Hi all, I'm curious about the RCVD_IN_SBL_CSS rule and its 3.5 score. Doesn't this seem a bit high?
I'm already using postscreen to add 4 points to messages received with zen/sbl with return code 127.0.0.3, but also seeing quite a few RCVD_IN_SBL_CSS hits, so I'm assuming this is the result of the 4 postscreen points not being enough for it to be rejected outright, then subsequently being tagged by spamassassin. These are "deep header" rules, though. Should users be penalized so severely for using a dynamic address when it may not have been them responsible for sending the spam that blacklisted that IP? Many times it's only the X-Originating-IP header: X-Originating-IP: [197.211.53.34] This may be the dynamic IP used by the end-user to connect to their ISP. I'd appreciate any thoughts on how to handle these cases. The full headers for this message are here: http://pastebin.com/6b7MTeYa Thanks, Alex
