* Jacob Yocom-Piatt <[EMAIL PROTECTED]> [061126 12:24]: > ---- Original message ---- > >Date: Sun, 26 Nov 2006 13:25:38 +0100 > >From: [EMAIL PROTECTED] (Peter N. M. Hansteen) > >Subject: Re: spamd: being careful with Chinese IPs > >To: [email protected] > > > >Jacob Yocom-Piatt <[EMAIL PROTECTED]> writes: > > > ... > >One rather big issue with all blacklists is the problem of maintaining > >them in a way that keeps your false positives to a minimum. Some of > >the lists have been known to include entries covering entire ISPs' > >netblocks. Assuming that those ISPs have a few non-spammer customers > >as well, it's fairly obvious that false positives can turn out to be > >real and embarrasing problems. > > > >The china and a few others example are there, I suppose, for people > >who do not expect to receive legitimate email from certain parts of > >the world, ever. If you do business with eg China, it is probably > >better to err on the side of caution and not use those black lists. > > > >A few suggestions - it is possible to run spamd in pure greylisting > >mode, without any blacklists at all. On my systems, I've greylisted > >for quite a while, but I was never quite happy with any of the > >blacklists until I ended up using Bob Beck's traplist supplemented > >with local greytrapping. > > > > thanks for the suggestions, both on and off list. i've already read [1], it is > quite informative. after reading [2] i'm inclined to go with greylisting + > Bob's > traplist. > > in [1] there is a link to a greyscanner perl script > > http://www.ualberta.ca/~beck/greyscanner > > is this to be run with a cron job? any feedback on its use? > > cheers, > jake > > >It is well worth taking in Bob Beck's NYCBSDCon 2006 presentation[1] about > >these matters; my PF tutorial [2] touches on this too. > > > >[1] http://www.ualberta.ca/~beck/nycbug06/spamd/ > > > >[2] http://home.nuug.no/~peter/pf/, specifically about spamd with > > greylisting and greytrapping http://home.nuug.no/~peter/pf/en/spamd.html > > onwards. > > > >-- > >Peter N. M. Hansteen, member of the first RFC 1149 implementation team > >http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ > >"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" > >20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 > >seconds >
I sent Bob a patch to fix some off by ones. You want those patches or you may inadvertently trap a host who has valid DNS records. Jim
