> -----Original Message----- > From: Scott Lambert [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 03, 2004 8:32 AM > To: [EMAIL PROTECTED] > Subject: Re: why is RCVD_IN_NJABL_DIALUP score so high? > > > On Tue, Feb 03, 2004 at 10:44:03AM +0100, Andy Spiegl wrote: > > Hi, > > > > I am living in Germany and all the dynamic IPs of the large ISP > > T-Online seem to be listed in NJABL and SORBS as DIALUP ips. That's > > okay of course, but I don't understand why the default score for that > > is so high: > > score RCVD_IN_NJABL_DIALUP 0 0.525 0 3.536 > > > > And why only in combination with Bayes (i.e. the last score number)? > > > > This results in lots of false positives on my system. :-( > > We had to lower this rule's score here because it was catching our SMTP > AUTH'd clients' mail with our spam threshold at 6. Both this rule > and DYNABLOCK were firing on a significant portion of my SMTP AUTH'd > clients. >
Wouldn't SMTP AUTH'd direct connects to your mail server be a sort of exception to the general rule? Would it be possible to a check for the SMTP auth connections (extracted from the Received headers at your mail server's demarcation point), and throw in a large negative score if you see that indication?
