Re: [exim] My DNS Spam and White Lists are Ready for Testing

Top Pagina
Delete this message
Reply to this message
Auteur: Ian P. Christian
Datum:  
Aan: Marc Perkel
CC: exim-users
Onderwerp: Re: [exim] My DNS Spam and White Lists are Ready for Testing
Marc Perkel wrote:
> These lists can be the biggest breakthrough in email processing in
> years. The power of this system isn't just in the black list. The real
> power is in the white lists and it's ability to reduce false positives
> in your existing black lists.


My experiences so far.

Since I setup this list on my server a few hours ago, 70 emails have
been received where the sending host was on this list.

Nearly all mail that this blacklist caught was on another blacklist,
mostly sorbs. That's not a bad point, it's just an observation.

There were 4 cases out of the 70 where this list was the only list to
have the sender host on. 2 of these mails were from xe.com, and were
NOT SPAM. This is bad - but the wiki claims '100% accuracy', not quite
there yet :)

2006-07-22 08:30:08 1G4Bve-0004je-1Y H=(helium.xe.com) [216.220.38.19]
Warning: [DNSBL] Delaying because host in dnsbl.junkemailfilter.com
2006-07-22 08:30:14 1G4Bve-0004je-1Y <= list@???
H=(helium.xe.com) [216.220.38.19] P=esmtp S=11613
id=200607220520.k6M5KJN6096278@??? T="Today's Currency Update
(EUR) CUSA4B3447AA9A5"

What systems are in place to see why this email was marked as spam? I
can't see any.

I am not using the whitelist or the yellow list.
I'm a little confused about the whitelist, is there actaully such a
thing as a mail server there *never* sends spam? This whitelist might
contain gmail's mail servers for example, but I still want to content
scan these emails as much as I would any other - but perhaps not
everyone will agree with me there.

As for the yellow list - this is potentially a good idea if it works.
However, the wiki is suggesting that if someone's on the yellow list
then don't bother with any other DNS lists - but... don't forget, one
man's spam is another mans ham.

Another concern of mine is how the list is going to regulate submitions
of spam and ham reports from people. How do you decide who you can
trust to accurately report spam/ham data?

A fast responding system to hosts that only send spam (compromised end
users for example) is defiantly something that's needed as it is
hammering content scanners with stupid amounts of junk at the moment -
however, personally I've pretty much eliminated this problem already
with my own ACLs which will defer mail if a host has sent more then X
points in Y period.

In conclusion - I think that this is a useful list, and has potential,
but it should not be used with ultimate trust, but as part of a scoring
system in your ACLs along with other lists.

Marc, thanks for your hard work - it's another line of defense I'm
willing to use - but I'm not willing to trust it implicitly :)

Kind Regards,

Ian P. Christian ~ http://pookey.co.uk