Recommended spam.lists and/or sendmail dnsbl settings?

Scott Silva ssilva at sgvwater.com
Wed Dec 12 22:21:07 GMT 2007 

on 12/12/2007 1:05 PM Duncan, Brian M. spake the following:
> 
>>> "The Spam Lists To Be Spam" directive could still be set, but
> 
>>> MailScanner could quit RBL checks after meeting that condition.
>>>
> 
>>> It could even increase performance couldn't it for heavily
> 
>> loaded mail
> 
>>> servers?
>> It would actually lower performance as each message would
> 
>> have to be checked one at a time one list at a time instead
> 
>> of firing off multiple queries and looking at the hits
> 
>> afterward. Think of telling a joke in a room full of people.
> 
>> Do you tell one person at a time and wait for a laugh (or
> 
>> not), or do you tell groups of people at the same time?
>> If a sysadmin trusts a list that well, he/she usually uses it
> 
>> at the MTA. That is the only way to really cut the load,
> 
>> because no further processing is done on it. The batch
> 
>> processing is what puts mailscanner ahead of the other
> 
>> options like mimedefang or amavisd (or ???).
> 
> I know this was from last week, I have been busy and did not see your
> reply till today.
> 
> So you are saying currently Mailscanner sends out queries to ALL the
> RBL's listed in the  mailscanner conf, but does NOT wait for ALL of them
> to reply?
> 
> Your analogy on telling a joke to a room full of people makes sense, but
> if you have to wait for the room full of people to all laugh or not
> laugh it seems less efficient unless I am missing something there. 
> 
> 
>>From what I can see in my logs normally I have log entries for ALL the
> RBL's that each message failed against.  And only if an RBL times out
> does it skip it.  So does mailscanner after it queries all the RBL's
> initially continue without pause even if one of the RBL's does NOT
> answer?
> 
> I do see how serial lookup could slow things down now though, if RBL one
> say no, then it goes onto RBL 2, etc.. So any valid mail will still wind
> up queuing ALL the RBL's anyhow.  Just not all at the same time, which
> would add delay(how much I don't know).   But if as it works now ALL
> RBL's have to reply before Mailscanner thinks that it is done with that
> message, the difference in time might be very minor.  Especially if it
> was serial, and you only wanted 1 RBL to fail and your servers receive
> allot of Spam. (and your first specified RBL check is what you get your
> largest hit on anyhow)
That is a best case senario.
> 
> 
>

<snip>
> 
>> Since you forward all messages, you could have some
> 
>> preprocessor do rbl checks and add headers and then get
> 
>> mailscanner to not re-scan those.
> 
> I guess I will have to look into that if I want to do it.  I just
> figured it might be a benefit to have the capability to do it in
> Mailscanner since it already has the RBL checking functionality, just
> not the capability to do it in a serial manner. 
Julian made this decision when he created mailscanner.  It also uses this same 
parallel processing on virus scanning, which saves a lot more cpu power. There 
are already a bunch of other options that do it the way you would like. 
Mimedefang, amavisd, and a few others that I can't remember right now. Julian 
set out to make mailscanner stand out from the crowd. I think he was successful.

> 
<snip>
> 
> Yeah in my situation I work in an environment where a client could
> technically be a Spammer.  So many users need ALL messages that were
> sent to them.  I don't have the option of telling a user, the reason you
> did not receive message X which related to a deal you were working on
> was because they use an ISP that they just switched to that got assigned
> a previous block of addresses that were black listed.  They don't care
> what I say, they just care they did not receive the message.   So we do
> this for all users.  If something is RBL'ed and it came from a Spammer
> we just tell them to add the user to their safe sender list in Outlook
> and then I can still fight Spam while giving individual users the
> control to receive what they want.  Back before we did this, do you know
> how much time I would waste having to assist other companies IT
> departments in getting off an RBL?  Now I never have to.
> 
> I wish I could dump RBL'ed messages at my edge.  But all I can do is
> wish.
Yes, that is too bad. We drop 60 to 70% of all incoming messages at the MTA. 
That is stuff I don't have to scan, check, store, or be responsible for.
Every requirement is different, that is why there are so many tools available.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

More information about the MailScanner mailing list