The only SA feature I like more than "eval:helo_ip_mismatch()" is the meta system. Thinking about this overnight, I have a whole new approach: PROBLEM SpamHaus is good but not perfect, most entries (old and new) can be blocked outright. OLD SOLUTION Create duplicate positive entries (IP/RBL) to catch most of what SpamHaus says should be positive. Result: huge private list of spammers to build and maintain. NEW SOLUTION Create duplicate negative entries (IP/RBL) to uncatch some of what SpamHaus says should be postive. Result: small private list of exceptions to build and maintain. Something like: __PublicSpamHaus __AntiSpamHaus meta SpamHausCapture __PublicSpamHaus && !__AntiSpamHaus ...basically, micro whitelisting. Dan |
