Milter-greylist

manu@... wrote:
> Matt Kettler <mkettler@...> wrote:
> 
>> Which is pretty much every RBL except the few domain-name based ones (also
>> called RHSBLs) like fulldom.rfc-ignorant.org, rhsbl.ahbl.org, and
>> blackhole.securitysage.com.
> 
> Mmmm... Maybe we should have support for them, but what can we gain
> here? ANy idea?
> 

Not much.. the DNSRBLs in general perform better.

That said, if you wanted to support these you'd basically want to extract the
domain from the envelope FROM and pass that.


All three of those RHSBLs are supported in my SpamAssassin install and their
hit-rate isn't all that great compared to the DNSBLs SA supports (Sorbs, njabl,
spamcop, spamhaus, completewhois and dsbl)

Out of 23,630 messages scanned by SA last week:
	3,252 matched ahbl.org
	2,185 matched a rfc-ignorant.org list (5 supported)
	   44 matched securitysage.com
	5,397 matched any of the above 3 RHSBLs
	9,144 matched any of the normal DNSBLs SA supports.
	3,722 matched spamcop DNSRBL
	3,285 matched spamhaus SBL
	2,662 matched spamhaus XBL
	2,225 matched no DNSBLs and at least 1 RHSBL.
	  932 matched no DNSBLs and did match ahbl.org

Of course, all of this happens after my milter-greylist config, so my numbers
are biased a bit, but not by much as I'm not using RBLs in milter-greylist yet
and I don't greylist everything.

I also have a LOT of FP's from the RFCI lists. Since their point is to list
anyone not fully supporting all the RFC required contacts/whois/etc a lot of
major ISPs are listed (including yahoogroups.com, which is listed in the abuse
list, and yahoo.com which is listed in abuse, postmaster, and whois lists.)

So, really you'd be adding it just to support ahbl. rfc-ignorant.org is probably
way too FP prone for most folks, and securitysage doesn't hit often enough to
matter.

So assuming that, only 932 messages were matched by AHBL that were not also hit
by one of the SA supported DNSBLs.

That's a lot of work for only a little extra spam caught.

Just my 2 cents.