I've seen very high hits with these filters too. Let's be careful to realize, though, that this doesn't mean that the mail they're rejecting would have gotten through. What this means is that they're the first filter that caught the message. That's not to say that another (admittedly more costly, such as RBLs) filter would not have caught it.
When the earliest filters catch the most, that's good a good thing, given that they're the 'cheapest' filters to apply. It can tend to distort the effectiveness of other filters though that aren't hit. It'd be interesting to do some statistical analysis, but I'm not sure how valuable the data would be. As in so many things, one size does not fit all. Sam, I don't remember seeing any documentation on the order that in which filters are processed. Did I miss it somewhere? It'd be nice to see the sequence of everything in one place for reference (the big picture, sort of). Sam Clippinger wrote: > I can't speak for anyone else, but those two filters have been very good > for my users. On a typical day, 30-60% of all connections to my server > are blocked with DENIED_IP_IN_CC_RDNS. Another 5-20% are blocked by > DENIED_IP_IN_RDNS. I've had to whitelist a few IP addresses with bad > rDNS names but that's been very rare so far (less than 5 total). > > However, servers with larger user populations and more international > correspondence might have different experiences. > > -- Sam Clippinger > > Marcin Orlowski wrote: >> Hi, >> >> Anyone by any chance did sort of research if DENIED_IP_IN_*_RDNS helps >> his users or causes more problems? I formerly thought that this is >> more helpful, as IP in RDNS is most likely appear for home dsls, dialups >> and other stuff not supposed to run smtp server i shall trust, and if >> it's my users mail netline, then they shall authenticate while talkign >> to me anyway. But now I see that some telecoms offer dsls with static >> IPs (contrary to dyniamic one, rotated 24hs, that is addressed to home >> users) which is primarily used by companies, and therefore it's less >> likely for them to be spam source (due to botnes, zombies etc). I even >> saw a data center which named their rack hosts that way. I therefore >> think that it might be extremely useful to try to build a kind of >> database of providers who one may consider whitelisting even, they would >> otherwise fall into IP_IN_RDNS or IP_IN_CC_RDNS trap. Any thoughts? >> >> Marcin -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
