Re: [tlug] state of the art spam filtering

[Francois Cartegnie <fcartegnie@example.com>]

Le jeudi 18 mars 2010, vous avez écrit :
> Yes, that's why more and more worms/troyans use the setting of outlook
> to send mails, so they can go over the ISPs MTA, which makes it legitimate
> for quite a lot of MXs

And also legitimate for the ISP to end or put on hold their broadband 
subscription. Complainers logs aren't enough for that.

> Judging from the logs of the MPlayer/FFmpeg mailinglist server, that's
>  about 30% of mail. Most of which are by the developers themself. So if i'd
>  block dyn IP users, i'd block the people who are the most legitimate users
>  of the mailinglist.

It's not about dyn IP users, it's about mtas, doing direct delivery, hosted on 
dyn ip and showing it in their reverse.
If they are geeky to run their own mta, then should also prove they can set up 
a correct reverse dns (which is in some way proving they're in control of the 
host, not a zombie) or set the mta to forward through their isp.

> That's the reason why most people consider RBLs a broken as designed
> solution. It breaks a previously working and legitimate use of the
>  internet.

Do you have remote IP or blocks listed in your firewall ?

> It is possible with multiple MXs too. At least postfix can do that.
> And it's highly recommended too.

Large companies/organisations forwards mails to internal mta of subgroups or 
customers. They usually don't check/can't check that the final account exists 
on those.

Francois