On 21 Jun 2015, at 16:34, Robin McCorkell wrote:
it still makes it clunky to have the weighting and blocklist
configuration in two places.
On the other hand, it can be convenient to have distinct configurations
in places where different sets of facts can be known.
For example:
I use some DNSBLs which each have tendencies *by design* towards
substantial and somewhat different sorts of false positives and/or
collateral damage. None of these alone should be an absolute bar to
mail, but hitting combinations of them can be as near-certain a spamsign
as fast-talking. Postscreen handles that well with its weights and
threshold. Once a session makes it to smtpd I make decisions based on
more pieces of data, most importantly the recipient address. By default
I do reject clients hitting any one of those DNSBLs at RCPT, but NOT if
a recipient is the right sort of tagged address. Having the right sort
of tagged recipient address gets mail into SpamAssassin (assuming it
passes a minor gauntlet in MIMEDefang) with a slightly negative (hammy)
head start if it happens to have also hit one of those sketchy DNSBLs
and a big one if it has not. I also have relatively small scores in SA
for DNSBLs so sloppy that I can't really make use of them any other way:
I wouldn't trust them to make any difference in postscreen and would
never reject outright in smtpd based on them.
