spamassassin-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 5374] DUL/Dynablock RBL test issues
Date Tue, 20 Mar 2007 15:17:56 GMT

------- Additional Comments From  2007-03-20 08:17 -------
I'd like to hear Daryl's comments, seeing as he's become the
trusted_networks/internal_networks guru ;)

> I think DUL type blocklists should only be used if:
> 1. You only check against the first noninternal IP (quite possibly different
> to first nontrusted IP if you have a bigger trust algorithm like the one from
> BUG 5373)

Are you taking the differentiation between trusted_networks and
internal_networks into account?  I noticed an issue on bug 5373 (at least in
terminology) on that point.

internal_networks was designed to deal with this issue, since it *does* allow
trust to extend further, without affecting the network boundary used to
determine which IP to check in the DUL case.  The DUL/PBL rules should all be
using "-lastexternal" accordingly to take that into account.

We definitely do not look further than the "handover to receiver" IP
for DUL rules, to avoid this case:

> user ip -> isp/3rd party smtp -> receiver
> zombie user ip -> forwarder -> receiver

That limitation does miss some spam for the forwarder case, but that's better
than increasing FPs in the case of "user ip -> 3rd party smtp server in
trusted_networks -> receiver".

> 2. If you accept SMTP auth mail for local users, your mail server does add the
> appropriate Received header that parse_received_line can detect as an
> authenticated SMTP session

Yep -- documented as an important thing that ISPs need to do.

> 3. You're willing to penalise SME type customers that run their own mail servers
> on DSL/dialup lines

We haven't made a definite stand on this, but I think those guys are pretty
much a lost cause by now. :(  SpamAssassin is the _least_ of their worries,
with pretty much every major ISP (including AOL) blocking them, afaik.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

View raw message