On 2 Feb 2018, at 12:56 (-0500), Chris wrote:
On Fri, 2 Feb 2018 08:50:01 -0800
Michael Peddemors wrote:
Invalid users should be less than 10% typically, if good bot net
protection in place before the RCPT TO stage..
Recipient verification is one of the first tests. Maybe I should
postscreen. Is this sufficient for bots?
No one tool is sufficient for any class of spam. That said, on my
personal system postscreen accounts for 87% of the mail rejections, 50%
through a scored DNSBL config and 37% via its most excellent greeting
pause implementation (seriously, it's better than others...) Another 3%
are rejected later based on DNSBLs that are not fit on their own for
postscreen rejections, as they need some whitelisting and FP oversight
that is impossible with postscreen. All the other reasons I reject mail
account for <2% of all rejections each.
This has been similar in my work with larger systems, mostly not using
Postfix: greeting delay is the most effective tool, then DNSBLs and
local IP blacklisting, and all the other classes (unauthorized relay,
unknown recipient, fraudulent HELO, bogus sender MX, no rDNS, content
analysis, etc.) of rejection each account for a few percent each at
And simple 'Best Practices' policies and spam rules should get about
50% of the rest.. before handing it off to advanced content
Yes, DNSBL are getting a lot more than the content filter afterwards.
Entirely normal. Sources of 100% spam that survive long enough to get on
reliable DNSBLs try to send spam more often after they are listed than
their fresh siblings and all of the mixed sources that are likely to
reach the point of content filters.
Without full bot protection, RBL's and rate limiters BEFORE RCPT TO,
you can expect MUCH higher rates..
Ok, I'll have a look again at rate limiters. They're enabled, but
probably filter more.
Rate limiting is something to be VERY careful with. In my experience it
is not terribly useful as a spam catcher but is really only a DoS
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
mailop mailing list