Menu
▾
▴
Re: [Assp-test] DNS base filtering thought
|
From: GrayHat <gr...@gm...> - 2009-02-19 08:20:35
|
> dnswl is already used with a "trust" value derived from the > last digit. Karmashere was tested, but not accepted. about "karmasphere"; if someone is using the DNSBL (not the whitelist) with 1.5 in weighted mode... be careful, since it may cause a number of false positives, the reason is more or less the following: Karmasphere isn't a real blacklist, but more an "aggregator" of a bunch of different (public or not so public) DNSBLs this means that (e.g.) a given entry listed say in "apews" may also get a hit from karmasphere; now, let's say your DNSBL contains something like this [...more entries...] psbl.surriel.com=>2 karmasphere.email-sender.dnsbl.karmasphere.com=>2 l2.apews.org=>2 [...more entries...] in such a case, you may see rejects due to the fact that a given IP got hits from (e.g.) both karmasphere and apews (or karmasphere and surriel); this is due to the fact that KS gets a feed of the "same" data from the other list, so it's just like getting two results from the same list, but in our case, the two hits will result in "incorrectly" rejecting a message bottom line, if you want to use KS, set it to level 3 or 4 but avoid using level 1 or 2 or you'll see a whole lot of false positives |