You must have missed it -- it's in the FAQ. :)
http://www.spamdyke.org/documentation/FAQ.html#FEATURE1
-- Sam Clippinger
Eric Shubert wrote:
> I've seen very high hits with these filters too. Let's be careful to
> realize, though, that this doesn't mean that the mail they're rejecting
> would have gotten through. What this means is that they're the first filter
> that caught the message. That's not to say that another (admittedly more
> costly, such as RBLs) filter would not have caught it.
>
> When the earliest filters catch the most, that's good a good thing, given
> that they're the 'cheapest' filters to apply. It can tend to distort the
> effectiveness of other filters though that aren't hit.
>
> It'd be interesting to do some statistical analysis, but I'm not sure how
> valuable the data would be. As in so many things, one size does not fit all.
>
> Sam, I don't remember seeing any documentation on the order that in which
> filters are processed. Did I miss it somewhere? It'd be nice to see the
> sequence of everything in one place for reference (the big picture, sort of).
>
> Sam Clippinger wrote:
>
>> I can't speak for anyone else, but those two filters have been very good
>> for my users. On a typical day, 30-60% of all connections to my server
>> are blocked with DENIED_IP_IN_CC_RDNS. Another 5-20% are blocked by
>> DENIED_IP_IN_RDNS. I've had to whitelist a few IP addresses with bad
>> rDNS names but that's been very rare so far (less than 5 total).
>>
>> However, servers with larger user populations and more international
>> correspondence might have different experiences.
>>
>> -- Sam Clippinger
>>
>> Marcin Orlowski wrote:
>>
>>> Hi,
>>>
>>> Anyone by any chance did sort of research if DENIED_IP_IN_*_RDNS helps
>>> his users or causes more problems? I formerly thought that this is
>>> more helpful, as IP in RDNS is most likely appear for home dsls, dialups
>>> and other stuff not supposed to run smtp server i shall trust, and if
>>> it's my users mail netline, then they shall authenticate while talkign
>>> to me anyway. But now I see that some telecoms offer dsls with static
>>> IPs (contrary to dyniamic one, rotated 24hs, that is addressed to home
>>> users) which is primarily used by companies, and therefore it's less
>>> likely for them to be spam source (due to botnes, zombies etc). I even
>>> saw a data center which named their rack hosts that way. I therefore
>>> think that it might be extremely useful to try to build a kind of
>>> database of providers who one may consider whitelisting even, they would
>>> otherwise fall into IP_IN_RDNS or IP_IN_CC_RDNS trap. Any thoughts?
>>>
>>> Marcin
>>>
>
>
>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
