On Thu, 12 Feb 2004, Theo Van Dinter wrote:
> On Thu, Feb 12, 2004 at 10:16:50AM -0600, Dana Holland wrote:
> > When blocking certain addresses (spammers), is it better to use
> > access.db in sendmail, or use the blacklist feature in sa-mimedefang.cf?
>
> "better" is a relative term. I would vote that if you know the access.db
> entries are always going to be correct (ie: no false positives), then
> block at the MTA.
>
> Otherwise, make it a blacklist/etc. (SA, BTW, supports access databases ...)
Agreed. When blocking at the MTA level it is low overhead and
no "Joe-Job" bounces, however higher potential for collateral damage
in the case of an incorrect entry.
(Heck, I've even resorted to router filtering on rare occasion to block
seriously obnoxious pests ;)
One thing that you should do to reduce the collateral damage level
is to enable the "delay_checks" feature and put Spam-Friends entries in
your access.db file for "postmaster" "administrator" and other such
system management type addresses.
That way if somebody is erroneously blocked, they can get an appeal
thru to "[EMAIL PROTECTED]".
Also customize the reject error message telling them to send mail
to postmaster for more info.
One other thing to consider, if you use SA+sendmail+miter, you can
do SMTP rejects based upon the spam score. This gives you the
advantage of SMTP reject blocking combined with the power
of SA scoring.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
