Author: Marc Perkel Date: To: W B Hacker CC: exim users Subject: Re: [exim] What's up ith the uceprotect blacklist?
W B Hacker wrote: > At least at one time (I am NOT current) AOL, IIRC was 'claiming to' treat the
> connect-query-abort-without-traffic callout sequence as a probe and blacklisting
> the source. Dunno if they actually *did* do so, but we don't need to find out,
> so ..
>
> OTOH, any 'fixed base' spammer with 'proper' DNS entries, or a DynDNS resolver
> service, can easily configure so as to 'verify' any address queried, hosted or not.
>
> The majority of bogus 'senders' seem to come off of bogus servers, that do NOT
> have these credentials, so forward/reverse lookup, HELO mismatch, and dynamic-IP
> RBL hits - which are at least cached/cachable - are already a pretty good
> indicator.
>
> All manner of hits here are posted to .csv files and/or PgSQL DB table from
> which we generate our own 'recently rude' local BL - not of the whole world, but
> of the ones that have targeted *our* servers.
>
> YMMV,
>
> Bill
>
>
uceprotect is the only one I'm having trouble with now. Since Exim
caches results the callout load isn't unreasonable. Occasionally I need
to white list some servers to get around false positives. Sender
Verification done right is one of my best tools.