on Tue, Sep 09, 2003 at 11:07:39AM +1000, Craig Sanders ([EMAIL PROTECTED]) wrote: > On Sun, Sep 07, 2003 at 11:09:57PM -0700, Steve Lamb wrote: > > On Mon, 8 Sep 2003 15:40:15 +1000 > > Matthew Palmer <[EMAIL PROTECTED]> wrote: > > > On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote: > > > > I'm coming to the view that we're approaching the era where all mail is > > > > going to have to be subject to filtering, at the MTA level. > > > > > Depends on how useful you want your e-mail box to be. <g> > > > > It has been my experience that filtering at the MTA level has increased > > the usefulness of my mailbox considerably. > > <aol> me too </aol> > > stats from last week's mail.log (from my home mail server which handles mail > for about half a dozen people): > > 1 Bad HELO > 10 RBL proxies.relays.monkeys.com > 11 Recipient Domain Not Found > 22 RBL relays.ordb.org > 25 strict 7-bit headers > 31 Relay access denied > 32 RBL taiwan.blackholes.us > 34 Sobig.F Virus > 42 body checks > 49 RBL spamdomains.blackholes.easynet.nl > 56 header checks > 61 RBL dnsbl.sorbs.net > 182 IP Address in HELO > 193 RBL brazil.blackholes.us > 218 RBL blackholes.easynet.nl > 271 Local access rule: Helo command rejected > 342 RBL hongkong.blackholes.us > 492 RBL dynablock.easynet.nl > 924 RBL sbl.spamhaus.org > 1080 Local address forgery > 1099 Recipient address rejected > 1133 Sender Domain Not Found > 1771 RBL list.dsbl.org > 1825 Dynamic IP Trespass > 1902 RBL cn-kr.blackholes.us > 2471 Local access rule: Client host rejected > 3005 Need FQDN address > 3581 Local access rule: Sender address rejected > 4267 User unknown > > 25130 TOTAL > > > Spamassassin stats: > 382 spam > 4093 clean > 4475 TOTAL > > Percentages: > spam:non-spam (25512/29605) 86.17% > accepted spam (382/4475) 8.54% > rejected spam (25130/25512) 98.50% > > > i'm reasonably happy with that. 98.5% of all spam was rejected > outright. only 382 spams (1.5%) made it through my postfix access > lists, RBLs, etc to be tagged by spamassassin.
I'd argue that differently. You've blocked a total of 6016 mails of 55,117 attempted deliveries, based on the IP address of the sending MTA's IP address. That's a broad rejection policy. As many people have noted, for pretty much _any_ given IP, your odds are good that most of the mail received from it is spam. It doesn't do much for the legit mail that comes through. Given that we now _do_ have good content/context based filters for assessing spam likelihood for a given mail item, blind use of RBLs should be discouraged. It's the same sort of thinking that's causing no end of trouble for people trying to communicate with AOL users: http://z.iwethey.org/forums/render/content/show?contentid=96264 http://yro.slashdot.org/yro/03/04/13/2215207.shtml?tid=120 I'd recommend alternative approaches -- using RBLs as weighted indicators, denying first-receipt of mail from such hosts (backing up their mail queues), > these stats also demonstrate just how bad the spam problem has become. > 86% of all attempts to deliver mail to my server were spam, ~25500 > spams and ~4100 legit messages. No doubt. > if i wasn't blocking spam at the MTA, then at least half of those > spams would have ended up in MY personal mailbox (or, more likely, > tagged by spamassassin and saved into my spam.incoming > folder)....about 13000 more spams than i currently receive. The difference between what I'm advocating and what you're doing: run SpamAssassin _at_ _SMTP_ _receipt_, not after accepting the message for delivery. Exim4 allows this readily. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? "Charming man," he said. "I wish I had a daughter so I could forbid her to marry one ..." -- HHGTG
pgphCKMNqeC3H.pgp
Description: PGP signature