I'm starting mine out at 0.5 until I see what happens.
Infinite Systems Charles Amstutz | Systems Administrator charl...@infinitesys.com 402.477.2474 134 S 13th Street, Suite 302 | Lincoln, NE 68508 -----Original Message----- From: David Jones [mailto:djo...@ena.com] Sent: Thursday, July 13, 2017 11:13 AM To: users@spamassassin.apache.org Subject: Re: "bout u" campaign On 07/13/2017 10:56 AM, RW wrote: > On Thu, 13 Jul 2017 09:33:04 -0400 > Alex wrote: > >> On Thu, Jul 13, 2017 at 9:29 AM, Charles Amstutz >> <charl...@infinitesys.com> wrote: >>> How do you use lashback? It says that it is free to use for >>> commercial and non commercial use. How do I set it up? >> >> Drop this into your local.cf or similar: >> >> header RCVD_IN_LASHBACK eval:check_rbl('LASHBACK', >> 'ubl.unsubscore.com') > > I have it as lastexternal: > > header RCVD_IN_UNSUBBL eval:check_rbl('ubl-lastexternal', > 'ubl.unsubscore.com') > > I've found there to be quite a lot of ISP pool addresses in it, so > deep checks are probably unsafe. > I started mine with lastexternal and didn't find much added value over other major RBLs and since my MTA was blocking mostly with IVM and Spamhaus RBLs that overlapped Lashback. I also wanted to check outbound mail where the second or more hop was from an infected device most likely under botnet control. It would have helped in the OP spam. > I've also found it has quite a high FP rate of ~2%. > I am working with them to fix these FPs (they include major mail providers like Comcast, Microsoft and Google which are pointless) and potentially be included in the default SA rules. It's still a valuable RBL to help with an overall score even with a ~2% FP. I wouldn't score it too high like you can with Spamhaus and IVM. I also have it at 1.2. -- David Jones
