RE: [exim] DNSBLs

On Thu, 24 Mar 2005, David Brodbeck wrote:

> > From: Alan J. Flavell
>
> > Quite some time back it occurred to me that one could categorise
> > two classes of dnsRBL: one class of blacklist indicates that a
> > host is potentially capable of acting as a spam relay (open relay,
> > open proxy etc.) and the other indicates that the host has been
> > actually seen relaying spam (spamcop, spam.sorbs etc.).
>
> That's a rather charitable characterization of Spamcop's listing
> policy.

Alright, then let's say "has been reported as having relayed spam".

The whole point of my posting had been to show a possible way of
avoiding false-positive rejections based on spamcop. That wouldn't
have been necessary if spamcop was an entirely reliable indicator of
spam, after all.

> It's entirely subjective, and it probably wouldn't be that hard for
> someone to forge submissions to get any system they wanted listed.

If they can manage to also get it blacklisted as an open relay, proxy
etc. in one of the lists that we use for the other clause of the test,
then we'd reject. If not, then they rate some points towards SA
rejection. Either way, if there's a mistake then our postmaster and
abuse addresses are almost always available for reports (except for a
very few idiots who chose to spam our postmaster address).

> When this happens, there's no way of getting the system removed,
> either, other than to just wait for it to expire off the list.

Indeed. That's why we use the two separate groups of DNSbl in this
test, and only reject if both of them return "true".

all the best