Am 20.04.2015 um 22:48 schrieb Axb:
On 04/20/2015 09:03 PM, Reindl Harald wrote:well, received headers in the middle of a message are not that good for classification at allsez the expert..
well, i was victim of a appliance starting from one day to another deep header inspection for RBL's as well as PTR and it was a nightmare
look at 20_dnsbl_tests.cf and you'll see that not all lookups are lastexternal
hence i disabled any builtin RBL's and replaced them with custom rules maintained from a webinterface
or put the internet cafes on 41.203.69.0/24 in a local BL and see it catch 419's injection points.
these are on lastexternal RBL#s
obviously you won't want to run deep header lookups against PBL or XBL
obviously i don't want to run *any* deep header lookups
but injection points on VPNs, etc can only be detected through deep header parsing
RBL is lastexternal - anything else has to be caught by others rules, bayes and URIBL, do what you want for your mailservers, my job is first to deliver email and then filter out as much as possible spam with as less as possible false poitives because 1 FP hurts much more than 20 not caught junk messages
signature.asc
Description: OpenPGP digital signature
