[Dshield] DOS by Sorbs?

Craig Webster craig at xeriom.net
Thu Dec 22 16:23:59 GMT 2005


On 22 Dec 2005, at 15:56, David Cary Hart wrote:
> That's probably incorrect. Most admins check multiple RBLs but  
> reject on the
> first one that returns positive.

We tend to check against 3 fairly lenient RBLs -- no false positives,  
only confirmed open relays -- before the mail is accepted for  
processing. If a mail hits one of these then it's rejected straight  
away. During processing we use weighted tests (Spam Assassin), some  
of which are slightly more aggressive RBLs - if a mail hits one of  
these then it's more likely to be spam but because the RBLs may list  
some false positives the mail isn't rejected unless the new score  
brings it above a configured spam cut-off level. Combined with all  
the other SA tests, it seems to work out quite nicely.

Yours,
Craig
--
Craig Webster | t: +44 (0)131 516 8595 | e: craig at xeriom.net
Xeriom.NET    | f: +44 (0)709 287 1902 | w: http://xeriom.net





More information about the list mailing list