False positives I think
Matt Kettler
mkettler at EVI-INC.COM
Fri Mar 12 20:11:00 GMT 2004
At 12:44 PM 3/12/2004, Michael St. Laurent wrote:
>The big ticket item seems to be "USER_IN_BLACKLIST 100.00" is this from the
>blacklist.cf rule file?
>
>The message in question was a post to the Red Hat shrike-list from the
>account "mapofl at sohu.com"
*.sohu.com is blacklisted by Will Stern's sa-blacklist.cf
However, such things should be taken up with Will, and aren't really
on-topic for this list. That's an add-on rule, and is not maintained by the
sa or mailscanner teams.
Will's contact info is on the list of rulesets wiki page:
http://www.stearns.org/sa-blacklist/README.policy
The intent of WIll's blacklist is to list spam-only domains, but it's not
unexpected for him to receive spam from a domain he's never heard of before
and assume it to be a spam domain, even if it's a general-purpose ISP
anyone (spammer or non-spammer) can use. As such, his blacklist is going to
inherently be prone to human error and lack-of-adequate-information errors.
The list is pretty well maintained, but due to the inherent complexity of
such a list, it's going to occasionally have FP problems. If this is a
problem for you, don't use his add-on set.
More information about the MailScanner
mailing list