Why are you not blocking with blacklists at the border, ie: MTA.
Given its 0 resources for your MTA, with anti spam checking on SA often
using significant resources (depending on traffic/number of tests/rules
etc), its best to stop it getting to SA in the first place.
SA also has this by-default list of domains that it never checks, for
along time I have disagreed with this, we are the ones to decide who
gets whitelisted not SA, not some paid third party, the option
clear_uridnsbl_skip_domain however prevents this, but then you have to
locate and 0 all the general rulesets scores that are whitelists as
well.
On 13/08/2022 09:55, joe a wrote:
I need to refresh my brain on using blacklists with SA, before looking
more deeply into why this got through.
Today a email slipped through with a very low score that was clearly
phishy. A url in question, posing as another, hits no less that 6
blacklists. I was going to look at clamav that is in use here, as I
had just been tuning that a bit and realized that that may be using a
hammer to drive a screw. so to speak.
Or are they passe these days?
--
Regards,
Noel Butler
This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so.
If you are not the intended recipient, please notify the sender then
delete all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message.