Re: [exim] My DNS Spam and White Lists are Ready for Testing

Góra strony
Delete this message
Reply to this message
Autor: Chris Lear
Data:  
CC: exim-users
Temat: Re: [exim] My DNS Spam and White Lists are Ready for Testing
* Marc Perkel wrote (24/07/06 16:27):
>
> Chris Lear wrote:
>> * Marc Perkel wrote (22/07/06 05:27):
>>
>>> Ok - so here it is. Give it a try and tell me what you think. Here's the
>>> instructions on how to use my black list, white list, and yellow list.
>>>
>>> http://wiki.ctyme.com/index.php/Spam_DNS_Lists
>>>
>>> And - after you start using it I'm looking for a few good people to feed
>>> information back into the system to make it better. This is working for
>>> me. But - we will see if it works for anyone else.
>>>
>>> These lists can be the biggest breakthrough in email processing in
>>> years. The power of this system isn't just in the black list. The real
>>> power is in the white lists and it's ability to reduce false positives
>>> in your existing black lists.
>>>
>>> So - try it out and let me know.
>>>
>>>
>>
>> I've been giving it a try, and logging hits for black, white and yellow
>> lists before my existing blacklists and content scans.
>>
>> Like a few other people, I'm a bit unclear about the value of the yellow
>> list. I'm not sure I'd want to use it to bypass my existing blacklists
>> (I'd rather risk false positives in spamhaus or whatever than let mail
>> through because one of the listed servers once sent ham). And I'm not
>> sure what other purpose it serves.
>>
>> The blacklist seems to be about as good as sbl-xbl.spamhaus.org, except
>> it has false positives. Eg this one, which is one of the mx's of the
>> European Bank for Reconstruction and Development:
>> H=mx1.ebrd.com [193.128.202.111] Warning: black - dnsbl - mx1.ebrd.com
>> [193.128.202.111]
>>
>> The whitelist seems to be OK, and if I could rely on it 100% it could
>> save some content scanning effort. But in my very small test, I had only
>> 3 hits: one google server, one blackberry server, and
>> sesame.csx.cam.ac.uk. On the other hand, some major bank servers
>> (citigroup and state street for example) are listed as yellow. So the
>> white list doesn't suit my (admittedly niche) purposes.
>>
>> Chris
>>
>
>
> It would work better if I had more data to work with.


Yes, indeed. Fair enough.

> Right now a yellow
> listing might eventually turn into a white listing once I get enough ham
> messages from that host. Yellow doesn'r mean it's sending some spam - I
> should clarify this - is means it's not had enough ham to make the
> whitelist yet. But it would be enough to prevent it from being blacklisted.


That clarification is useful. I didn't realise.

>
> I'm trying to get this developed enough that sharper people than me will
> take off with the idea and do it right.


I hope it goes well. I'll be interested to see whether the yellow list
idea takes off. I must admit I'm sceptical at the moment. The whitelist
might be nice if it gets reliable data in. I'm a bit sceptical about
that, too, but if it turns out to be a success I'd use it to cut down on
spamassassin time. Perhaps the way to know it's a success is if spammers
try hard to get listed, and fail.

Chris