Re: smtp time spam filtering
On Fri 2007-02-23 08:16:48 -0800 Andrew Sackville-West wrote:
>
> On Fri, Feb 23, 2007 at 03:33:00PM +0000, David Hart wrote:
> > On Thu 2007-02-22 12:57:34 -0500 Greg Folkert wrote:
> > > On Thu, 2007-02-22 at 16:38 +0000, David Hart wrote:
> > > > On Thu 2007-02-22 10:33:34 -0500 Greg Folkert wrote:
> > >
> > > > I can't see any advantage in scanning during smtp connect time.
> > > > By the time you've got the DATA you've used up the bandwidth and might
> > > > as well accept it.
> > >
> > > Not really, I've got usage data dating back to Sasser. Significantly
> > > lower bandwidth once I started using scanning and reject at SMTP time.
> > >
> > > In fact today... just to see, I disabled SA-Exim. I've quadrupled the
> > > amount of bandwidth My COLO provider has seen my machine use.
> > [snip]
> >
> > I must be missing something here. In order to scan an email you must
> > receive the email (I don't mean accept). How can rejecting/accepting
> > emails at this stage make any significant difference in bandwith used
> > (let alone a quadrupling of bandwidth)?
>
> isn't it just using RBL's at smtp time and rejecting before recieving
> the mail?
AFAIU no, but that's the way I do it with postfix. Both my primary
and secondary MXs do RBL checks and stuff like recipient validation
and then make the accept/reject decision after the RCPT TO: but before
the DATA.
Greg Folkert said that he uses SA-Exim (which calls spamassassin)
to do scans at smtp time but without any online checks. I don't see
how you can do this without receiving the bulk of the email.
--
David Hart <debian@tonix.org>
Reply to: