Re: Getting hammered by backscatter
Sahil Tandon wrote:[color=blue]
> Matthias Leisi <firstname.lastname@example.org> wrote:
>> mouss schrieb:
>>>>> reject_backscatter =
>>>>> reject_rbl_client ips.backscatterer.org
>>>> Which will very likely result in a lot of false positives.
>>> an FP here would mostly be: a bounce from a 3d party that is listed on
>>> backscatterer.org. do you get a lot of such mail?[/color]
>> No, an FP is an FP. ips.backscatterer.org lists a lot of perfectly valid
>> mailservers, and outright blocking at the MTA with that list is a bad idea.[/color]
> The above statement is true but does not address the context in which
> mouss suggests using the blacklist. If you are checking IPs against the
> list *only* for bounces, the chances of FPs is immensely decreased. He
> never suggested checking *all* connecting IPs against that list.
Matthias has apparently missed the check_sender_access part. if not, I
am curious to learn about these "lot of false positives". I don't see
enough "wanted" bounces, so my view is obviously partial/biased.
Note that I am not saying the checks are safe. there will be FPs. so the
checks should only be enabled in case of a bs storm, if ever (should
have said so before. sorry for that).
PS. I personally don't use these checks at this time. not because of
FPs, but because most bs I get is to "forwarded" addresses, when it's
too late to reject.