On 6/29/2015 10:39 AM, Reindl Harald wrote:
Am 29.06.2015 um 19:28 schrieb Ted Mittelstaedt:
The days of squeezing every last CPU cycle out of something are
long, gone Reindl.
nonsense
I really appreciate that your bound and determined to keep that
80486 server running but nobody else is doing it anymore.
tell me one reason why should i waste 1-5 seconds for on some days a
million blocked mails while i can get rid of them in ms?
Because, it's 1-5 seconds. If it was 1-5 minutes then sure.
Why do you think SA is written in Perl? Of all languages!!!
Sure, let's pick the -slowest- scripting language available for
a high-volume filtering system!
why not when it don#t have to deal with every connection
What is an "expensive content filter"?
every contentfilter is expensive, frankly even let the client go so far
that he starts to send mailbody while you already know for sure you can
quit the connection is expensive
Unless your running a) free or b) corporate mailservers, the client is
PAYING YOU for that content filtering. It's not your money, it's his
money. Spend it!
It's a content filter that is run on an underpowered server that should
have been retired 5 years ago.
Dude, check out hardware prices for God's sake! They are selling
dual CPU, with each CPU quad core 1U servers for $150 on the used
market nowadays.
dude i work with a 50 GHz cluster and 200 GB RAM
That small?
but that is not a reason to waste ressources, power, cooling and at the
end of the day it makes a difference independet of how fast your
hardware is
You can waste a whole lot of time chasing down those last bits of CPU
cycle. If your the size of Google then maybe it is still worth doing.
i waste a lot of time by *once* setup RBL weighting and have running it
untouched for years - *lol*
But if your not, then maintainability and flexibility are far more
important.
When you block something outside of SA than you lose flexibility and
increase maintenance needs. You push the ability to control acceptance
of a particular email further away from your users.
jesus christ my users don't want that control,
Mine do. Clearly different markets, here. If your handing out free
addresses or getting money from ad revenue or something like that, then
sure, I can agree with what your saying.
they don't want have
tagged junk, they just want the rest and pay for that
I have users who sometimes want to receive mail from a system in an RBL.
It's their mailbox, they are paying for it. Why should I not let them
do it?
these are corporate customers getting mail from other corporate
customers who are completely clueless that they are on an RBL and don't
give a damn if you told them they were.
Oh sure, you can wow your friends with graphs of CPU utilization and
boast about how you managed to create a Byzantine system that would be
more appropriate with a million accounts where saving a few cycles over
all of them would actually add up to something.
childish argumentation
But, why on Earth would you build a system with all the disadvantages
and inflexibility of a giant email provider that has to worrry about
"expensive content filtering" when your NOT a giant email provider?
bullshit - there are no disadvantages and there is no inflexibility when
you use sensible *scoring* and take whitelists into the mix - you just
block *dead sure spam* at the MTA level and *the rest* is for the
contentfilter
My experience is RBLs don't guarantee "dead sure spam" Unfortunately,
the effectiveness of RBLs has drastically decreased in recent years, at
least for the mail _I_ am getting. Too much spam is coming in now
that's from IPs that are not on ANY RBLs but clearly ought to be.
Ted
Far smarter to build a system that can take full advantage of being
small when you ARE small!!!
Ted
On 6/29/2015 9:35 AM, Reindl Harald wrote:
Am 29.06.2015 um 18:29 schrieb Ted Mittelstaedt:
Of course, Postfix fixes everything from AIDS to global warming, it's
the greatest MTA ever invented. <eyeroll>
for other MTA'S score-bayes RBL handling on MTA level exists too in form
of policy daemons <eyeroll>
Exactly the kind of thing I would expect from you. Haven't you worn
out that Postfix drum your banging yet?
no but "That's why we all do our RBL checks in spamassassin" is plain
wrong, *you are doing* not "we all" - most people except you try to get
most spam blocked in a sensible way before it hits expensive content
filters, so just stop talk about "we all" if you have no clue
the RBL checks in SA are fine and good, but only for addititional
scoring comined with other rules to get messages rejected via milter
which are not on enough RBLs to block them straight ahead
On 6/27/2015 3:04 AM, Reindl Harald wrote:
Am 27.06.2015 um 10:18 schrieb Martin S:
On Friday 26 June 2015 17.40.04 Ted Mittelstaedt wrote:
But, putting RBL checks into the MTA is the best way I know to piss
off
your users since tag-and-forward is not an option on MTA rbl
checking.
That's why we all do our RBL checks in spamassassin.
Could you elaborate on this? I'm "new" to running a mail server (it's
in test
phase atm) as my only experience is with sendmail many years ago. I
take it SA
does RBL look-ups by default and there is no need to att RBL
look-ups in
postfix main.cf file?
he should speek for himself and not for "us all"
a sane MTA setup is using something like Postscreen with scoring and
*you don't want* to scan and tag 90% of all mails which are on 5 or
even
10 RBLs, frankly you won't waste a smtpd process at all when
postscreen
can kill them
below the current month and scanning additional 200000 messages would
waste ressources all day long
Reject Postscreen: 205389
Reject Postfix: 18275
Reject Milter: 7052
Reject Temporary: 1888
Blacklist: 200032
Pregreet: 40171
Hangup: 74936
Protocol Error: 3479
