BarricadeMX experiences

Richard Frovarp Richard.Frovarp at sendit.nodak.edu
Thu Jul 26 17:32:05 IST 2007


Steve Freegard wrote:
> Richard Frovarp wrote:
>> Kai Schaetzl wrote:
>>> Richard Frovarp wrote on Wed, 25 Jul 2007 11:32:06 -0500:
>>>
>>>  
>>>> The OP did say he was running sbl+xbl at the mta
>>>>     
>>>
>>> Yes, but that seems to be the only "protection" for the MTA. Looking 
>>> at our figures Spamhaus rejections (although the single most source 
>>> of rejections) account for only 20% of our rejections after 
>>> greylisting (not sure if rejections occur before or after 
>>> greylisting). For instance I reject almost as much because of bogus 
>>> HELOs. Which is also part of BarricadeMX.
>>>
>>> Kai
>>>
>>>   
>>
>>  From my testing it goes:
>>
>> greet pause
>> rbls
>> greylist
>> bad user
>>
>> I'm guessing that the bogus HELOs would be around the rbl time. 
>> greylisting doesn't reject until the rcpt to, and it does it before a 
>> valid user check is done against LDAP.
>
>
> All this sort of stuff will vary massively over each site as there are 
> lots of variables (e.g. number of domains, average age of the domain, 
> type of user, user habits etc. etc.) that govern the type of spam each 
> site will get and thus the types of rejections that are possible.  So 
> what works well for one site won't necessarily work well for the other.

I'm sorry, that is the order that the tests are applied when using 
milter-greylist against sendmail, not effectiveness. Sorry I forgot to 
mention that. So from my setup anything that fails the sendmail greet 
pause won't even be checked by the RBLs, since it's already been 
rejected. The one unfortunate thing you'll see in that ordering is as 
mail has to get past the greylisting before valid user is checked. 
However, at my site we don't get many invalid user attempts, at least 
not many that make it past the earlier layers.


More information about the MailScanner mailing list