On Thu, 2003-06-19 at 02:57, Simon Byrnand wrote: > > Analyzing my spam from the last 3 months, I have had zero in my Inbox > > with RCVD_IN_SBL while about 50% in my SPAM box has RCVD_IN_SBL. > > > > http://www.spamhaus.org/sbl/ > >>From my own experience above and their own description on this site, it > > sounds like the SBL is fairly safe and not abusive like other DNSBL's in > > the past have been accused of. Would anyone else agree that the SBL is > > generally safe to add to your MTA's rejection list? > > > > I am soon launching a 1500+ user mail server with spamassassin, so I am > > thinking that if I can cut out 50% of the spam, then I can save a lot of > > CPU and disk resources and run more efficiently, if everything from the > > SBL is indeed spam. > > In fact the SBL is the *only* one of the blocklists that I would trust for > MTA level blocking. We've been using a couple of other lists as well out > of necessity but now that I've just launched SA systemwide I'll shortly be > dropping MTA level blocking of all of the lists except for SBL which I'll > keep for the reasons you outline. > > I've also bumped the score for RCVD_IN_SBL up to 6.0 to catch cases where > SBL blacklisted email gets past the MTA level check because the mail was > (legitimately) forwarded by another ISP's mail server ours - because the > MTA level check ends up checking the IP address of the other ISP's > mailserver instead of the source. > > > If the SBL is generally safe to use for MTA-level rejection, are any of > > the other DNSBL's safe to use in this way too? > > I don't believe so, no, at least not compared to the accuracy of SA. The > SBL is by far the most rigorous in terms of what they will list, and > trying to avoid collateral damage. > > Any open relay list is going to have collateral damage due to the simple > fact that not *all* messages sent through open relays are spam... ;-) > > And some of the other lists (spews ?) actually make a *point* of > deliberately causing collateral damage to try and put pressure on spam > hosting ISP's, but as always, it is the innocent parties who are > disadvantaged by this kind of tactic... > > Just my 2c.. > > Regards, > Simon >
If everyone is in agreement that SBL is effective and safe, why is spamassassin's default score for RCVD_IN_SBL so low?
I wouldn't necessarily say "everyone is in agreement", I just gave my own opinion, although I think the general consensus is that SBL is very reliable at not having false positives...(but probably not infallable)
The score is low simply because thats where the GA scored it, however if you CHOOSE to block outright using the SBL at an MTA level, then you may as well set the SBL score high as well, as I did, which will catch mail from SBL'ed sources that got forwarded via a redirection email address....
Regards, Simon
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
