Am 30.05.2016 um 21:49 schrieb Alex:
Yeah, that's it exactly. Particularly overseas where it doesn't appear NAT and/or submission are used as readily as they are here.with carrier grade NAT and "DS-Lite" aka "public ipv6 but NAT ipv4" becoming more and more common the problem is and will be growing fastSo even though that IP is on virtually every blacklist, you wouldn't add any points? And there's nothing further the user could do to fix the problem, given the dynamic nature of the IP?no, see above with enough blacklists in the scoring for last-external you get the offending mailservers with hacked useraccounts blacklisted fast enough and in many cases faster because the submission ip's of a hacked account are changing fast saw that the very few times it happened for customers of us where the submission clients came from all over the world - because of rate-limiting and a good monitoring of the mailqueue (how many mails are queued to the outside world) it was each time a short enough timeframe to shut down the affected account and avoid blacklisting (some abuse reports answered promptly) so at the end of the day it's enough to check the last-external for good results and not affect innocent clients which got a dynamic adress abused 30 minutes before by a different enduser or by a user sitting behind the same ISP NATSo I created the RCVD_IN_XBL_ALL "deep header" rule and have since reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as part of the default ruleset, which I could of course change, but it's scored 1.3 by default for that same "deep header" IP address. Does that rule deserve some attention to determine whether it should also be reduced by default for the same reason as the SBL/XBL rule?
DUNNO - we disabled all internal RBL's (exepct mailspike) from start because we feed postscreen and spamassassin from the same webinterface with different scores for both but same lists (and some of them are mirrored on the local rbldnsd with different names in the own domain)
signature.asc
Description: OpenPGP digital signature
