Anyone using zen.spamhaus.org?

Glenn Steen glenn.steen at gmail.com
Tue Sep 5 01:11:05 IST 2006 

On 04/09/06, John Rudd <jrudd at ucsc.edu> wrote:
>
> On Sep 4, 2006, at 3:59 AM, Ramprasad wrote:
>
> >> On the other hand, i think still its rather silly to do the RBL
> >> blocking
> >> with MailScanner. Let either your mailer or SA do that :P
> >>
> > Why ? Can you please elaborate on this ?
>
> As someone else pointed out: If you trust the RBL completely, then why
> not reject the message during the SMTP transaction, instead of waiting
> for MS to do it?
>
> If you only partially trust the RBL, then using MS's absolute RBL
> nature is a bad idea, just use SA so that the RBL's decision is one of
> many factors in the spam score.
>
> If you don't trust the RBL at all, then turn it off in all places: MTA,
> MS, and SA.
>
> Note: none of the three situations say "use MS for handling the RBL".
>
>
> > Having your MTA do the RBL checks may not always be possible. What If I
> > want to whitelist some ids of turnoff scan for some recipient ids
>
> sendmail access db and "delay checks" will let you over-ride the RBL's
> behavior via access entries.
>
>
> I honestly can't think of any reason you _would_ use MS's RBL facility.
>   It's as absolute as doing the RBL entry in the MTA, yet doesn't get
> the advantage of rejecting the message during the SMTP transaction.  It
> doesn't offer me any flexibility over using RBL+access_db+delay_checks.
>   What's the point?  (it's the one feature of MS whose point I've never
> understood)
>
>
Um, John... Not that I disagree terribly, but.... "The absolute
nature" of MailScanners BL lookup scheme isn't really absolute (like
some MTAs might do it... Well, not that absolute either:-). Sure, it's
more absolute than SA, but... If you trust a very few lists to be
absolutely certain (and don't want to reject them, probably because of
"political/policy" reasons), its is a good tool. Or if you want the
tag, but dont want to run SA... I'm sure brighter minds can
extrapolate a few other good points for it:-). The main reasons often
cited as to why one should avoid doing them in MS is 1) If you run SA,
it'll do a better job at looking up more lists, and 2) MS will
serialize the lookups while SA will do them in parallell...
So true, most will want to do the very few in the MTA and the rest in
SA, but then again, some will still prefer to do them in MS.
I for one work under legislation that prohibit me from flat-out
rejecting _based on sender alone_ (it's a bit more involved than that,
but lets leave that:-), so my best bet is to let MS do my "trusted
lists" (all two of them) and SA do the rest.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list