Le vendredi 20 août 2010 à 20:34 +0200, Jacek Politowski a écrit : > On Fri, Aug 20, 2010 at 04:11:34PM +0200, Benny Pedersen wrote: > > >trusted_networks smarthost-ip/cidr > > > >here i exlude listed ips that are listed in some rbl, but clearly to > >me should not be listed, now you found such ip ? :) > > Actually, the IP I've found _should_ be listed in DNSBL - I don't want > to receive any e-mail directly from this host (some DSL line with > abusable web server running on it...). > > Receiving e-mails via "some_big_MSP_smarthost" is completely another > thing. > > But I don't want to constantly monitor and add to whitelisting rules > all the smarthosts that might be sending e-mails to us -- there are > far too many of them. > > I'd really like limit SpamAssassin's "RCVD_*" DNSBL checks only to > hosts that directly deliver e-mails to our servers, but it seems I'm > missing something in SA documentation (I can hardly believe there is > no such possibility in SA).
IMHO having SA doing this is only a valid choice if your receiving hosts (MX) can't do it by itself at SMTP time. If your want to reject email sent directly by DSL/dialup/ or any dyn client... use RBL at connect time and reject mail if client is in the list. Spamhaus PBL in designed that way and cbl.abuseat.org can be used too for that (lists hijacked/zombies machines if I remmeber well) thoose lists (at list pbl) should not any MSP smarthost contains. Alternatively, you can have rules thats reject mails at smtp time based on the reversed dnsstring of client (reject if looks like '4.3.2.1-some.dyn.dsl.-isp.tld') This is much less ressource consuming than any parsing. And you can then keep using deep parsing (with great caution about the lists you uses!!!!) to help score spam. I really think the big part of this work do not belongs to spamassassin but to the MTA on the MX. Regards > >
