[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blacklists



On Thu, Dec 09, 2004 at 12:00:42AM +1100, Russell Coker wrote:
> On Wednesday 08 December 2004 20:16, Craig Sanders <cas@taz.net.au> wrote:
> > > Craig, why do you think it's undesirable to do so?
> >
> > because i dont want the extra retry traffic.  i want spammers to take FOAD
> > as an answer, and i dont want to welcome them with a pleasant "please try
> > again later" message.  i think it is a sin to be polite or pleasant to a
> > spammer :)
> 
> I agree that we don't want to be nice to spammers.  But there is also the 
> issue of being nice in the case of false-positives.

if it's a false positive, the sender will get a bounce from their MTA and they
can fix the problem or route around it.  IMO, that's far nicer to legit senders
than them not knowing that their mail isn't being delivered because it's stuck
in their MTA's queue rather than bouncing back to them - the former means it's
probably 5 days before they know there is a problem, while the latter gives
them instant feedback.

> The extra traffic shouldn't be that great (the message body and headers are 
> not being transmitted).  

it's still MY bandwidth being used by spamming vermin, even if it's not much (i
begrudge those bastards even a single bit) and it still generates huge amounts
of noise in my mail.log files.

the log file noise issue is important to me - i've recently started monitoring
mail.log and adding iptables rules to block smtp connections from client IPs
that commit various spammish-looking crimes against my system.  some crimes get
blocked for 60 seconds, some for 10 minutes, some for an hour.  each time the
same IP address is seen committing a crime, the time is doubled.  i am doing
this not because i'm worried that spammers will get their junk through my
anti-spam rules but because a) i don't want their noise in my mail.log, and b)
it was an interesting programming project that amused me for a few days of part
time perl hacking.

> When a legit user accidentally gets into a black-list their request
> to get the black-list adjusted can often be processed within the time
> that their mail server is re-trying the message.

similarly, they can resend the message themselves when they know the problem
has been fixed, WITHOUT flooding my logs with crap i don't want to see AND
they'll have had immediate feedback about the problem with their mail system.
everyone wins.

if it's important, they'll resend it.  if the sender doesn't think it's
important enough to bother resending, then why should i care?


> > even on my little home system, at the end of an adsl line, i reject
> > nearly 10,000 spams per day (and climbing all the time). i would
> > expect that to at least double or triple if i 4xx-ed them rather
> > than 5xx, depending on how much came from open relays or spamhaus
> > rather than dynamic/DUL.
>
> 30,000 rejections per day is only one every three seconds. Not a huge
> load.

the important factor here is that it's one every 3 seconds that I DON'T WANT.
i don't want the ~10,000 per day that i currently get and i see no reason to
take any action that will increase that number.

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)



Reply to: