rbls in sendmail

Fri Apr 9 02:27:27 IST 2004

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Ken Anderson
> Sent: Thursday, April 08, 2004 8:34 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: rbls in sendmail
>
> Support ePaxsys/FRWS wrote:
>
> > At 04:22 PM 4/8/04 -0700, Ken Anderson wrote:
> >
> >> Support ePaxsys/FRWS wrote:
> >>
> >>> Hi
> >>>
> >>> 'Personally' we run the RBLs all from inside Sendmail and use
> >>> MailScanner
> >>> for virus checks and rudimentary SPAM checks only. DNSBL set up for
> >>> Sendmail is a piece of cake.
> >>
> >>
> >> But AFAIK, it doesn't check received headers like SpamAssassin does.
> >> That's why I'm not wanting to lose that ability by moving the rbl
> checks
> >> into sendmail. There seem to be a couple milters that check received
> >> headers. I'm just fishing for anyone's experience with them.
> >> Thanks,
> >> Ken A
> >
> >
> >
> >
> > What does checking Received Headers really do for you? (its a good
> > question!). Sendmail is checking the last place that the mail came from
> > against various RBLs and blocking it on that basis.
>
> Well, since we relay mail around a bit ourselves, some comes through
> postini, some comes from webservers in other locations, it's rarely the
> last place the mail was that is of concern. It's often the first relay
> the spammer hit, or the one just before they hit postini.
>
> Ken
> Pacific.Net
>
>
> > We have found that too much checking below that level can result in lots
> of
> > false hits, since a lot of legitimate email comes from places centered
> > around the IPs the RBLs block. So our use of the RBLs where they are
> > actually has shown some benefit for us.
> > If I wanted to block using RBLs further into the mail header I would
> likely
> > go the Procmail route - though aside from blocking some IP ranges
> > (currently, as 2nd level SPAM blocks), that has not seemed to make much
> of
> > a difference here since they change so much.
> >
> > Just my opinion.
> >
> > JPP
> >
> >
> >
> >>> We use 5 or 6 DNSBLs including the SBL-XBL SpamHaus list.
> >>>
> >>> The load on our busiest mail server is rarely above 2 or maybe 3
> >>> handling
> >>> tens of thousands of mails a day. Hats off to the MailScanner folks
> >>> for a
> >>> versatile and friendly program. We just leave the DNSBL stuff to
> >>> Sendmail
> >>> to lessen the server load and make log parsing/stats far easier.
> >>>
> >>> The J-Chkmail Milter does 'some' SPAM trapping (only REAL obvious
> SPAM,
> >>> non-negotiable types) and Procmail does the final SPAM handling for
> us.
> >>>
> >>> Regards
> >>> Jerome
> >>>
> >>>
> >>> At 03:35 PM 4/8/04 -0700, Ken Anderson wrote:
> >>>
> >>>> Hi All,
> >>>>
> >>>> I'm thinking of moving SBL-XBL and maybe SURBL tests to sendmail.
> >>>> Anyone running sendmail with some rblchecks via a milter that checks
> >>>> received headers too?
> >>>>
> >>>> Any recommendations?
> >>>>
> >>>> Thanks,
> >>>> Ken A
> >>>> Pacific.Net
> >
> >
> > ePaxsys/FRWS Technical Staff
> > ePaxsys, Inc. http://www.epaxsys.net
> > FRWS: http://www.frws.com
> > Live Text Support: http://www.epaxsys.net/live-help
> >
> >
>

Our service bureau scanner and several of our ISP customers block only on
sbl-xbl.spamhaus.org at the MTA level. Most of the ISPs do it because their
scanners would be overwhelmed if they didn't. It cut down incoming email at
one site 50%! More typically it seems reduce the load on MS-SA by about 30%

More importantly none of us have ever had a customer complaint about missing
emails. I'm not saying that we haven't blocked legitimate emails, I'm only
saying none of us have ever had a single complaint - and collectively we
process a LOT of email for a lot of fussy customers :)

Steve

Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney at FSL.com
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com