Hi,
we have real problems with SA spam scoring of some hosts that that are in
list.dnswl.org
with a hight trust level (RCVD_IN_DNSWL_HI). This in SA gives a negative score
of -5.0.
The description at the dnswl website says:
Recommended Usage: Skip spam filtering for medium and high ranked IPs. These
are trusted
to send spam rarely enough that they are not worth
filtering.
But there are cases where this gives completely nonsense and let definitely
spam mails
all go through and become not spam-tagged. I'll give an example:
Host 'mail.mobile.de'. This host (multiple ip) receives mail from external
sources and
forwards them to other mail-addresses. They seem to accept any mails from any
ip, equal
if dynamic ips or from known high level spam sources. I'll highly believe that
they
themselves never originate spam. But they forward mails from other sources that
are
100% spam. Because mail.mobile.de is listed with DNSWL_HI all these mails get
an dnswl
negateive score of -5.0 - means that a lot of spam mails they forward get
through with
no Spam-tags.
I don't wan't to generally reduce the scores of the RCVD_IN_DNSWL rules. But
how to handle
those cases? Obviously this listing gives a lot of 'false negatives'. The only
way I see
seems to manually neutral this -5.0 scoring for all forwarded mails with a
local rule; but
then all mails that are originated by themselves would become tagged as spam
too. Does
anyone have a solution for this ?
Lutz Petersen
