rbls in sendmail

Ken Anderson ka at PACIFIC.NET
Fri Apr 9 01:34:10 IST 2004


Support ePaxsys/FRWS wrote:

> At 04:22 PM 4/8/04 -0700, Ken Anderson wrote:
>
>> Support ePaxsys/FRWS wrote:
>>
>>> Hi
>>>
>>> 'Personally' we run the RBLs all from inside Sendmail and use
>>> MailScanner
>>> for virus checks and rudimentary SPAM checks only. DNSBL set up for
>>> Sendmail is a piece of cake.
>>
>>
>> But AFAIK, it doesn't check received headers like SpamAssassin does.
>> That's why I'm not wanting to lose that ability by moving the rbl checks
>> into sendmail. There seem to be a couple milters that check received
>> headers. I'm just fishing for anyone's experience with them.
>> Thanks,
>> Ken A
>
>
>
>
> What does checking Received Headers really do for you? (its a good
> question!). Sendmail is checking the last place that the mail came from
> against various RBLs and blocking it on that basis.

Well, since we relay mail around a bit ourselves, some comes through
postini, some comes from webservers in other locations, it's rarely the
last place the mail was that is of concern. It's often the first relay
the spammer hit, or the one just before they hit postini.

Ken
Pacific.Net


> We have found that too much checking below that level can result in lots of
> false hits, since a lot of legitimate email comes from places centered
> around the IPs the RBLs block. So our use of the RBLs where they are
> actually has shown some benefit for us.
> If I wanted to block using RBLs further into the mail header I would likely
> go the Procmail route - though aside from blocking some IP ranges
> (currently, as 2nd level SPAM blocks), that has not seemed to make much of
> a difference here since they change so much.
>
> Just my opinion.
>
> JPP
>
>
>
>>> We use 5 or 6 DNSBLs including the SBL-XBL SpamHaus list.
>>>
>>> The load on our busiest mail server is rarely above 2 or maybe 3
>>> handling
>>> tens of thousands of mails a day. Hats off to the MailScanner folks
>>> for a
>>> versatile and friendly program. We just leave the DNSBL stuff to
>>> Sendmail
>>> to lessen the server load and make log parsing/stats far easier.
>>>
>>> The J-Chkmail Milter does 'some' SPAM trapping (only REAL obvious SPAM,
>>> non-negotiable types) and Procmail does the final SPAM handling for us.
>>>
>>> Regards
>>> Jerome
>>>
>>>
>>> At 03:35 PM 4/8/04 -0700, Ken Anderson wrote:
>>>
>>>> Hi All,
>>>>
>>>> I'm thinking of moving SBL-XBL and maybe SURBL tests to sendmail.
>>>> Anyone running sendmail with some rblchecks via a milter that checks
>>>> received headers too?
>>>>
>>>> Any recommendations?
>>>>
>>>> Thanks,
>>>> Ken A
>>>> Pacific.Net
>
>
> ePaxsys/FRWS Technical Staff
> ePaxsys, Inc. http://www.epaxsys.net
> FRWS: http://www.frws.com
> Live Text Support: http://www.epaxsys.net/live-help
>
>



More information about the MailScanner mailing list