On Thu, Oct 09, 2003 at 01:19:00PM -0400, Vivek Khera wrote:
> 
> While it is possible to reject at SMTP time, it is unlikely to get you
> off of most spam sources, since they don't care about bounces or
> having clean lists.  Also, by the time you do this, you've already
> wasted your bandwidth to receive the message for scanning.  All you
> save is having to queue the message before dropping it.
> 
> Another issue is that if you get a significant volume of mail arrive
> at once, you will crush your mail server since it has to process all
> that mail "live".  Ie, it cannot queue up the mail and scan at its own
> liesure while controlling system load.
> 
> What I do is use some strict SMTP-time checks on commonly forged
> domains (aol.com, hotmail.com, etc.) and a handful of low-collateral
> damage DNSBLs to reduce the amount of crap that gets in to the
> filtering step.

Anybody here have any experience with the MTA-level checks found at 

http://www.securitysage.com/files.html

??

This stuff is Postfix-specific, and includes a bunch
of patterns for various checks which purport to catch a
lot of spam.  The files may be updated daily.

While it's true you're using incoming network bandwidth
accepting some part of the email, it's possible that you save
some CPU bandwidth, as the scanning is apt to be relatively 
lightweight.  Also, Postfix is pretty good at load-shedding,
which should limit CPU bandwidth absorbed.

If anybody's tried them, I'm interested in knowning whether
they're effective, to what extent they're prone to
false postives and how much, if at all, they lower the
burden of spam which is subsequently detected by SA.

-- 
-----------------------------------------------------------------
 Dan Wilder <[EMAIL PROTECTED]>   Technical Manager
 SSC, Inc. P.O. Box 55549   Phone:  206-782-8808
 Seattle, WA  98155-0549    ICQ UIN 216717075
-----------------------------------------------------------------


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to