Henrik K wrote:
Hello, I updated my FreeMail plugin with a big list of domains (http://www.rhyolite.com/anti-spam/freemail.html). Try it out: http://sa.hege.li/FreeMail.pm http://sa.hege.li/FreeMail.cf Pretty good hit ratio here, especially when you add some extra scores like FREEMAIL_FROM && DCC_CHECK etc. All that freemail spam is annoying as it can't be blocked directly at MTA (RBLs etc). Cheers, Henrik
I have a suggestion for your freemail plugin. I don't know if you can do this but if you can I want to see how.
First look at the last received and verify that it is genuine. (Forward Confirmed rDNS). If it is then check the freemail list and if you have a match it means it came from a freemail server.
If the message came from a freemail server then there's no reason to check the IP address in any blacklist lookups because freemail server are neither black nor white and the IP address has no useful information. Thus all other IP tests can be skipped. This will not only cut system load but also false positives. No sense in checking the blacklists if you already know it's from a yahoo server.
Similarrly lets build a white list of domains (again Forward Confirmed rDNS) that send no spam at all and can be instantly whitelisted.
I'm doing something similar with Exim rules, but I need a bigger list.
