Re: Multiple RBLs and dynamic IPs

Am 31.05.2016 um 10:43 schrieb Matus UHLAR - fantomas: On 30 May 2016, at 15:07, Alex wrote: Yeah, that's it exactly. Particularly overseas where it doesn't appear NAT and/or submission are used as readily as they are here. Am 31.05.2016 um 03:09 schrieb Bill Cole: Irrelevant in this case

Re: Multiple RBLs and dynamic IPs

On 30 May 2016, at 15:07, Alex wrote: Yeah, that's it exactly. Particularly overseas where it doesn't appear NAT and/or submission are used as readily as they are here. Am 31.05.2016 um 03:09 schrieb Bill Cole: Irrelevant in this case because if you trust that header not to be an intentionall

Re: Multiple RBLs and dynamic IPs

Am 31.05.2016 um 03:09 schrieb Bill Cole: On 30 May 2016, at 15:07, Alex wrote: Yeah, that's it exactly. Particularly overseas where it doesn't appear NAT and/or submission are used as readily as they are here. Irrelevant in this case because if you trust that header not to be an intentiona

Re: Multiple RBLs and dynamic IPs

On 30 May 2016, at 15:07, Alex wrote: Yeah, that's it exactly. Particularly overseas where it doesn't appear NAT and/or submission are used as readily as they are here. Irrelevant in this case because if you trust that header not to be an intentionally deceptive lie, the receiving server clai

Re: Multiple RBLs and dynamic IPs

Am 31.05.2016 um 00:59 schrieb Reindl Harald: Am 31.05.2016 um 00:57 schrieb Reindl Harald: Am 31.05.2016 um 00:49 schrieb Alex: Hi, So I created the RCVD_IN_XBL_ALL "deep header" rule and have since reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as part of the default r

Re: Multiple RBLs and dynamic IPs

Am 31.05.2016 um 00:57 schrieb Reindl Harald: Am 31.05.2016 um 00:49 schrieb Alex: Hi, So I created the RCVD_IN_XBL_ALL "deep header" rule and have since reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as part of the default ruleset, which I could of course change, but it's

Re: Multiple RBLs and dynamic IPs

Am 31.05.2016 um 00:49 schrieb Alex: Hi, So I created the RCVD_IN_XBL_ALL "deep header" rule and have since reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as part of the default ruleset, which I could of course change, but it's scored 1.3 by default for that same "deep heade

Re: Multiple RBLs and dynamic IPs

Hi, >> So I created the RCVD_IN_XBL_ALL "deep header" rule and have since >> reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as >> part of the default ruleset, which I could of course change, but it's >> scored 1.3 by default for that same "deep header" IP address. >> >> Does that

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 21:49 schrieb Alex: Yeah, that's it exactly. Particularly overseas where it doesn't appear NAT and/or submission are used as readily as they are here. with carrier grade NAT and "DS-Lite" aka "public ipv6 but NAT ipv4" becoming more and more common the problem is and will be

Re: Multiple RBLs and dynamic IPs

Hi, >> Yeah, that's it exactly. Particularly overseas where it doesn't appear >> NAT and/or submission are used as readily as they are here. > > > with carrier grade NAT and "DS-Lite" aka "public ipv6 but NAT ipv4" becoming > more and more common the problem is and will be growing fast > >> So eve

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 21:07 schrieb Alex: it's nonsense to give points for dynamic enduser machines, they are *typically* on a lot of blacklists and the users behind are changing all the time when you want to know why - try to use sbl-xbl as suggested by spiderlabs for a web-application-firewall, d

Re: Multiple RBLs and dynamic IPs

Hi, > "RCVD_IN_XBL_ALL" smells like deep header inspection > The question was: "How many points do you add to an email that *originated* from a dynamic IP that [is] on a number of blacklists?" >>> >>> >>> no - that was the question of the OP >>> i responded l

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 20:45 schrieb RW: On Mon, 30 May 2016 19:59:10 +0200 Reindl Harald wrote: Am 30.05.2016 um 18:11 schrieb RW: On Mon, 30 May 2016 14:12:27 +0200 Reindl Harald wrote: "RCVD_IN_XBL_ALL" smells like deep header inspection The question was: "How many points do you add to

Re: Multiple RBLs and dynamic IPs

On Mon, 30 May 2016 19:59:10 +0200 Reindl Harald wrote: > Am 30.05.2016 um 18:11 schrieb RW: > > On Mon, 30 May 2016 14:12:27 +0200 > > Reindl Harald wrote: > > > >> "RCVD_IN_XBL_ALL" smells like deep header inspection > >> > > > > The question was: > > > > "How many points do you add to an

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 18:11 schrieb RW: On Mon, 30 May 2016 14:12:27 +0200 Reindl Harald wrote: Am 30.05.2016 um 14:10 schrieb Matthias Leisi: Hm, that looks odd: Am 27.05.2016 um 20:15 schrieb Alex mailto:mysqlstud...@gmail.com>>: X-Spam-Report: * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed

Re: Multiple RBLs and dynamic IPs

On Mon, 30 May 2016 14:12:27 +0200 Reindl Harald wrote: > Am 30.05.2016 um 14:10 schrieb Matthias Leisi: > > Hm, that looks odd: > > > >> Am 27.05.2016 um 20:15 schrieb Alex >> >: > > > >> X-Spam-Report: > >> * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at > >

Re: Multiple RBLs and dynamic IPs

Am 30.05.2016 um 14:10 schrieb Matthias Leisi: Hm, that looks odd: Am 27.05.2016 um 20:15 schrieb Alex mailto:mysqlstud...@gmail.com>>: X-Spam-Report: * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no * trust * [116.251.209.92 listed in list.dnswl.org

Re: Multiple RBLs and dynamic IPs

Hm, that looks odd: > Am 27.05.2016 um 20:15 schrieb Alex : > X-Spam-Report: > * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no > * trust > * [116.251.209.92 listed in list.dnswl.org] -^ > * 0.0 RCVD_IN_XBL_ALL RBL: Received via a relay in S

Re: Multiple RBLs and dynamic IPs

Am 27.05.2016 um 20:15 schrieb Alex: How many points do you add to an email that originated from a dynamic IP that on a number of blacklists? This 180.178.104.22 is an IP from a customer in Indonesia: Received: from [180.178.104.22] (port=51022 helo=CapriciousDude) by vio1.naveca.biz