Am 16.07.2010 13:10, schrieb Steve: > > -------- Original-Nachricht -------- >> Datum: Fri, 16 Jul 2010 11:03:27 +0200 >> Von: Robert Schetterer <rob...@schetterer.org> >> An: postfix-users@postfix.org >> Betreff: Re: Better spam filter for postfix > >> Am 16.07.2010 10:15, schrieb lst_ho...@kwsoft.de: >>> Zitat von Robert Schetterer <rob...@schetterer.org>: >>> >>>> Am 16.07.2010 09:27, schrieb lst_ho...@kwsoft.de: >>>>> Zitat von Henrik K <h...@hege.li>: >>>>> >>>>>> On Thu, Jul 15, 2010 at 11:06:44PM -0500, Stan Hoeppner wrote: >>>>>>> >>>>>>> I will say generically that for an OP who has the time, avoiding >>>>>>> content >>>>>>> filters and using SMTP time blocking methods is probably more >>>>>>> effective in the >>>>>>> long run and makes more efficient use of network and server >> resources. >>>>>> >>>>>> You always have time to advertise content filters being "bad", so I >>>>>> just >>>>>> have to make a pointless rebuttal.. >>>>>> >>>>>> Can you tell me any big public service (not a one man server) that >>>>>> doesn't >>>>>> use content filtering at all? By public I don't mean a site that has >>>>>> the >>>>>> ability to block freemailers, universities, etc hacked accounts.. >>>>> >>>>> In Germany many companies have given up on content filtering because >> it >>>>> is not allowed to drop mail after accepting, if there is a chance that >>>>> private mail *could* be involved. So with content filter your only >>>>> choice would be to tag spam and let the user sort out, which lead to >> no >>>>> advantage for using content filter at all. >>>>> So content filter are mostly a selling point and not a favorable >>>>> "solution". >>>>> >>>>> Regards >>>>> >>>>> Andreas >>>>> >>>>> >>>> why not use spamass-milter drops spam during smtp income stage >>>> this is allowed anyway, also clamav-milter with sanesecurity works nice >>>> this way, bouncing mail after recieve by whatever reason may produce >>>> backscatter, so it isnt a good idea in every case or country, >>>> normally you only flag spam and pass it and/or hold it ( for human >>>> postmaster inspection ) i. if use amavis with after queue filter , mail >>>> always needs daily support, and companies who stopped filtering in >>>> germany ( i dont know one ) have mostly a problem with helpless admins >>>> ignorant managers/users etc, not with law or existing antispam >> solutions >>>> so its mostly a human problem >>> >>> The point is >>> >>> - Before-Queue content filter is expansive and must be combined with >>> "cheap" reject techologies anyway >> >> sorry explain "cheap" >> > Content filtering where you process the WHOLE message is considered as > expensive. Just processing a bunch of headers or checking the client against > DNSBL/RHWL/DNSWL/etc or checking the client IP reputation or checking things > like proper HELO/EHLO or or or is considered as cheep. > > >> if you have non negliable load >>> - Tagging spam is nearly useless because no user like to poke through >>> the dustbin to search for potential lost mail >> >> i dont understand, as you always need support mail, >> its no problem to solve user questions, only the rate of questions >> should be handable by the corosponding number of postmaster and/or >> supporters >> >>> - Spam-Bouncing is no option at all >> >> why ?, a bounce is no thing of evil, there will be bounces by several >> reasons ever >> >>> - In general the false positive rate is a higher and more difficult to >>> find out with content filter compared to a sane set of reputation based >>> filters >> >> i have false postive under 0,1 promille >> no problem here >> >>> >>> So the most reasonable approch is to ditch content filter at all and use >>> a sane set of reputation based decisions and maybe greylisting to reject >>> spam at earliest possible stage. >> >> you should always use all usefull antispam technics which make sense >> anyway ( specially that ones that are native in postfix ) >> greylisting is one of them , >> > Greylisting is NOT native to Postfix!
i dont meant that, sorry for eventual missunderstoods whatever i think its all said happy sunny weekend > > >> but in a few cases on my site >> simply does not work anymore defending bots >> so antispam is always a filter chain, the real antispam filter such as >> spamassassin should always be one of the last >>> >>> I don't speak about or even recommend to not use spam filtering, but >>> content filter is sometimes the bigger problem compared to some slipping >>> through spams. >> >> maybe, thats individual, like spam always is, >> competent postmaster should choose the right way in the right case >> >>> >>> Regards >>> >>> Andreas >> >> no need to flame, i have no problem with supporting ca 10 mailservers >> with antispam enabled up to 10000 mail addresses >> some spam always slipping trough,always some false positives , thats the >> nature of the beast, the goal is keeping that rate low >> in my case spam filtering is no such problem , as mailservers that have >> buggy dns setups are in rbls etc, >> after all, one of the biggest problems are false tagging to antispam >> filters in mail clients i.e outlook >> which produces more questions then server side filters, as most users >> dont understand their mail client settings >> >> -- >> Best Regards >> >> MfG Robert Schetterer >> >> Germany/Munich/Bavaria > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
