On Tue, 7 Jun 2016 20:08:59 +0200 Reindl Harald wrote: > Am 07.06.2016 um 19:59 schrieb RW: > > On Tue, 7 Jun 2016 13:46:13 -0400 > > Alex wrote: > > > >> Hi all, > >> > >> I'm curious about the RCVD_IN_SBL_CSS rule and its 3.5 score. > >> Doesn't this seem a bit high? > >> > >> I'm already using postscreen to add 4 points to messages received > >> with zen/sbl with return code 127.0.0.3, but also seeing quite a > >> few RCVD_IN_SBL_CSS hits, so I'm assuming this is the result of > >> the 4 postscreen points not being enough for it to be rejected > >> outright, then subsequently being tagged by spamassassin. > >> > >> These are "deep header" rules, though. Should users be penalized so > >> severely for using a dynamic address when it may not have been them > >> responsible for sending the spam that blacklisted that IP? > > > > They are supposed to be addresses from blocks that are believed > > to have been allocated to snowshoe spammers > > the point is "supposed" > > the reality is infected machines are moving around ISP networks and > you sooner or later end in get one of the bused addresses - did the > spam originate from you? no it did not! > > it is *plain wrong* doing *any* deep header tests on received headers > and you will *never* achieve enough to outweight the fallout of hit > innocent victims
they're blocks of static addresses.
