Michael Scheidell wrote: > Ah, ok, I had not seen enough additional value using p0f (I turned it > off, too much cpu usage for a very small point percentage) and the fact > that it really can't figure out the difference between a windows 2000 > server and an XP workstation. > > So, if there a regex that it uses to know when not to bounce? > (and I still think if DNS admin bothers to publish spf, dkim, or sender > id records we should take the time to not bounce) >
depends on whether you want a solution now or in ten years ;-p > MAYBE a VERY HIGH score on HARD SPF, high enough to be above threshold > (and we can increase its priority, and add it to shortcut list also) > > Other option is to do SPF hard bounce (5xx and disconnect session) in > the MTA, that way no 'bounce' is generated, but rather the sending MTA > gets the 5xx, zombie or not.) Besides DKIM and SPF, there is still "best guess spf". if there is a clear relationship between the sender address and the client (IP or rDNS), then this can be considered as an SPF pass (without the restriction that SPF would have introduced). examples: - client IP is that of an MX of the sender domain. not sure if using a /24 would be safe. - client rDNS is a subdomain of the sender domain. or both are subdomains of a single domain (with 2 or 3 labels, depending on the tld). The rationale is: if they allow spam from a client in their domain, or from a client that is authorized to send on their behalf, then they deserve backscatter and more ;-p ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/