[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IMPORTANT: your message to html-tidy



on Tue, Sep 09, 2003 at 11:07:39AM +1000, Craig Sanders (cas@taz.net.au) wrote:
> On Sun, Sep 07, 2003 at 11:09:57PM -0700, Steve Lamb wrote:
> > On Mon, 8 Sep 2003 15:40:15 +1000
> > Matthew Palmer <mpalmer@debian.org> wrote:
> > > On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote:
> > > > I'm coming to the view that we're approaching the era where all mail is
> > > > going to have to be subject to filtering, at the MTA level.
> >  
> > > Depends on how useful you want your e-mail box to be.  <g>
> > 
> >     It has been my experience that filtering at the MTA level has increased
> > the usefulness of my mailbox considerably.  
> 
> <aol> me too </aol>
> 
> stats from last week's mail.log (from my home mail server which handles mail
> for about half a dozen people):
> 
>       1	Bad HELO
>      10	RBL proxies.relays.monkeys.com
>      11	Recipient Domain Not Found
>      22	RBL relays.ordb.org
>      25	strict 7-bit headers
>      31	Relay access denied
>      32	RBL taiwan.blackholes.us
>      34	Sobig.F Virus
>      42	body checks
>      49	RBL spamdomains.blackholes.easynet.nl
>      56	header checks
>      61	RBL dnsbl.sorbs.net
>     182	IP Address in HELO
>     193	RBL brazil.blackholes.us
>     218	RBL blackholes.easynet.nl
>     271	Local access rule: Helo command rejected
>     342	RBL hongkong.blackholes.us
>     492	RBL dynablock.easynet.nl
>     924	RBL sbl.spamhaus.org
>    1080	Local address forgery
>    1099	Recipient address rejected
>    1133	Sender Domain Not Found
>    1771	RBL list.dsbl.org
>    1825	Dynamic IP Trespass
>    1902	RBL cn-kr.blackholes.us
>    2471	Local access rule: Client host rejected
>    3005	Need FQDN address
>    3581	Local access rule: Sender address rejected
>    4267	User unknown
> 
>   25130	TOTAL
> 
> 
> Spamassassin stats:
>     382	spam
>    4093	clean
>    4475	TOTAL
> 
> Percentages:
> spam:non-spam (25512/29605) 86.17%
> accepted spam (382/4475) 8.54%
> rejected spam (25130/25512) 98.50%
> 
> 
> i'm reasonably happy with that.  98.5% of all spam was rejected
> outright.  only 382 spams (1.5%) made it through my postfix access
> lists, RBLs, etc to be tagged by spamassassin.

I'd argue that differently.

You've blocked a total of 6016 mails of 55,117 attempted deliveries,
based on the IP address of the sending MTA's IP address.  That's a broad
rejection policy.  As many people have noted, for pretty much _any_
given IP, your odds are good that most of the mail received from it is
spam.  It doesn't do much for the legit mail that comes through.  Given
that we now _do_ have good content/context based filters for assessing
spam likelihood for a given mail item, blind use of RBLs should be
discouraged.  It's the same sort of thinking that's causing no end of
trouble for people trying to communicate with AOL users:

    http://z.iwethey.org/forums/render/content/show?contentid=96264
    http://yro.slashdot.org/yro/03/04/13/2215207.shtml?tid=120

I'd recommend alternative approaches -- using RBLs as weighted
indicators, denying first-receipt of mail from such hosts (backing up
their mail queues), 

> these stats also demonstrate just how bad the spam problem has become.
> 86% of all attempts to deliver mail to my server were spam, ~25500
> spams and ~4100 legit messages.

No doubt.

> if i wasn't blocking spam at the MTA, then at least half of those
> spams would have ended up in MY personal mailbox (or, more likely,
> tagged by spamassassin and saved into my spam.incoming
> folder)....about 13000 more spams than i currently receive.

The difference between what I'm advocating and what you're doing:  run
SpamAssassin _at_ _SMTP_ _receipt_, not after accepting the message for
delivery.  Exim4 allows this readily.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    "Charming man," he said. "I wish I had a daughter so I could forbid
    her to marry one ..."
    -- HHGTG

Attachment: pgpT0ZwaKtd5Z.pgp
Description: PGP signature


Reply to: