Re: smtp time spam filtering

To: debian-user@lists.debian.org
Cc: Andrew Sackville-West <andrew@farwestbilliards.com>
Subject: Re: smtp time spam filtering
From: David Hart <debian@tonix.org>
Date: Fri, 23 Feb 2007 19:15:48 +0000
Message-id: <[🔎] 20070223191548.GA25122@yan.jynn.tonix.org>
Mail-followup-to: debian-user@lists.debian.org, Andrew Sackville-West <andrew@farwestbilliards.com>
In-reply-to: <[🔎] 20070223161647.GA16163@localhost.localdomain>
References: <[🔎] 45DCE50F.9000001@meetinghouse.net> <[🔎] 45DCE978.8020308@gmail.com> <[🔎] 200702211604.37344.joshua@eeinternet.com> <[🔎] 45DCF5C4.3010401@gmail.com> <[🔎] erk5ep$8p0$1$8302bc10@news.demon.co.uk> <[🔎] 1172158414.28933.27.camel@princess.gregfolkert.net> <[🔎] 20070222163808.GD4332@yan.jynn.tonix.org> <[🔎] 1172167054.25645.65.camel@princess.gregfolkert.net> <[🔎] 20070223153259.GB20882@yan.jynn.tonix.org> <[🔎] 20070223161647.GA16163@localhost.localdomain>

On Fri 2007-02-23 08:16:48 -0800 Andrew Sackville-West wrote:
> 
> 	On Fri, Feb 23, 2007 at 03:33:00PM +0000, David Hart wrote:
> > On Thu 2007-02-22 12:57:34 -0500 Greg Folkert wrote:
> > > On Thu, 2007-02-22 at 16:38 +0000, David Hart wrote:
> > > > On Thu 2007-02-22 10:33:34 -0500 Greg Folkert wrote:
> > > 
> > > > I can't see any advantage in scanning during smtp connect time.
> > > > By the time you've got the DATA you've used up the bandwidth and might
> > > > as well accept it.
> > > 
> > > Not really, I've got usage data dating back to Sasser. Significantly
> > > lower bandwidth once I started using scanning and reject at SMTP time.
> > > 
> > > In fact today... just to see, I disabled SA-Exim. I've quadrupled the
> > > amount of bandwidth My COLO provider has seen my machine use.
> > [snip]
> > 
> > I must be missing something here.  In order to scan an email you must
> > receive the email (I don't mean accept).  How can rejecting/accepting
> > emails at this stage make any significant difference in bandwith used
> > (let alone a quadrupling of bandwidth)?
> 
> isn't it just using RBL's at smtp time and rejecting before recieving
> the mail? 

AFAIU no, but that's the way I do it with postfix.  Both my primary
and secondary MXs do RBL checks and stuff like recipient validation
and then make the accept/reject decision after the RCPT TO: but before
the DATA.

Greg Folkert said that he uses SA-Exim (which calls spamassassin)
to do scans at smtp time but without any online checks.  I don't see
how you can do this without receiving the bulk of the email.

-- 
David Hart <debian@tonix.org>

Reply to:

Follow-Ups:
- Re: smtp time spam filtering
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

References:
- Re: How does Cron send email?
  - From: Miles Fidelman <mfidelman@meetinghouse.net>
- Re: How does Cron send email?
  - From: Grok Mogger <linuximp@gmail.com>
- Re: How does Cron send email?
  - From: "Joshua J. Kugler" <joshua@eeinternet.com>
- Re: How does Cron send email?
  - From: Grok Mogger <linuximp@gmail.com>
- Re: How does Cron send email?
  - From: Joe <joe@jretrading.com>
- Re: How does Cron send email?
  - From: Greg Folkert <greg@gregfolkert.net>
- smtp time spam filtering (was: How does Cron send email?)
  - From: David Hart <debian@tonix.org>
- Re: smtp time spam filtering
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: smtp time spam filtering
  - From: David Hart <debian@tonix.org>
- Re: smtp time spam filtering
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

Prev by Date: Re: Missing devices on raid1 setup
Next by Date: Re: Missing devices on raid1 setup
Previous by thread: Re: smtp time spam filtering
Next by thread: Re: smtp time spam filtering
Index(es):
- Date
- Thread