rbls in sendmail

Support ePaxsys/FRWS support at EPAXSYS.NET
Fri Apr 9 02:39:31 IST 2004 

At 09:27 PM 4/8/04 -0400, Stephen Swaney wrote:
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Behalf Of Ken Anderson
> > Sent: Thursday, April 08, 2004 8:34 PM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: rbls in sendmail
> >
> > Support ePaxsys/FRWS wrote:
> >
> > > At 04:22 PM 4/8/04 -0700, Ken Anderson wrote:
> > >
> > >> Support ePaxsys/FRWS wrote:
> > >>
> > >>> Hi
> > >>>
> > >>> 'Personally' we run the RBLs all from inside Sendmail and use
> > >>> MailScanner
> > >>> for virus checks and rudimentary SPAM checks only. DNSBL set up for
> > >>> Sendmail is a piece of cake.
> > >>
> > >>
> > >> But AFAIK, it doesn't check received headers like SpamAssassin does.
> > >> That's why I'm not wanting to lose that ability by moving the rbl
> > checks
> > >> into sendmail. There seem to be a couple milters that check received
> > >> headers. I'm just fishing for anyone's experience with them.
> > >> Thanks,
> > >> Ken A
> > >
> > >
> > >
> > >
> > > What does checking Received Headers really do for you? (its a good
> > > question!). Sendmail is checking the last place that the mail came from
> > > against various RBLs and blocking it on that basis.
> >
> > Well, since we relay mail around a bit ourselves, some comes through
> > postini, some comes from webservers in other locations, it's rarely the
> > last place the mail was that is of concern. It's often the first relay
> > the spammer hit, or the one just before they hit postini.
> >
> > Ken
> > Pacific.Net
> >
> >
> > > We have found that too much checking below that level can result in lots
> > of
> > > false hits, since a lot of legitimate email comes from places centered
> > > around the IPs the RBLs block. So our use of the RBLs where they are
> > > actually has shown some benefit for us.
> > > If I wanted to block using RBLs further into the mail header I would
> > likely
> > > go the Procmail route - though aside from blocking some IP ranges
> > > (currently, as 2nd level SPAM blocks), that has not seemed to make much
> > of
> > > a difference here since they change so much.
> > >
> > > Just my opinion.
> > >
> > > JPP
> > >
> > >
> > >
> > >>> We use 5 or 6 DNSBLs including the SBL-XBL SpamHaus list.
> > >>>
> > >>> The load on our busiest mail server is rarely above 2 or maybe 3
> > >>> handling
> > >>> tens of thousands of mails a day. Hats off to the MailScanner folks
> > >>> for a
> > >>> versatile and friendly program. We just leave the DNSBL stuff to
> > >>> Sendmail
> > >>> to lessen the server load and make log parsing/stats far easier.
> > >>>
> > >>> The J-Chkmail Milter does 'some' SPAM trapping (only REAL obvious
> > SPAM,
> > >>> non-negotiable types) and Procmail does the final SPAM handling for
> > us.
> > >>>
> > >>> Regards
> > >>> Jerome
> > >>>
> > >>>
> > >>> At 03:35 PM 4/8/04 -0700, Ken Anderson wrote:
> > >>>
> > >>>> Hi All,
> > >>>>
> > >>>> I'm thinking of moving SBL-XBL and maybe SURBL tests to sendmail.
> > >>>> Anyone running sendmail with some rblchecks via a milter that checks
> > >>>> received headers too?
> > >>>>
> > >>>> Any recommendations?
> > >>>>
> > >>>> Thanks,
> > >>>> Ken A
> > >>>> Pacific.Net
> > >
> > >
> > > ePaxsys/FRWS Technical Staff
> > > ePaxsys, Inc. http://www.epaxsys.net
> > > FRWS: http://www.frws.com
> > > Live Text Support: http://www.epaxsys.net/live-help
> > >
> > >
> >
>
>Our service bureau scanner and several of our ISP customers block only on
>sbl-xbl.spamhaus.org at the MTA level. Most of the ISPs do it because their
>scanners would be overwhelmed if they didn't. It cut down incoming email at
>one site 50%! More typically it seems reduce the load on MS-SA by about 30%
>
>More importantly none of us have ever had a customer complaint about missing
>emails. I'm not saying that we haven't blocked legitimate emails, I'm only
>saying none of us have ever had a single complaint - and collectively we
>process a LOT of email for a lot of fussy customers :)
>
>
>Steve
>
>Stephen Swaney
>President
>Fortress Systems Ltd.
>Steve.Swaney at FSL.com
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > Fortress Systems Ltd.
> > www.fsl.com
> >
>
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>Fortress Systems Ltd.
>www.fsl.com


AMEN to that. And in the end its the customers getting their legitimate
email that counts.
We are an ISP and hosting service also, so server load and 'getting the
mail through' in a timely manner is of the utmost importance. The fewer
heavy load scripts we run the better. (probably should have prefaced that
before)
Just an opinion.


Jerome

ePaxsys/FRWS Technical Staff
ePaxsys, Inc. http://www.epaxsys.net
FRWS: http://www.frws.com
Live Text Support: http://www.epaxsys.net/live-help

More information about the MailScanner mailing list