On Sun, 15 Aug 2004, Rob McEwen rob@pvsys.com wrote:
Sorry, I didn't mean to start such a ruckus. I have a proposal. I'll re-configure my filter so that it only blocks those IPs at the MTA level which are listed on both (1) DSBL (...AND...) (2) listed on at least one of the two SpamHaus lists.
This thread is increasingly off-topic, but I am interested in the outcome of your analysis.
On my end, it's worth noting that SpamAssassin with SURBLs rejects 8.6% of messages that passed through all of our blacklist and antivirus checks.
I've been doing multi-blacklisting for a couple years. Currently mail must be on at least two of three of bl.spamcop.net, sbl-xbl.spamhaus.org, and list.dsbl.org to be rejected.
I have seen false positives on Chinese universities, but not much else. Our 55x rejects always give specific reasons and an invitation to contact postmaster@brandeis.
Here's my numbers from our primary MX over the last 10 days. These rules are applied in the order below, i.e., if you're on both spamcop and spamhaus we don't check any other rules, and we don't even bother scanning .pif files with ClamAV anymore.
25,117 /etc/mail/access 42,407 bl.spamcop.net and sbl-xbl.spamhaus.org 3,366 sbl-xbl.spamhaus.org and list.dsbl.org 1,778 bl.spamcop.net and list.dsbl.org 16,067 messages with .pif, .cmd, .vbs, .cpl, or .scr attachments rejected 7,750 viruses detected by ClamAV 24,422 refused because SpamAssassin scored > 14.0 (to score so high, they usually need to be on more than one SURBL) 258,129 messages accepted for delivery
Of the 258K messages delivered, 25,448 were tagged suspect with SpamAssassin score > 5.0 and 30,401 were on exactly one blacklist.