On 14 Feb 2015, at 05:27 , Reindl Harald <h.rei...@thelounge.net> wrote: > Am 14.02.2015 um 10:40 schrieb LuKreme: >> On Feb 13, 2015, at 5:42 PM, Benny Pedersen <m...@junc.eu> wrote: >>> >>> problem with lists is that a spammer just create a new free domain and spam >>> with it, so be in front, list all as spam until it known not to be >> >> In this specific case,the list is a list of known domains that will pass >> whitelist_auth, which means you can blacklist them and when they pass auth, >> they magically get through. >> >> As Dave Pooser posted: >>> whitelist_auth *@bankofamerica.com >>> blacklist_from *@bankofamerica.com >>> >>> I score blacklist_from at 80 points so an address that's both blacklisted >>> and whitelisted will be effectively whitelisted, thanks to a net -20 score >> >> When BOA sends an email, it hits the blacklist and gets a score of +80, but >> if the mail passes whitelist_auth (meaning it’s really from BOA), then it >> gets a -100. So anyone who is not BOA ends up with a score of +80. It >> doesn’t matter how many random domains they create. > > and when BOA makes a mistake in their DNS (typo in the SPF as it happens way > too often ending in PERMERROR which is *not* a reason for a reject) or other > DNS issues are happening you would block all legit mail
It would block THEIR legit mail until they fixed their DNS. > in other words: you make your mailserver to a gambling machine with such > rules as long it's not for domains you maintain and can be sure that DNS > works unconditionally (no internet and foreign ISP involved) I wasn’t suggesting you implement it on your machine. That said, I would very much like a list of hosts that pass whitelist_auth. I suppose I could set a temporary score for whitelist_auth of -0.1 and see how many hits it gets int eh next month or two. -- Aren't you a little short for a stormtrooper?
