_FROM_2BIG || __AS_FROM_WHITE)) meta AS_JMFW_NEUTRAL (RCVD_IN_JMF_W && (__AS_FROM_2BIG || __AS_FROM_WHITE)) Any better ideas? Should I file complaints? Simply report my colleagues MTAs? -- -- Andreas :-)
