Date: Tue, 4 Jan 2005 20:59:20 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: <freebsd-questions@freebsd.org> Subject: RE: SpamAssassin-Milter accuracy... Message-ID: <LOBBIFDAGNMAMLGJJCKNKEOLEPAA.tedm@toybox.placo.com> In-Reply-To: <20050104170920.GD94265@keyslapper.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Louis LeBlanc > Sent: Tuesday, January 04, 2005 9:09 AM > To: freebsd-questions@freebsd.org > Subject: Re: SpamAssassin-Milter accuracy... > > > On 01/04/05 05:17 PM, Matthias Buelow sat at the `puter and typed: > > Louis LeBlanc wrote: > > > > > Use with care. Some spam rbls are overly zealous, and often block out > > > whole netblocks just because one IP has been reported as an offender. > > > > And all dialup networks. Which can lead to the bizarre situation that > > if you're relaying through your mail server from a dialup IP, and mail > > goes thru SA, you'll get a high score. There're several ways > to prevent > > this from happening, of course, for example, to run an extra smtpd on a > > nonstandard port that doesn't push mails through SpamAssassin, or just > > to disable the damn RBL stuff in the SA config (I did both, greylisting > > is more effective than the suspicious RBL stuff anyways). > > This includes most dynamically allocated IP blocks. The only way to > avoid getting tagged and/or outright rejected by some networks is to > relay through the ISPs relay. > > It's because of this that I don't use the spamblock RBLs at the MTA > level. SA works almost perfectly with it's own clearing house checks > (NJABL, SORBS, SPAMCOP, etc.) and modifies the score for each. I've > dug up some recipes that will further compound scores for multiple of > these clearing houses too, so you get bonus points for getting > reported to 3 or more :) > The only problem with doing this is that you have to completely receive the e-mail message before SA can check it against the blacklists. We do the blacklist checks at the MTA level and turn them off in SA. As a result the e-mail is never accepted by the server if it's in a blacklist. As a result of that if the spam is coming from a compromised mailserver then that mailserver will just requeue the message. And with everyone on the Internet doing this, it will make the compromised mailserver melt down immediately, which will punish the admin of it for running an open mailserver in the first place. > I do use the blackholes (check http://blackholes.us) at the MTA, since > rejecting mail outright from Asian (and a few African) countries has > reduced my spam intake by about 80%, without reducing my legitimate > mail by a single message. Since I'm not running a service for other > people, and I carefully choose the blackhole domains I use, it's not a > problem for me. Of course, that may not be an option for you. > Someday I'll stop this practice, but for now some of my doors are just > plain closed. > We don't use blackholes.us although I'll take a look at it. About 50% of our incoming spam is blocked by the blacklist servers we do use. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNKEOLEPAA.tedm>