Re: Should I use RBL?
At 08:43 PM 9/28/2004 -0700, Erik Wickstrom wrote: Just wanted to get your opinion on whether or not I should have RBL activated? I have read some mixed opinions so far. Does it create alot of false positives (vice versa)? My opinion is that RBLs are lousy as a single-point criteria for spam if FPs are a big problem for you (ie: traditional MTA layer blocking). However, integrated in SA I've rarely had FPs that were attributable to the RBLs, particularly when combined with bayes, which can deduct just about as many points as the RBLs can add. Typicaly if I have a FP that involves RBL hits, the email has less than half the required points from RBL rules. (ie: less than 2.5 points) and a substantial chunk of points from various malformed HTML, malformed mime, and malformed message-id rules.
Re: Should I use RBL?
On Tuesday, September 28, 2004, 8:43:14 PM, Erik Wickstrom wrote: Just wanted to get your opinion on whether or not I should have RBL activated? I have read some mixed opinions so far. Does it create alot of false positives (vice versa)? It may be worth pointing out that there are a couple different ways to use RBLS: 1. In your MTA (sendmail, postfix, etc.) to block at the transport level, meaning messages are blocked before SpamAssassin or any users every see them. 2. In SpamAssassin, where RBL hits are used to increase the score of a particular message, usually together with other rules. Blocking at the MTA is somewhat more extreme than using RBLs in SA, since they get dropped up front. In SA, RBLs simply become one additional way to score a message. That makes their results more customizable than using them in MTAs. It also uses more CPU, memory, disk, etc. If you like one RBL better than another, you can give it a higher score, etc. There's probably a FAQ or wiki about this subject somewhere. We use sbl-xbl.spamhaus.org at the MTA level, and other rules in SpamAssassin. This is kind of a hybrid approach that gets rid of a bunch of junk before it even gets to SA, reducing the load on SA by more than 50%. We get almost no FPs from using spamhaus at the MTA level. YMMV. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Should I use RBL?
--On Tuesday, September 28, 2004 8:43 PM -0700 Erik Wickstrom [EMAIL PROTECTED] wrote: Just wanted to get your opinion on whether or not I should have RBL activated? I have read some mixed opinions so far. Does it create alot of false positives (vice versa)? To see an example of why using an RBL at the MTA is a Bad Idea, check out the thread titled roaringpenguin.com is listed in rfc-ignorant here: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-September/thread.html (For some reason the thread is broken up, perhaps due to broken mail clients not preserving the reference chain in the headers.)