RW <rwmailli...@googlemail.com> writes: > On Sun, 10 May 2009 16:04:47 -0400 > Adam Katz <antis...@khopis.com> wrote: > > >> That's why I've got my KHOP_RCVD_UNTRUST score ... spammers are going >> out of their way to send from whitelisted servers these days, a >> testament to how powerful DNSBLs are. > > The other day I had a lottery scam spam sent via University > College London wemail, from a Nigerian IP address. It hit > RCVD_IN_DNSWL_MED and RCVD_IN_SBL, which have a combined score of -2.4. > > I think it might be useful to redefine DNSWL rules as meta rules, so a > strong DNSBL hit turns them off.
I wonder if the right fix is to only give the DNSWL_MED score if that host doesn't show a previous-hop relay. But, it makes sense to give the MED points to authenticated senders. So after thinking about it, I think the notion of not applying the DNSWL_MED points in the BL case makes sense. Perhaps define a metarule for IP-based blacklist hit, and then DNSWL_cancel metarules?
pgpg9WNhyKCp9.pgp
Description: PGP signature
