Hi Bill, This is of course prudent advice in general. Let me share my experiences (I'm not at all suggesting that this applies to anyone else's scenario).
However, after a few years of tinkering, I did realize that (at least based on messages received by my mix of business clients) *I* was able to use some tests to outright delete 13% of all incoming mail (an additional 50% gets deleted by weight): BLITZEDALL DELETE NJABLPROXIES DELETE AHBLPROXIES DELETE SORBS-HTTP DELETE SORBS-SOCKS DELETE SORBS-MISC DELETE MAILFROM DELETE PERCENT DELETE (At first I was using "HOLD" for these tests but after many months that I never ever had to "release" a single held email.) Apparently, when someone is ignorant enough running an open proxy (or an infected zombie workstation) on a particular IP there is a very low likelihood that this particular machine is ALSO used as their legitimate SMTP server. When someone uses an invented "from" domain or tries the "percent" hack to force email routing - then it is our policy that the email should not be processed. (It's okay to use an unattended from "mailbox" - but there is never a reason to use bogus domain names, preventing our server from sending notifications or such.) Of course, ideally I would want to "hang up" on those connections during SMTP protocol - but unfortunately, neither Imail not Declude currently offers that option. (I'm using ORF from VAMSOFT to do exactly that on my backup MX running MS SMTP (IIS), as lots of spam now gets directed against the backup MXs). Best Regards Andy Schmidt Argos Networks 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-9411 x20 (Business) Fax: +1 201 934-9206 http://www.Argos.net/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Tuesday, January 13, 2004 11:21 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamD/SpamC for Declude ----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]> > Another idea would be to block SBL with IMail 8 so that stuff never > gets to Declude. SBL can be as much as 25% of my traffic, and I > weight that in Declude so that it deletes on just that one hit. This > could potentially save you a good deal of processing power and be huge > for your system. You can still keep track of statistics by using > IMail's daily report to show you how many messages got stopped that > way and adding them into your Declude results. Deleting messages based on a single test result is very bad advice. No test is 100% accurate, and in my experience they are typically less than 90%. If it works for you, and you and your users don't care about the legitimate messages you are most likely deleting, that's fine. But to make this recommendation to others without the appropriate caviate is irresponsible. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
