[Mimedefang] Cross-Post about SA Rule RCVD_IN_DYNABLOCK returning false positives
VonEssen, John
VonEssJ at intelihealth.com
Wed Oct 1 10:06:00 EDT 2003
I sent this to the SpamAssassin list and thought people here might have
some good comments.
I am very confused as to what RCVD_IN_DYNABLOCK does in SpamAssassin. I
have been looking at my logs and it appears that a lot of my clients
email is being tagged with RCVD_IN_DYNABLOCK.
Most of my clients access the internet via Comcast Cable Modem or DSL.
Is the purpose of DYNABLOCK to record client IP's (i.e. IP addresses of
the clients Cable/DSL connection) that are known to be the source of
SPAM (even though they are only relaying to an SMTP box via Outlook or
something)? So if some client computer got infected with a worm and it
started mailing out a bunch of crap (through the ISP's relay server) the
client IP would be tagged, and NOT the ISP's relay server.
If this is the case, does DYNABLOCK flush out its database of bad client
IP's?
I don't know if I agree with the logic of how DYNABLOCK works.
Obviously, it causes me a headache trying to explain to my clients why
their mail was not delivered. I'll never get an answer from
dynablock.easynet.nl as to why my clients IP's were tagged as BAD. This,
combined with the DoS attacks on RBLs (which in turn cause the RBLs to
return false positives), is starting to make me very weary about using
RBL's - everytime I turn my back I am getting bit in the ass.
Why would we blacklist client IP's who relay mail through an ISP's mail
server. Most ISP's are responsible enough to track down serious spammers
on their network. And, YES, every once in awhile, a DSL client computer
gets infected and starts sending spam - but it is quickly contained.
Thoughts?
John
More information about the MIMEDefang
mailing list