On 6/24/10 3:51 PM, Ned Slider wrote:
The danger comes when people use the PBL incorrectly and deep parse
all headers which *will* lead to copious FPs.
Either way, I'd have no hesitation blocking outright on PBL or scoring
very highly in SA.
since the PBL also lists 'dialups'. and if a dialup user connects to
their legitimate smtp host for their provider and sends an email, their
dialup ip will still be in the received headers.
that is why, as Ned said, you have to only use it on the LAST UNTRUSTED
ip. (or first received header). or on your MTA.
NOTE; if you use it in your MTA, and you are using a caching DNS server,
then you are not making any redundant outbound DNS queries, one for the
MTA, one for SA.
SA will use the cached result.
and, in the case of DHA's, that one ip will probally hit your server
25,000 more times today :-)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
