> On Jun 16, 2016, at 7:31 AM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 16.06.2016 um 16:21 schrieb Shawn Bakhtiar: >> Agreed. >> >> We use sendmail, and check our DNSBL's their, it is much more efficient to >> use them before we ever engage SA. It is extremely rare to find an IP that >> lands on a reputable DNSBL and in those cases we can whitelist. Of course >> most of our traffic is B2B, not sure how effective this would be in B2C or >> C2C. > > no difference - the majority of so blacklisted servers are infected enduser > machines which have no business to connect to any machine on port 25 and for > a well scored decision it don't matter anyways >
I disagree with no different. From a process perspective IMHO it's much faster to reject with postfix or sendmail than to engage a perl script (via pipe or tcp port no less) to check the email content before continuing to process. It adds a little bit more processing if they are not on the DNSBL, but saves a lot of processing if they are. Which actually begs the OT question: Why is SA not written in C? > also spammers don't care if you are business or not, easily to test with > spam-traps and how fast they are abused with all sort of junk > >>> On Jun 16, 2016, at 7:16 AM, jaso...@mail-central.com wrote: >>> >>> Fwiw, I've moved the DNSBL issue out of SA and put it 'in front' with >>> Postfix's postscreen. > > postfix 'in front' has the job to complement and not replace blacklists in SA > since they still matter when some client don't reach the reject score but get > additional point in the content filtering > >>> Instead of just *one* DNSBL, which is imo always a risk, I use multiple >>> dnsbls, and weight them in scoring. >>> >>> In my experience, it works fantastically well. >>> >>> A great write up on the approach is here >>> >>> http://rob0.nodns4.us/postscreen.html >>> >>> OF course, that presumes Postfix. You might me able to do the same with >>> other servers, or maybe don't have the option at all. >