Re: [Exim] Rejecting spam based on a weighted sum of RBL hit…

Página Inicial
Delete this message
Reply to this message
Autor: Alan J. Flavell
Data:  
Para: Exim users list
Assunto: Re: [Exim] Rejecting spam based on a weighted sum of RBL hits.
On Sat, 5 Jun 2004, [iso-8859-2] ?ukasz Grochal wrote:

> The method mentioned in subject has recently been proposed in a
> Polish anti-spam usenet group as an alternative to just rejecting spam
> if sender's IP is listed in some RBL.


Interesting thought. Indirectly, we're already doing that in two
different ways.

For certain combinations of dnsRBLs (roughly speaking: one which
measures technical open-relay capability, and one which measures
actual spam-received) which alone we would not rate for outright
rejection, we still outright-reject if both of them trigger. This
rejection is at the RCPT stage, and thus is relatively low-cost.

What one *should* be wary of, however, is that some of the dnsRBLs
learn from each other, and so it would be a mistake to look for
confirmation of a blacklisting in one by querying another without due
consideration of their listing policy. Only if their criteria are
truly different and independent can the result be of any real
discriminatory value.

But in any case, we toss some spamassassin points into the pot via
extra headers generated in the RCPT ACL and rated by spamassassin. But
of course this only produces its result after spamassassin has run.
And with 4 or more spam offerings per productive mail item (not
counting the sites that we point-blank refuse to speak SMTP to on the
basis of past abuses), it's best to get rid of most of them without
the overhead of spamassassin rating.

> Hope someone will find this useful. And I hope I haven't just
> reinvented the wheel ;>


In this kind of situation, it's not clear that re-inventing wheels is
entirely harmful! If everyone applied the same anti-spam rules, it
would be only too easy for spammers to get around them. In the face
of a blended threat, there's a lot to be said for spammers being
confronted by blended defences, no?