On 07/13/2017 10:56 AM, RW wrote:
On Thu, 13 Jul 2017 09:33:04 -0400
Alex wrote:
On Thu, Jul 13, 2017 at 9:29 AM, Charles Amstutz
<charl...@infinitesys.com> wrote:
How do you use lashback? It says that it is free to use for
commercial and non commercial use. How do I set it up?
Drop this into your local.cf or similar:
header RCVD_IN_LASHBACK eval:check_rbl('LASHBACK',
'ubl.unsubscore.com')
I have it as lastexternal:
header RCVD_IN_UNSUBBL eval:check_rbl('ubl-lastexternal', 'ubl.unsubscore.com')
I've found there to be quite a lot of ISP pool addresses in it, so deep
checks are probably unsafe.
I started mine with lastexternal and didn't find much added value over
other major RBLs and since my MTA was blocking mostly with IVM and
Spamhaus RBLs that overlapped Lashback. I also wanted to check outbound
mail where the second or more hop was from an infected device most
likely under botnet control. It would have helped in the OP spam.
I've also found it has quite a high FP rate of ~2%.
I am working with them to fix these FPs (they include major mail
providers like Comcast, Microsoft and Google which are pointless) and
potentially be included in the default SA rules. It's still a valuable
RBL to help with an overall score even with a ~2% FP. I wouldn't score
it too high like you can with Spamhaus and IVM. I also have it at 1.2.
--
David Jones
