[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What is that rbl Eric?

On Thu, Jun 12, 2003 at 10:13:03AM -0400 or thereabouts, Danny Sauer wrote:
> Looking at my most current mail logs (June 1 - now (June 12)), my 
> postfix rules have rejected 20868 messages at the SMTP level, and 
> spamassassin has identified 830 spams.  Spamassassin only runs for 4 
> users, though, while there are quite a few other addresses that aren't 
> getting scanned.  37580 messages were locally delivered, 44477 messages 
> were delivered in total (not counting messages originating locally). 
> Nearly half of the mail we get is spam.  Sigh. :)

Cool, interesting stats Danny... it amazes me that close to 50% is spam
junk. Thanks for the info.
> Technically, I guess that I do use relays.ordb.org - they were the 
> source of 224 rejections (out of that 20868).  I have all of the korea 
> netblocks listed in my own blacklist, as well as a few other addresses - 
> Korea accounts for 304 rejections.  The rest are all caught by the rules 
> that reject unknown/invalid hostnames in the HELO, unresolved sender 
> domains, non-FQDN recipient addresses, and the regexp header checks that 
> throw away messages in a bunch of weird char sets + messages with 
> dangerous attachment extensions.

Yep, I have just about all the above, and since I don't do business with
them, I too have kr, but also cn, tw, hk, cz, all blocked or denied at the
SMTP level. 

> The thing with RBLs is that someone has to actually receive and read the 
> message, identify it as spam, and add it to the list before more spam 
> from that site will get through - if it ever gets through.  It's 
> something that needs constant maintenence.

agreed on the need for maintenance.  My next level is a challenge /auth on
those addresses that are not recognized, by my individual .qmail files..
They are held in queue for the lifetime of the queue, or until it is
acknowledged by the sending party, or if I delete it with a command...
This is very effective too, for those occasional ones that try to get in.
It is similar to TMDA, but much lighter in weight. 

>  As a programmer who's fond of Perl, I *hate* having to do repetitive
>  work.  With SpamAssassin catching the few messages that get through, I
>  just have to look through my junk mail folder once every week or so to
>  see if there are any false positives.  I've had none, and had no
>  reports of any from the test users here.  The best part is that there's
>  no real human factor to worry about - the spamassassin bayesian filter
>  auto-trains itself, and users have control of their own whitelists.
>  Transferring the burden to users works nicely for me (MySQL prefs and a
>  Squirrelmail plugin help).  With RBLs, I have to worry about malicious
>  users outside of my control, and stupid things like whole subnets
>  blocked because of bad policies.

I usually find this on the net, the subblocks, and for me, it is easy to
add, especially if there is a history of spam.. In fact, I just download
the updated lists from a very big email site, change them to CIDR format,
if needed, and it is done... Updates are very quickly handled. (once the
initial work is done to set it up as my personal blacklist). As mentioned,
SA is cool, and 2.5 is really good with the bays.. one of my mail servers
is a 486, so SA is just too intensive for the system, on the server, hence
my approach. I can see where it would be useful, as you mentioned, on an
indiviual's needs... giving a choice to them, to use it or not, as their
own whitelist.

> This is really just my own experience, but my personal domain at home 
> has similar results (with smaller numbers and a greater noise to signal 
> ratio).  A few (26 in my inbox right now) of the valid messages I 
> receive also match in one of the various RBLs, though, so unfortunately 
> they just won't work for me as a definitive reject/accept rule.

Some RBLs are better than others regarding this, agreed..
> --Danny, who only sees one or two spams in his inbox ever few days now 
> (down from about 100/day when using just a couple of RBLs)

good deal <g>


To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.