If an incomming email is from a IP listed in IP whitelist, we don't need to check it at all. The whitelist I mentioned here is a large-scale one. Say Microsoft and Yahoo's IPs should be added to IP whitelist since we suppose they won't send spams. Currently I am maintaining a RBL list, and hopefully the IP whitelist will help to reduce false positive.
On 5/13/05, Matt Kettler <[EMAIL PROTECTED]> wrote: > Ryan L. Sun wrote: > > Do you guys have any idea how to build up an effective and accurate IP > > whitelist? > > Since IP always cause false positive and I believe IP whitelist may be > > a good idea. > > > > Thanks. > > -Ryan > > > > What do you use to call SA? > > While the idea is good, any whitelisting at all done inside SA is nothing but > a > cheap hack. If at all possible with the tool you use, it's better to skip the > call to SA in the first place than to try to do whitelist_from, or > whitelist_ip. > > You save CPU, no worries about bayes autolearning the wrong way, etc. > > > At present the only "easy" way of doing an IP whitelist would be to write a > header rule that's specific to the Received: headers generated by your MTA. > > Another way would be to create your own RBL zone on your DNS server, and use > SA's DNSBL features to query that zone and apply negative scores to the "good" > IPs (much like RCVD_IN_BSP_TRUSTED does). This gets to be pretty advanced if > you're not very well versed in DNS administration. > > >