Gordan Bobic wrote: > Leigh S. Jones, KR6X wrote: >>>> No one has mentioned that it's necessary to wait until >>>> the possible spammer identifies his target to know >>>> whether the target has him whitelisted. >> Gordan wrote: >>> Whitelists aren't really practicaly on big setups. You need to block a >>> lot before they even get as far as talking TCP. If you can manage a >>> decent job with that, RBLs can prune enough of what's left for >>> spamassassin and virus scanners to be able to cope with the minute >>> amount of mail that is actually deliverable. It is not all that uncommon >>> to see the spam:ham ratio of around 250:1. When you have a system >>> handling mail for half a million domains, well, you get the idea. >>> >> Whitelists aren't really practicaly on big setups handling mail for half >> a million domains. Ahhh, but nonetheless they are a part of the >> Courier algorithm...
Every now and then, some legitimate user is being blocked by RBLs. IME, DSNs triggered by SMTP-level rejection are more useful than log files for diagnosing those cases. I have one user who insists some addresses of his shall not be filtered by RBLs. He is afraid he may lose contacts otherwise. (He is careful not to spread those addresses, so he can afford downloading the little amount of spam they gather.) The Courier algorithm lets me use a BLOCK2 variable in order to selectively reject RBL tagged messages according to the RCPT. > I'm not saying the idea is bad. I am saying that when your server is > receiving the best part of a million emails per hour, most of which is > spam, you cannot necessarily afford to pick up the connection, see who > it's for, check the white list for the recipient if they are valid, and > the selectively let the mail through to be processed by, e.g. content > based scanning for spam and virii, and then maybe deliver it to the > final destination. The listening SMTP server is good at using a limited amount of resources and I'm quite happy that it may become rather slow to respond to incoming mail, even if 1 out of 250 connections is from a legitimate relay. Even if I cannot compete with millions of runaway zombies, that still produces some friction for spammers to go through. I only have a few domains, but I guess if I had much more I'd need some more resources too, in order to still provide a good service. > There are good ways of separating wheat from the > chaff without incurring any false positives before you ever pick up a > TCP connection. But this is rapidly becoming a conversation OT for this > list... OT for OT, let me mention this antispam/ip-monitoring service http://www.projecthoneypot.org/?rf=34756 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
