Re: [exim] My DNS Spam and White Lists are Ready for Testing

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marc Perkel
Date:  
À: Chris Lear
CC: exim-users
Sujet: Re: [exim] My DNS Spam and White Lists are Ready for Testing


Chris Lear wrote:
> * Marc Perkel wrote (22/07/06 05:27):
>
>> Ok - so here it is. Give it a try and tell me what you think. Here's the
>> instructions on how to use my black list, white list, and yellow list.
>>
>> http://wiki.ctyme.com/index.php/Spam_DNS_Lists
>>
>> And - after you start using it I'm looking for a few good people to feed
>> information back into the system to make it better. This is working for
>> me. But - we will see if it works for anyone else.
>>
>> These lists can be the biggest breakthrough in email processing in
>> years. The power of this system isn't just in the black list. The real
>> power is in the white lists and it's ability to reduce false positives
>> in your existing black lists.
>>
>> So - try it out and let me know.
>>
>>
>
> I've been giving it a try, and logging hits for black, white and yellow
> lists before my existing blacklists and content scans.
>
> Like a few other people, I'm a bit unclear about the value of the yellow
> list. I'm not sure I'd want to use it to bypass my existing blacklists
> (I'd rather risk false positives in spamhaus or whatever than let mail
> through because one of the listed servers once sent ham). And I'm not
> sure what other purpose it serves.
>
> The blacklist seems to be about as good as sbl-xbl.spamhaus.org, except
> it has false positives. Eg this one, which is one of the mx's of the
> European Bank for Reconstruction and Development:
> H=mx1.ebrd.com [193.128.202.111] Warning: black - dnsbl - mx1.ebrd.com
> [193.128.202.111]
>
> The whitelist seems to be OK, and if I could rely on it 100% it could
> save some content scanning effort. But in my very small test, I had only
> 3 hits: one google server, one blackberry server, and
> sesame.csx.cam.ac.uk. On the other hand, some major bank servers
> (citigroup and state street for example) are listed as yellow. So the
> white list doesn't suit my (admittedly niche) purposes.
>
> Chris
>



It would work better if I had more data to work with. Right now a yellow
listing might eventually turn into a white listing once I get enough ham
messages from that host. Yellow doesn'r mean it's sending some spam - I
should clarify this - is means it's not had enough ham to make the
whitelist yet. But it would be enough to prevent it from being blacklisted.

I'm trying to get this developed enough that sharper people than me will
take off with the idea and do it right.