Curtis Maurand put forth on 6/11/2010 7:30 AM: > currently I have in my smtpd_client_restrictions: ... > reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, > permit > > Is flat out rejecting clients on the RBL's considered too agressive? > should I just let spamassassin handle this and score accordingly?
This is purely dnsbl dependent. I've never seen an FP doing straight rejections with any Spamhaus lists. On the flip side, there's only maybe one SORBS list I'd outright block with--too many FPs. Use SORBS for scoring but not outright rejections. There are some really aggressive dnsbls out there today. Generally, the more aggressive they are, the greater the FP rates. For many sites, it's probably best to score with the aggressive dnsbls and only do outright blocking with the conservative ones. An exception to this rule is the ivmSIP dnsbl. It's really aggressive at catching snowshoe but the FP rate is statistically zero. It's one of the best performing dnsbls. It's a paid service though, although I hear the pricing is reasonable. Here's a nice tool that lists most of the currently available dnsbls: http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a24.39.42.58 -- Stan
