Mike Cardwell wrote:
Marc Perkel wrote:
Backscatter.org is the worst RBL on the planet. If you use it you
will get a lot of false positives.
Lets compare backscatterer's recommended usage of their list in your
favourite MTA against your own recommendation for usage of your
hostkarma RBL in your favourite MTA:
1.) HostKarma:
deny dnslists = hostkarma.junkemailfilter.com=127.0.0.2
2.) BackScatterer:
deny senders = :
dnslists = ips.backscatterer.org
log_message = $sender_host_address listed at $dnslist_domain
message = Backscatter: $dnslist_text
I would argue, and I expect few would disagree, that you're more
likely to get a false positive from the first than the second.
Or were you ignoring the large bright red warning signs and usage
information on http://www.backscatterer.org/ ?
I'll disagree with that.
Of course you will. It's your list I was talking about.
A lot of the backscatterer list is sender address verification calls.
If someone is doing sender address verification then they are
filtering spam and those who filter spam are not sending spam.
"Those who filter spam are not sending spam" - I can't remember the
last time I used this abbreviation... lol ... gmail? hotmail? yahoo?
On my system people doing SAV get white listed - not black listed.
Is that why your whitelist is much worse than the dnswl.org one? I
have a user who gets about 2000 spams a day. I keep a copy of that
spam in a folder for a week. 14 of the emails in there have JMF_W tags
on them at the moment and none of them have DNSWL tags.
That's pretty poor considering both lists fire on about the same
number of emails:
r...@haven:~# zgrep JMF_W /var/log/mail.log.[1234567].gz|wc -l
908
r...@haven:~# zgrep DNSWL /var/log/mail.log.[1234567].gz|wc -l
803
r...@haven:~#
One of the emails was from:
122.56.213.81 (122-56-213-81.mobile.telecom.co.nz)
Although that IP has now graduated from your whitelist to the
yellowlist. Amazing that an IP like that got into the whitelist in the
first place. You must have some faulty automated system for populating
the list.
This might be more accurate:
accept !senders = :
dnslists = ips.backscatterer.org
I see. You think "Host sends backscatter" therefore "Host never sends
spam". An interesting hypothesis.
This might be an advanced concept for you but what I meant was -
deliberately send spam. Everyone doing sender verification is someone
who is trying to BLOCK spam, and therefore are the good guys. I also
track SAV calls and I use it as a WHITE list.