Don Levey wrote: > Rick Macdougall wrote: >> Daniel Quinlan wrote: >>> Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes: >>> >>> >>>> Ohw well, lists.surbl.org also. At some point they hopefully >>>> understand that list will completely useless, and indeed insain for >>>> people to actually use it. Sadly, people still do. >>> >>> >>> Whatever your unstated reasons are, I beg to differ. Weekly >>> mass-check results for SURBL: >> >> Perhaps he means spews lists lists.surbl.org. I can't see anyone >> having issues with any of the SURBL RBL's. >> > I must not have things set up correctly then. > I get many MANY false positives from the SURBL lists, in the case > where the server that actually sent me the message records the IP > from which they received it. > > For example, [EMAIL PROTECTED] sends me email. It goes from his PC to > the MTA of fubar.isp, and from there to my server. Fubar.isp records > the PC's IP address in the headers, and passes the message; on my > server, Spamassassin sees that the original IP is listed, and tags > it. Never mind that it came to me via a reputable server, the > original IP is "bad". > > How, then, do I fix this so that the lists are more useful: so that > they check the most recent hop, and not (necessarily) all hops in the > chain? -Don
It was pointed out to me that SURBL lists only check URLs - I apologise for that. I *am* getting the problem described above with hits on Spamcop and SORBS. Additionally, apparently even the mere text mention of a .biz address triggers that flag - even though it talks about a URL. For example, on one mailing list there is a poster who posts from a .biz address. Any thread to which he posts is automatically contaminated, because his address is included in the text of the message - even though these are NOT URLs. -Don
