On 2011-06-14 mouss wrote: > Le 14/06/2011 20:35, Ansgar Wiechers a écrit : >> On 2011-06-14 Rich Wales wrote: >>>>> b) rdns for 95.53.111.119 gives >>>>> pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru >>>> >>>> This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges: >>>> http://www.hardwarefreak.com/fqrdns.pcre >>> >>> Additionally, a reliable DNSBL (block list) could be used to detect >>> and block IP addresses which are known spam sources and/or are >>> dynamically assigned. >> >> Personally I prefer policyd-weight (to avoid rejecting valid mails >> because of false positives on a single RBL), but yes. > > non sense.
IBTD. > just because they are a lot doesn't mean they are right. a single zen > hit is more reliable than thousands of hits from arbitrary DNSBLs. You may want to take an actual look at the DNSBLs policyd-weight uses. > policyd-weight is nice. use it if you think it is the right tool for > you. but for the sake of whatever you like: keep that for yourself > unless you have real (mathematical) argments. My rationale is that no matter how reliable a single source is, they can still be wrong at times. Getting a second opinion helps mitigating these cases. The false negative rate is probably somewhat higher with this setup, but I consider a limited amount of false negatives far more tolerable than a single false positive. If you think there's something wrong with this rationale: please elaborate. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
