 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
9 messages in net.sourceforge.lists.courier-usersRe: [courier-users] RBL Check - When?| From | Sent On | Attachments |
|---|---|---|
| Gordan Bobic | Oct 20, 2007 12:45 pm | |
| Sam Varshavchik | Oct 20, 2007 1:03 pm | |
| Gordon Messmer | Oct 20, 2007 1:44 pm | |
| Gordan Bobic | Oct 20, 2007 4:03 pm | |
| Leigh S. Jones, KR6X | Oct 20, 2007 4:56 pm | |
| Gordan Bobic | Oct 20, 2007 5:26 pm | |
| Leigh S. Jones, KR6X | Oct 20, 2007 5:34 pm | |
| Gordan Bobic | Oct 20, 2007 5:50 pm | |
| Alessandro Vesely | Oct 21, 2007 11:11 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] RBL Check - When? | Actions... |
|---|---|---|
| From: | Alessandro Vesely (ves...@tana.it) | |
| Date: | Oct 21, 2007 11:11:35 pm | |
| List: | net.sourceforge.lists.courier-users | |
Gordan Bobic wrote:
Leigh S. Jones, KR6X wrote:
No one has mentioned that it's necessary to wait until the possible spammer identifies his target to know whether the target has him whitelisted.
Gordan wrote:
Whitelists aren't really practicaly on big setups. You need to block a lot before they even get as far as talking TCP. If you can manage a decent job with that, RBLs can prune enough of what's left for spamassassin and virus scanners to be able to cope with the minute amount of mail that is actually deliverable. It is not all that uncommon to see the spam:ham ratio of around 250:1. When you have a system handling mail for half a million domains, well, you get the idea.
Whitelists aren't really practicaly on big setups handling mail for half a million domains. Ahhh, but nonetheless they are a part of the Courier algorithm...
Every now and then, some legitimate user is being blocked by RBLs. IME, DSNs triggered by SMTP-level rejection are more useful than log files for diagnosing those cases.
I have one user who insists some addresses of his shall not be filtered by RBLs. He is afraid he may lose contacts otherwise. (He is careful not to spread those addresses, so he can afford downloading the little amount of spam they gather.) The Courier algorithm lets me use a BLOCK2 variable in order to selectively reject RBL tagged messages according to the RCPT.
I'm not saying the idea is bad. I am saying that when your server is receiving the best part of a million emails per hour, most of which is spam, you cannot necessarily afford to pick up the connection, see who it's for, check the white list for the recipient if they are valid, and the selectively let the mail through to be processed by, e.g. content based scanning for spam and virii, and then maybe deliver it to the final destination.
The listening SMTP server is good at using a limited amount of resources and I'm quite happy that it may become rather slow to respond to incoming mail, even if 1 out of 250 connections is from a legitimate relay. Even if I cannot compete with millions of runaway zombies, that still produces some friction for spammers to go through.
I only have a few domains, but I guess if I had much more I'd need some more resources too, in order to still provide a good service.
There are good ways of separating wheat from the chaff without incurring any false positives before you ever pick up a TCP connection. But this is rapidly becoming a conversation OT for this list...
OT for OT, let me mention this antispam/ip-monitoring service http://www.projecthoneypot.org/?rf=34756