Re: IMPORTANT: your message to html-tidy

[Craig Sanders <cas@taz.net.au>]

On Wed, Sep 10, 2003 at 04:17:22AM +0100, Karsten M. Self wrote:
> On your own system, for your own use, sure.  For general use?  Nope --

yes, definitely for general use.  it's just as effective for general use as it
is for my personal use - in fact, if more people did the kind of stuff that i
do then there wouldn't be a spam problem, because the spammers would just give
up and go home.


> Debian could never ship that.

i'm not asking for debian to ship it.  i gave some stats on spam blocking on my
system, that's all.


i don't even think it can be shipped.  spam-blocking is a hands-on process,
just like systems administration....sure, you can write tools to automate
parts of it, but the job needs someone who understands the problem and knows
what they are doing to look after it.

> > > You've blocked a total of 6016 mails of 55,117 attempted deliveries,
> > > based on the IP address of the sending MTA's IP address.  
> > 
> > you can't count, you can't read, and you can't reason, either.   i
> > have no idea where you got your numbers from, they bore no
> > relationship to the stats i posted.  
> 
> Counting lines w/ 'RBL' on 'em I got 6016 messages.  I added your spam
> and non-spam totals (or what appeared to be these) to get 55,117.

i already gave the total number of message delivery attempts, 29605.  you
basically doubled it when you added in the rejected attempts again.


> Precise counts are less significant than the fact that you blocked

precise counts are significant when you're calculating statistics.  as i was.


> several thousand messages on the weight of originating IP block alone.

yes.  that's because IT WORKS.

i'm not interested in accepting mail from known open relays or open proxies or
from dynamic IP pools.  on my home server (but not my work servers), i'm 
also not interested in receiving mail from certain counties (china, korea,
brazil, and others).

similarly, i'm not interested in accepting mail where it forges my domain or IP
address in the envelope, or where it breaks RFC and uses a bare IP or a
non-FQDN as the HELO/EHLO identification or has 8-bit characters in headers.

nor am i intetrested in receiving mail from any of the thousands of spammer
domains and spammer addresses that have spammed me in the past.

implementing blocking rules for all of these things and more has reduced the
spam intake to a tolerable (but still annoying) level.


doing stuff like this is what it takes to have a (mostly) spam-free mailbox.
nothing else works.



> It's not about how effectively this works for you.  It's how effectively it
> works in a general form.

i use similar (but not identical - i'm far less tolerant on my home mail server
than i am at work) rulesets on other mail servers, including those built for
ISPs and businesses.  they're all happy with the results.

if anything, they complained when i switched from using a lot of body/header
checks rules to using SA instead - they didn't like the fact that spam which
used to get blocked was now being identified & tagged by SA and delivered into
their mailbox instead (it was necessary though, the body checks rules were
finding too many false positives because they are effectively a "one-strike,
you're out" system rather than a cumulative scoring system).  once they learnt
how to configure filtering in their client, they started to appreciate the
usefulness.


> Running SA on modest HW with networking rules disabled can filter 20-40
> messages/hr according to Dan Quinlan (SA developer, personal
> conversation).

huh?  20-40 messages per hour is nothing....a barely noticable load on even the
crappiest & oldest hardware.

a modest system should be able to handle many thousands of messages per hour.

craig