On 2 Feb 2018, at 12:56 (-0500), Chris wrote:

On Fri, 2 Feb 2018 08:50:01 -0800
Michael Peddemors wrote:

Invalid users should be less than 10% typically, if good bot net
protection in place before the RCPT TO stage..

Recipient verification is one of the first tests. Maybe I should enable
postscreen. Is this sufficient for bots?

No one tool is sufficient for any class of spam. That said, on my personal system postscreen accounts for 87% of the mail rejections, 50% through a scored DNSBL config and 37% via its most excellent greeting pause implementation (seriously, it's better than others...) Another 3% are rejected later based on DNSBLs that are not fit on their own for postscreen rejections, as they need some whitelisting and FP oversight that is impossible with postscreen. All the other reasons I reject mail account for <2% of all rejections each.

This has been similar in my work with larger systems, mostly not using Postfix: greeting delay is the most effective tool, then DNSBLs and local IP blacklisting, and all the other classes (unauthorized relay, unknown recipient, fraudulent HELO, bogus sender MX, no rDNS, content analysis, etc.) of rejection each account for a few percent each at most.

And simple 'Best Practices' policies and spam rules should get about
50% of the rest.. before handing it off to advanced content
filtering..

Yes, DNSBL are getting a lot more than the content filter afterwards.

Entirely normal. Sources of 100% spam that survive long enough to get on reliable DNSBLs try to send spam more often after they are listed than their fresh siblings and all of the mixed sources that are likely to reach the point of content filters.

Without full bot protection, RBL's and rate limiters BEFORE RCPT TO,
you can expect MUCH higher rates..

Ok, I'll have a look again at rate limiters. They're enabled, but could
probably filter more.

Rate limiting is something to be VERY careful with. In my experience it is not terribly useful as a spam catcher but is really only a DoS defense.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to