Basically I'm after low false positives and negatives, with an emphasis on low false positives for the blocking ones and a balance between both errors on the tagging ones; it's also critical that all of the BLs are based on mechanical or fixed criteria (and not on opinions).
The mailserver in question is the corporate mailhub; any mail coming into the company comes in through there, so the variety of content is pretty wide. Load is about 8-10k messages per hour, about 15% of which are deliverable.
The plan is:
- Disable Bayesian filtering outright
- Block outright on sbl-xml.spamhaus.org, bl.spamcop.net, list.dsbl.net, spam.dnsbl.sorbs.net
- Give big spamassassin penalty to dnsbl.sorbs.net, dsn.rfc-ignorant.org, ipwhois.rfc-ignorant.org, maybe njabl.net
- Handle the DNS bits via zone transfers wherever possible, instead of individual requests
Thoughts on those RBLs, or on moving from primarily content/bayes to primarily RBL-based spam handling?