[Mimedefang] accept, then scan?

Jan-Pieter Cornet johnpc at xs4all.nl
Fri Sep 21 17:53:21 EDT 2007

On Fri, Sep 21, 2007 at 09:43:45AM -0700, Andy Lyttle wrote:
> I have gotten false positives with zen.spamhaus.org, but I use sbl- 
> xbl.spamhaus.org and a couple other DNSBLs with no problem.

Are you sure those FPs are cause by using zen as a sending-host RBL, and
not while using zen as an URIBL?

The difference between sbl-xbl and zen is only the pbl, which is a list
of known dynamic dialup lines, a large part of which are given by the
ISPs voluntarily to the spamhaus project. Users on dynamic dialup really
should not use direct delivery, but use their ISP smarthost, or the
smarthost of their email provider if that's not the same.

(URIBL_ZEN is known to cause some FPs because ISPs put their nameservers
in the PBL, as the nameservers are not supposed to send outgoing email.
Use URIBL_SBLXBL instead, it's about equally effective).

We in fact block mails with a notice text that contains a URL, which 
contains instructions to use the ISP's smarthost.

Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!

More information about the MIMEDefang mailing list