Ryan L. Sun wrote: > Do you guys have any idea how to build up an effective and accurate IP > whitelist? > Since IP always cause false positive and I believe IP whitelist may be > a good idea. > > Thanks. > -Ryan >
What do you use to call SA? While the idea is good, any whitelisting at all done inside SA is nothing but a cheap hack. If at all possible with the tool you use, it's better to skip the call to SA in the first place than to try to do whitelist_from, or whitelist_ip. You save CPU, no worries about bayes autolearning the wrong way, etc. At present the only "easy" way of doing an IP whitelist would be to write a header rule that's specific to the Received: headers generated by your MTA. Another way would be to create your own RBL zone on your DNS server, and use SA's DNSBL features to query that zone and apply negative scores to the "good" IPs (much like RCVD_IN_BSP_TRUSTED does). This gets to be pretty advanced if you're not very well versed in DNS administration.
