Am 07.06.2016 um 19:59 schrieb RW:
On Tue, 7 Jun 2016 13:46:13 -0400 Alex wrote:Hi all, I'm curious about the RCVD_IN_SBL_CSS rule and its 3.5 score. Doesn't this seem a bit high? I'm already using postscreen to add 4 points to messages received with zen/sbl with return code 127.0.0.3, but also seeing quite a few RCVD_IN_SBL_CSS hits, so I'm assuming this is the result of the 4 postscreen points not being enough for it to be rejected outright, then subsequently being tagged by spamassassin. These are "deep header" rules, though. Should users be penalized so severely for using a dynamic address when it may not have been them responsible for sending the spam that blacklisted that IP?They are supposed to be addresses from blocks that are believed to have been allocated to snowshoe spammers
the point is "supposed"the reality is infected machines are moving around ISP networks and you sooner or later end in get one of the bused addresses - did the spam originate from you? no it did not!
it is *plain wrong* doing *any* deep header tests on received headers and you will *never* achieve enough to outweight the fallout of hit innocent victims
you can argue if the *connection* comes from a host and that host don't stop it's spamming users to block or penalty that host - fine, works for many years
but penalty a *dynaic and moving* enduser IP is broken by design from the first moment and supposed to go wrong - the only question is how wrong
the problem is with fewer and fewer ipv4 addresses the fallout is *growing* from day to day
dislcaimer: i am not affected by such rules because i dsiable anything in context of RBL and replace it with my own rules as well as i dsiable *any other* rule which appears to do deep-header testings
signature.asc
Description: OpenPGP digital signature
