Re: [exim] Integrating URI Blacklists into Exim

On Thu, 18 May 2006, Johann Spies wrote:

> I have so far considered spamassassin's approach to blacklist as a
> safer option. As I understand it that a single rule in Spamassassin
> is not supposed to allocate enough points to categorise the mail as
> spam.

You have the choice!

But this idea is not exclusive to spamassassin. We have some
RCPT-time ACLs which are designed to reject mail only if a certain
combination of factors occurs together.

Considering the comparative overhead involved in accepting DATA and
feeding it to spamassassin, it seems to me that if one can, with good
confidence, reject an item at an earlier stage (e.g RCPT), then it's
good to do so. (Although I know that not everyone is of that
opinion.)

> It should be a combination of factors.

When we started using spamassassin's URIBL features with their
standard scores, someone sent me a bona fide mail which mentioned a
single URL that just happened to be listed in pretty much every one of
the URIBL lists. The score for each of them was quite small, but in
aggregate they pushed the score over 8.0 and the mail was rejected,
even though there was no other feature in the mail that categorised it
as spam.

I revised the URIBL scoring with some META definitions so that,
although a URL being listed in more URIBLs would still raise the score
somewhat, it was less than additive, and could never go over 8.0 for
that cause alone.

> How would you ensure that bona fide email does not get rejected by
> Exim using URI blacklists?

"Ensure" is a strong word. This whole activity is inevitably a
compromise. But mail delivery is not guaranteed. As long as there is
a positive rejection during the SMTP transaction (not just dropping
mail silently into a black hole, which in my opinion is an appalling
thing to do), then the occasional false positive is something that the
world has to learn to live with. Naturally, one tries to minimise
their occurrence!

best