Some time ago, I'd cribbed the following postscreen dnsbl weights from an
experienced users' post ... iirc, it was on this list
...
postscreen_dnsbl_threshold = 5
postscreen_dnsbl_sites =
b.barracudacentral.org=127.0.0.2*7
zen.spamhaus.org=127.0.0.[10;11]*8
zen.spamhaus.org=127.0.0.[4..7]*6
zen.spamhaus.org=127.0.0.3*4
zen.spamhaus.org=127.0.0.2*3
...
They'd worked well for me. However, of late, I'd been seeing an increase in
leaks through my filter.
On quick investigation, @ spamhaus now says
(http://www.spamhaus.org/news/article/713/) return codes have changed:
http://www.spamhaus.org/faq/section/Spamhaus%20DBL#291
Return Codes Data Source
------------- ------------
127.0.1.2 spam domain
127.0.1.4 phish domain
127.0.1.5 malware domain
127.0.1.6 botnet C&C domain
127.0.1.102 abused legit spam
127.0.1.103 abused spammed redirector domain
127.0.1.104 abused legit phish
127.0.1.105 abused legit malware
127.0.1.106 abused legit botnet C&C
127.0.1.255 IP queries prohibited!
Once I find the docs @ spamhaus of what each of those data source defs &
criteria are, I can cobble up a fresh/relative weighting, and see how it
performs over time.
Has anyone experience with a (re)weighting mix of these ^^ newer codes already
to share?