I have set up SpamAssassin with the following in
/etc/spamassassin/mycustomscores.cf:
score RCVD_IN_SBL 10.0
score RCVD_IN_XBL 10.0
score RCVD_IN_PBL 10.0
score RCVD_IN_SBL_CSS 10.0
score URIBL_SBL 10.0
score URIBL_CSS 10.0
score URIBL_CSS_A 10.0
score URIBL_SBL_A 10.0
I do not otherwise block using Spamhaus at the MTA or elsewhere.
I occasionally see false positives because of these scores and it is
when a domain is in the body of a message. When I check the Spamhaus
website[1], the domain is not there. Each time this has occurred, it has
been for a website currently in the news and usually something to do
with politics.
A few days ago I happened to be on my computer exactly when one of these
false positives came in[2]. I immediately went and checked the Spamhaus
site and the domain was not listed. I checked several times throughout
the day and never saw the domain there.
So I am trying to figure out why there is a disparity between what
SpamAssassin reports and the Spamhaus website reports, but I'm not clear
how SpamAssassin checks Spamhaus, and since these are usually domains I
rarely have in a message any place, I don't have a good feel for whether
or not this is some regular problem.
If anyone can point me to how this check is performed, that would be
very helpful.
Thank you,
Paul
[1] https://check.spamhaus.org/
[2] Scores:
* 10 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL
* blocklist
* [URIs: wikileaksdotorg]
* 10 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL
* blocklist
* [URIs: wikileaksdotorg]
