Hello, I don't know the details of what you're trying to do, but it seems aligned with the concept I'd like to implement, so perhaps we could colaborate and help each other.
My main premise is to reduce the number of false negatives, sacrifying (it necessary) the number of false positives (i.e. I prefer to receive more spam instead of loosing one only legitimate mail). I'm also against breaking RFCs, neither disturbing my users. So I had thought about creating some kind of classes and defining different grades of filtering, based upon them. For instance: - I wouldn't set up a global greylist filter, because all my receiving mail is going to be delayed (I guess my users don't like this ;-)) - I wouldn't set up a global REJECT to reverse IPs appearing to be dynamic - I wouldn't set up a global REJECT based on RBL... - *BUT* I would combine any of the former. For instance: "pass all mail appearing to come from a dynamic IP to a greylist filter" I didn't think about the former ideas in depth, but we could discuss it (perhaps offline, for not disturbing this list's users). Another approach could include the IP location (yes, it's hard and in many cases simply impossible to get the *real* location from a given IP). A friend of mine, with his users located at Spain, had success simply white-listing IPs based on Spanish net-blocks (and then I suppose *the rest* of mail was passed through spamassasin with a *very* restrictive and aggressive threshold). Have you implemented something similar or have ideas you'd like to share? Cheers, -r mouss escribió: > Stroller a écrit : >> On 22 Oct 2008, at 12:56, Richard Foley wrote: >>>> ... >>>> spam_ip_regex file: >>>> >>>> /[ax]dsl.*\..*\..*/i 450 AUTO_XDSL Email Rejected. You appear to be >>>> connecting from a Dynamic IP address. >>>> /client.*\..*\..*/i 450 AUTO_CLIENT Email Rejected. You appear to >>>> be connecting from a Dynamic IP address. >>>> /cable.*\..*\..*/i 450 AUTO_CABLE Email Rejected. You appear to be >>>> connecting from a Dynamic IP address. >>>> /dial.*\..*\..*/i 450 AUTO_DIAL Email Rejected. You appear to be >>>> connecting from a Dynamic IP address. >>>> >>> This looks fairly useful. Does anyone else have any experience with this >>> approach, who might be able to offer insight into whether it's valid >>> or not? >> >> My experience is on the butt-end of such filters - they're a sure fire >> way to annoy me if I'm sending you mail. >> >> I run a Postfix server on my home ADSL connection and it is extremely >> frustrating to have mail rejected because of that. The common response >> of admins to complaints about this is "you should use your ISP's mail >> server", but really it is just nice to have a a proper "receipt" for >> emails one has sent. >> > > What I am working on now is this: > > - if name (PTR or helo) looks dynamic, then do: > reject_unknown_helo_hostname > check some DNSBLs (that I don't check for other mail) > more checks (I am still experimenting with this) > - if helo looks dynamic, then be more strict (including > reject_unknown_client). > > The rationale is that some people can't chose their rDNS, but they can > chose their helo. and if it can be done without FPs, then it reduces the > number of DNSBL queries. > > I am still playing with this, and if you can share your reject logs (ip, > rdns, helo), then I would be gratefuL If in addition you are ready to > run a script against other logs (to detect FPs), then it's even better. > contact me offlist if you're willing to participate. >
