Am 07.06.2016 um 20:22 schrieb RW:
On Tue, 7 Jun 2016 20:08:59 +0200 Reindl Harald wrote:Am 07.06.2016 um 19:59 schrieb RW:On Tue, 7 Jun 2016 13:46:13 -0400 Alex wrote:Hi all, I'm curious about the RCVD_IN_SBL_CSS rule and its 3.5 score. Doesn't this seem a bit high? I'm already using postscreen to add 4 points to messages received with zen/sbl with return code 127.0.0.3, but also seeing quite a few RCVD_IN_SBL_CSS hits, so I'm assuming this is the result of the 4 postscreen points not being enough for it to be rejected outright, then subsequently being tagged by spamassassin. These are "deep header" rules, though. Should users be penalized so severely for using a dynamic address when it may not have been them responsible for sending the spam that blacklisted that IP?They are supposed to be addresses from blocks that are believed to have been allocated to snowshoe spammersthe point is "supposed" the reality is infected machines are moving around ISP networks and you sooner or later end in get one of the bused addresses - did the spam originate from you? no it did not! it is *plain wrong* doing *any* deep header tests on received headers and you will *never* achieve enough to outweight the fallout of hit innocent victimsthey're blocks of static addresses
surely since "CSS lists both IPv4 addresses (/32) and IPv6 addresses (/64)" and /32 is not a block but a single IP?
signature.asc
Description: OpenPGP digital signature
