Eric Shubert wrote: > If this email is not spam, click here to submit the signatures to > FortiGuard - AntiSpam Service. > <http://nospammer.net/SubmitSpam/submitspam.php?id=I3QzAT8uYQIIdE1feU50 > Tw__&sig=e3g0toR48LxoIzFvaiVlc3l4NCx2MTNvG1NQAQ5cDhRUDUdJBEJzBxhCXAgTTgBfFgp > TLHYxMXRoIzBsaiVSGQ0MRBZZHkQDHw1CHAtIAQgSHRpDBFYcGQlKXQELS0odEAtARRhXXFsbU1A > BDlwOFFQNR0kEQjN0aCcxbGolZXF5YDQsdjMzdGMLeYLmmpuhIfUmyL3kY3US3w__> > > > On 10/25/2010 10:50 AM, Adam Bultman wrote: >> Good morning. >> >> I have a fairly simple question about the graylist-exception options for >> spamdyke.conf. I have checked the documentation, and searched the >> mailing lists, but not found my answer. >> >> With other whitelist options with spamdyke, whitelisting the IP/RDNS >> will bypass all filters. >> >> With graylist exceptions, it says that it will bypass the graylisting, >> but it doesn't mention if the other filters are bypassed, or if they are >> enforced. >> >> I have some domains on my spamdyke-enabled servers which go through >> postini, and as a result I had to put the postini servers in the >> graylist-exceptions-rdns file; but while postini doesn't have to be >> graylisted anymore, it doesn't appear to be applying many other filters >> (if any). I do get some DENIED_OTHER, but I don't see any denials for >> missing MX, or unresolvable domains, etc. While it is possible that >> postini is vetting those email addresses, certainly not all, because I >> see some obvious, obvious spam running into the incoming mail queue, >> past spamdyke. >> >> Is it possible that the graylist-exception is also allowing the bypass >> of most of the other filters as well, or am I simply ignorant of what >> precisely the graylist exceptions are doing? Or is it otherwise >> impossible to run some of the other checks against the incoming mail as >> a result of coming through postini? >> >> Any comments would be appreciated. In the meantime, I'll see if I can >> update - I've have spamdyke-4.0 installed on my systems here, so the >> graylist-exception option is available. >> >> Thanks, > > Hey Adam. I don't know for sure about graylist exceptions, but Sam will > tell you for sure about that. > > In the meantime, I can say that most of spamdyke's effectiveness comes > because it is connected to, and can thus evaluate aspects of the sending > server. Since postini is in between the sending server and spamdyke, > many of spamdyke's filters (the rDNS related ones, RBLs, and perhaps > others) become ineffective because spamdyke sees postini as the sending > server instead of the "real" sending server (which delivered to > postini). IOW, spamdyke is most effective only when it's on the > perimeter. When postini is used, spamdyke is no longer on the perimeter, > and is thus significantly less effective. > > On a side note, I'd like to see a comparison of spamdyke to postini > sometime. My hunch is that spamdyke's effectiveness (paired with > spamassassin) rivals that of postini, but that's just a hunch. > Meaningful measurements of one vs the other would be difficult at best. > > HTH. > > -- > -Eric 'shubes' >
Thanks, Eric. I assumed that the effectiveness of spamdyke would be significantly reduced as a result of having postini, but I wasn't sure if spamdyke looked at the sender email address, or other options as well to check the validity of email. At one point, I had sendmail-milter set up on another server that did other checks inside the email, which wasn't rendered useless by postini (And I don't expect spamdyke to do this, so I'm not asking) - as a test case, I was going to see if setting up an alternate port with a separate config for postini (with no graylisting or greeting delay) would make a difference. As for the effectiveness of postini - I know for sure that spamassassin and spamdyke would block a ton of additional mail, more than postini would catch. Postini's effectiveness is reduced by a very large amount by the rules for the domain in postini - blocking accounts that don't exist vs. accepting and passing on, the "levels" of protection set up for each user and for the domain as a whole, and the like. Personally, I don't care for postini. There's other issues I have with postini, but I probably don't need to air them here. Adam -- Adam _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
