RW a écrit : > On Sun, 10 May 2009 16:04:47 -0400 > Adam Katz <antis...@khopis.com> wrote: > > >> That's why I've got my KHOP_RCVD_UNTRUST score ... spammers are going >> out of their way to send from whitelisted servers these days, a >> testament to how powerful DNSBLs are. > > The other day I had a lottery scam spam sent via University > College London wemail, from a Nigerian IP address. It hit > RCVD_IN_DNSWL_MED and RCVD_IN_SBL, which have a combined score of -2.4. > > I think it might be useful to redefine DNSWL rules as meta rules, so a > strong DNSBL hit turns them off.
yes, there's some work to do regarding DNSWL/DNSBL. For the example yoi cite, one could have a meta that "cancels" DNSWL if an IP is in Nigeria (and the like) is found. This can be extended to other "probably obvious" spam. I am particularly interested in catching spam resent by public mailing-lists (such as debian lists, which are often targetted by spammers). This is a bit different than "standard" spam filtering.
