Author: W B Hacker Date: To: exim-users Subject: Re: [exim] [OT] How not to filter email
Ted Cooper wrote: > I've recently had a very interesting spam investigation involving the
> ISP of a small business connection running an Exim server.
*snip* (full detail in the archives)
Ted,
Not so 'OT at all. Just one more in a series of oftimes vexing overzealousness,
and one for which I was grateful to see the specifics researched.
However...
I'd suggest not using that RBL as a 'hard reject', but rather to merely add
'demerits' as part of a point-score. IOW - if the connecting host is in the RBL
BUT does 'everything else' - or at least the important stuff - as they should,
I'd do no more than (maybe) flag the traffic as 'Suspect'.
In practice, we don't need to do even that here, as a 'real' backscatter would
probably be blocked by earlier rules, an 'accidental' backscatter rendered
harmless, and the chronically-errant locally LBL'ed. Perhaps 'forever'.
Which saves yet-another RBL lookup...
YMMV, but I believe that it can be 'fixed' at your end more reliably than at
their end, if only because the supply of external fools will always exceed that
of local experts...