Hi!
a)
==
442 Connection from $IP temporarily refused, host listed by $LIST
==
Both:
{
RBLError
URIBLError
}
to this
AvError
in case, when in ASSP installation used special ClavAV .DB with spam messages
signatures
b)
IMHO, best _allow_ set RBLError ( and Co) a-la
RBLError:=442 4.2.2 DNS Blacklisted by RBLLISTED
( Default settings:
RBLError:=554 5.7.1 DNS Blacklisted by RBLLISTED
)
and if RBLError contain 4XX do " emit a "tempfail" "
Best regards, Victor Miasnikov
Blog: http://vvm.blog.tut.by/
----- Original Message -----
From: "Thomas Eckardt" <thomas.ecka...@thockar.com>
To: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Sent: Tuesday, September 04, 2012 8:03 PM
Subject: [Assp-test] Antwort: DNSBL reject msg...
RBLError
AvError
ÜRIBLError
??? .....
Thomas
Von: Grayhat <gray...@gmx.net>
An: assp-test@lists.sourceforge.net,
Datum: 04.09.2012 17:20
Betreff: [Assp-test] DNSBL reject msg...
I've been reading some stuff and found that there are pros and cons to
what I'm suggesting... let me go straight to the ball; at the moment,
if ASSP uses DNS blacklists (or URIBLs for that) and if an IP (or URL
or domain) is listed (or at least the list score goes "over limit") the
result is a 5xx reject message; fine, but what about adding an option
so that, instead of emitting a reject, ASSP could emit a "tempfail",
that is, something like (e.g.)
442 Connection from $IP temporarily refused, host listed by $LIST
this way, even if using "aggressive" lists, a given message won't be
directly rejected but just delayed and, if the sending MTA retries (and
if our "aggressive list" suddenly removes the IP - e.g. false positive
cases), the mail won't be lost in outer space but just delayed; I know,
you may object that this may possibly cause some additional load to the
box running ASSP, but consider that spambots almost *ignore* the SMTP
result code, so at all effects, adopting such an option would slightly
help getting mail from "good hosts" which, for a reason or another got
listed by some DNS blacklist; I think that adding such an option to
ASSP (and again, an OPTION, not a default behaviour) may be useful.
thoughts ?
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
