On Fri, Nov 05, 2010 at 04:51:14PM -0000, John Levine wrote: > >Should we mention that these should only be used to reduce FPs from > >blacklists that follow, and that are expected to not list legitimate > >clients. ... > > Depends on the whitelist. > > I'm working on Spamhaus' new whitelist where our goal is to list only > mail sources clean enough that you can skip the rest of the filtering. > (So far so good, but it's still pretty small.)
Yes, and same said sources should not be blacklisted by anything that follows. If Postfix can't determine the client's reverse domain (tempfail) and therefore cannot even ask SpamHaus whether the (verified) client (PTR) domain is on the whitelist, one can either tempfail all mail from said client (bad, lots of retransmitted garbage) or fail to white-list (not so bad, worst case the blacklists will FP a small fraction of legit clients, choose your blacklists with care). > You're welcome to use it. The IP address version is at swl.spamhaus.org. The IP version does not encounter the issue, as we don't expect systemic tempfail issues with swl lookups, but we expect systemic problems obtaining verified (IP -> PTR -> matching-IP) names for many clients. > For people who like DKIM, there's also domain version at > dwl.spamhaus.org. It lists domains, with the ONLY use that we support > being DKIM d= signing domains on mail with valid signatures. See RFC > 5518. Hence my comment about possible appetite for DKIM in smtpd/cleanup. > The terms of use are the same as the rest of the Spamhaus lists, moderate > number of queries are fine, larger than that and you have to buy a feed. > If you already have a Spamhaus feed, the SWL and DWL should now be > included in it. > > The plan for the SWL and DWL is that we will eventually charge for > listings, but for now it's free, in limited beta. See > http://www.spamhauswhitelist.com/en/, and drop me a line if you'd like > an invitation. I have an invitation, my problem is that I don't yet have separate infrastructure for just non-marketing email. In a large enough organization, someone, somewhere will unilaterally engage in some marketing under the radar, so we need to think about separating the known good, rather than trying to preclude the unknown bad. -- Viktor.
