Date: Tue, 15 Jan 2008 11:04:20 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: cpghost <cpghost@cordula.ws> Cc: John Almberg <jalmberg@identry.com>, freebsd-questions@freebsd.org Subject: Re: No spam??? Message-ID: <44bq7noz23.fsf@be-well.ilk.org> In-Reply-To: <20080115154527.GA15932@epia-2.farid-hajji.net> (cpghost@cordula.ws's message of "Tue\, 15 Jan 2008 16\:45\:27 %2B0100") References: <87A9631B-EAC5-41B8-B4C2-001C3ADBA486@identry.com> <200801150237.m0F2bqEg000116@banyan.cs.ait.ac.th> <360AB6AE-B3C1-4CA6-AFC1-378B48B3C6DF@identry.com> <20080115154527.GA15932@epia-2.farid-hajji.net>
next in thread | previous in thread | raw e-mail | index | archive | help
cpghost <cpghost@cordula.ws> writes: > On Tue, Jan 15, 2008 at 08:48:32AM -0500, John Almberg wrote: >> I've been doing some more digging since my last post, and have figured out >> that the spam is not being blocked by pf, as I suspected (since it wasn't >> showing up in my spam folder), but by spamassassin blacklists. >> >> The smtp log file has lots of entries like: >> >> 2008-01-14 09:30:37.074087500 rblsmtpd: 123.20.89.67 pid 72121: 451 >> http://www.spamhaus.org/query/bl?ip=123.20.89.67 >> 2008-01-14 09:31:05.271514500 rblsmtpd: 58.227.241.97 pid 72122: 451 >> Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?58.227.241.97 >> 2008-01-14 09:31:17.404943500 rblsmtpd: 41.196.155.56 pid 72123: 451 >> http://www.spamhaus.org/query/bl?ip=41.196.155.56 >> 2008-01-14 09:31:18.304682500 rblsmtpd: 123.20.89.67 pid 72124: 451 >> http://www.spamhaus.org/query/bl?ip=123.20.89.67 >> >> So raises the same point that Oliver makes: how trustworthy are these >> blacklists? > > YMMV, of course! > > I'm using spamhaus.org's blacklists for quite some time (many years) > to block spam in postfix and they've been VERY trustworthy so far. > > But I can't say the same for the others, which seem occasionally a > little bit too eager/aggressive and accumulate way too many false > positives. The OP was using spamassassin, which can score a mail as more likely to be spam based on an RBL. This makes even an untrustworthy RBL useful while still protecting yourself against its mistakes. For example, I use spamhaus blacklists in postfix myself, but I let messages come in from SORBS-blacklisted sites. Then the messages will get a point or two (of 4 or 5 needed to be marked as spam) as a result of the SORBS blacklist. At least, I think I've got the list names correct; I haven't touched my configurations for either postfix or spamassassin in quite a while.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44bq7noz23.fsf>