-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 25 April 2004 09:24 am, p-at-dirac.org (Peter Jay Salzman) |lugod| wrote: > Raw Data > ======== > > I) SMTP Conversation Dropped Before Spam Gets Delivered > > A) HELO rejected > > 1. Sender claimed he was "dirac.org" or "localhost": 51 > 2. RBL: bl.spamcop.net: 179 > 3. RBL: list.dsbl.org: 20 > 4. RBL: relays.ordb.org: 0 > 5. RBL: cbl.abuseat.org: 7 > 6. RBL: sbl.spamhaus.org: 0 > 7. RBL: opm.blitzed.org: 0 > 4. RBL: dul.dnsbl.sorbs.net: 3
Pete, I reccomend you replace cbl.abuseat.org, opm.blitzed.org, sbl.spamhaus.org with sbl-xbl.spamhaus.org. sbl-xbl.spamhaus.org includes all hosts from those three RBLs. See http://www.spamhaus.org/xbl/index.lasso > Spams will include bounce messages due to viruses forging their headers to > make it look like their from dirac.org, as well as the uhhh.... "helpful" > messages I get from hosts that tell me that "my" email was not delivered > because it contained a virus. I consider the idiotic administrators of > these systems to be another source of unwanted email, and therefore, not > much different from UCE. Honestly, this is a DOS waiting to happen. > Sheesh. I feel your pain, these annoy me as well. The virus scanner (qmail-scanner + clamav) we run on our mail gateway at work is configured (by default, even) only to send a notification to the sender when the message is blocked because of a policy signature (mostly checks for broken headers). The delimma here is that virus scanners _DO_ get false positives, and having your mail fall into a black hole kinda sucks. The best way to do solve this probelm is have the virus scanner check the message before the destination MTA tells the source MTA that the message was accepted. If it's a virus, reject it during the SMTP conversation. Though I feel this is the best solution, it does still have a problem. Some sites use MTAs that do relay the destination MTA's reason for rejeting the message to the user, so you get people wondering why mail bounced. Any mail that an MTA isn't going to deliver should be bounced by rejecting it during the SMTP conversation. (now i have to set up the virus scanner at work to do this) > Total emails sent to dirac.org: 386 > > Total spams sent to dirac.org: 367 > > Total spams caught 355 > > Total spam caught by Postfix: 347 > Total spam caught by RBL: 209 > Total spam caught by Bogofilter: 7 > Total spam caught by procmail: 1 > > Total spams uncaught 12 > > Total "real" email delivered: 19 > > > > > Email that is spam: 95% > Email that is not spam: 5% > > Spam caught before delivered to MTA: 95% > Spam caught before delivered to inbox: 97% > Spam delivered to my inbox: 3% <-- what I care about > > Spam caught by RBLs: 57% <-- nice! > Spam claiming it came from "me": 15% > Spam with improper SMTP envelope: 18% > Spam giving non-existant domain > in SMTP envelope: 2% <-- dumbest of the dumb > > > > Conclusions > =========== > > First, I knew that I had a high spam to email ratio, but I was shocked > to see that my spam to ham ratio was 20 to 1. I see around 80% spam across the domains we filter mail for at work. > Second, I'm quite pleased with the results. Postfix along with RBLs > shot down most of the crud. Only a very small trickle passed through. > I'm convinced more than ever that Postfix + RBL is the way to go for > spam control. This is more preferable than relying on spam assassin, > bogofilter and procmail as a first line of defense, since they sap up > more system resources. Yeah, RBLs smite a supprisingly large amount of spam. > As a last note, I'm nearly certain that if I had spam assassin installed on > dirac.org, my total spam delivered count would've been truly, truly zero. SpamAssassin isn't perfect. It misses stuff once in a while, though custom rules can help. I've seen some spam sneak past spamassassin with less then one point, (though bayesian filtering is turned off) though this not common... - -- PGP/GPG Fingerprint: 3B30 C6BE B1C6 9526 7A90 34E7 11DF 44F3 7217 7BC7 On pgp.mit.edu, import with `gpg --keyserver pgp.mit.edu --recv-key 72177BC7` -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAjFGREd9E83IXe8cRAiO3AKCi+Ulrl0CBOYjYrQXefad6BvCQeQCgkdg8 v16lf3AWUyrMx0Z3wTtmXl4= =Y/e4 -----END PGP SIGNATURE----- _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
