Matt wrote:
> I use this to block some spam before wasting CPU power on a message
> with Spamassassin.
>
> # : sbl.spamhaus.org
> deny dnslists = sbl.spamhaus.org
> message = SPAM: rejected because $sender_host_address is in
> the blacklist at $dnslist_domain\n\ ($dnslist_text)
>
> sbl.spamhaus.org rarely ever falses. I have tried xbl.spamhaus.org
> and bl.spamcop.net but both false too much. Is there a way to check
> both blacklists and only block if an IP is in both xbl.spamhaus.org
> and bl.spamcop.net?
>
> Matt
>
Certainly!
We add 'demerit' integers to acl_m variable(s) 'weighting' RBL'S into 3 classes.
most trusted first.
After each test, we check the cumulative score vs thresholds, such that ONE hit
on a high-quality RBL rejects, (ergo with no further checking) ELSE one hit on
each of two or more of those less precise.
This is a way of allowing that even the RBL with the best performance record
cannot always be 100% current.
HTH,
Bill
