Marc Perkel wrote:
Henrik K wrote:
Hello,
I updated my FreeMail plugin with a big list of domains
(http://www.rhyolite.com/anti-spam/freemail.html).
Try it out:
http://sa.hege.li/FreeMail.pm
http://sa.hege.li/FreeMail.cf
Pretty good hit ratio here, especially when you add some extra scores
like
FREEMAIL_FROM && DCC_CHECK etc. All that freemail spam is annoying as it
can't be blocked directly at MTA (RBLs etc).
Cheers,
Henrik
I have a suggestion for your freemail plugin. I don't know if you can
do this but if you can I want to see how.
First look at the last received and verify that it is genuine.
(Forward Confirmed rDNS). If it is then check the freemail list and if
you have a match it means it came from a freemail server.
If the message came from a freemail server then there's no reason to
check the IP address in any blacklist lookups because freemail server
are neither black nor white and the IP address has no useful
information. Thus all other IP tests can be skipped. This will not
only cut system load but also false positives. No sense in checking
the blacklists if you already know it's from a yahoo server.
This is more related to DNSWL.
Besides, since SA uses scores, there is no reason to skip DNSBLs for any
client. if a freemail server lately sent a lot of spam, some DNSBL may
list it, and this will result in some points, which is realistic.
Similarrly lets build a white list of domains (again Forward Confirmed
rDNS) that send no spam at all and can be instantly whitelisted.
should be an RHSWL.
I'm doing something similar with Exim rules, but I need a bigger list.
This is a different thing.
