Re: More sorbs blacklisting
On 2006-07-10 0511, John Kelly wrote:
> On Mon, 10 Jul 2006 03:09:30 +0200, you wrote:
> >If so, could one not merely drop all incoming smtp-connections which
> >neither originated from rDNS-legitimate addresses
>
> Checking for a match of forward and reverse DNS is my first line of
> defense. It stops 60% - 70% of the spam hitting my server.
>
> Everything passing the first defense has a known host name, so I can
> use regex filtering to catch dsl/adsl/dynamic/whatever host names. I
> also query dynablock.njabl.org, to supplement my local filters. That
> completes my second line of defense.
>
> For the third line of defense, I check:
>
> dnsbl.njabl.org
> list.dsbl.org
> sbl-xbl.spamhaus.org
> bl.spamcop.net
>
>
> Anything passing the first three defenses, then goes to clamav-milter
> which checks for viruses.
>
> However, the first three lines of defense are so effective, I have no
> need for content filtering of spam, and that means I keep a very cool
> CPU. :-)
While being effective, you've cut me and Pigeon off from contacting you
directly. That's the critique, because otherwise your setup is
indisputably optimal (cutting on easy choices first, then ultimately
doing the resource-intensive checks, we all know it).
However you edited out the interesting part. Couldn't one:
After HELO:
- forward and reverse DNS match
- the SPF records of the HELO'ed domain allows delivery from the
connecting host
If any of the two above, accept the connection. As said, wouldn't that
give home users a way of authenticating themselves?
Regards, skrewz.
Reply to: