Set it and forget it?
Ugo Bellavance
ugob at lubik.ca
Mon Nov 26 19:36:48 GMT 2007
Steve Campbell wrote:
>
>
> Ugo Bellavance wrote:
>> Steve Campbell wrote:
>>> I'm curious as to how much time is spent by most of the email admins
>>> here using MS. I realize that some of my efforts could be streamlined
>>> by upgrading to the latest release, but the people here seem to think
>>> that this is a "set it and forget it" type of operation.
>>
>> I don't believe that.
> Gosh, maybe it _is_ me then.
Not sure. What I meant is similar to what Hugo said. It does need
maintenance, as spam is evolving. We see a new version of SA almost
every 3 months, MS about the same, then razor, DCC, system updates.
More components you have, more effective it is, but more maintenance it
requires.
What I meant is that it is not a system that you can install and let hum
for a few months w/o touching it.
>>> There is a real problem here in that people want all the mail they
>>> are supposed to get, and 100% trashing of the email they shouldn't
>>> get. I find that I spend a little time daily managing this stuff, but
>>> my system isn't like anyone else's who's system isn't like the next
>>> guy's .....
>>
>> Well, the more time you spend on your system, the better it will run,
>> but don't worry, we do have some issues with our users as well!
>>
>>> A specific question I have, though, would be:
>>>
>>> I think I was following a thread a while back about an RBL that has
>>> some specifics for blocking those "Address may be forged" emails (Zen
>>> or something like that). Can anyone elaborate on that for me and let
>>> me know how to set it up on my 4.52.2 version until I get it
>>> upgraded. I do all of my RBL checks in SA.
>>
>> Well, using zen.spamhaus.org at the MTA level could help you a lot.
>> I've never seen a false positive from that list ever.
>>
> I think I'd still prefer to do the check in SA as long as resources
> remain sufficient. Any other reason to put it at the MTA level?
Yes, accuracy. If a message is on zen.spamhaus.org it gets a score
added. So there is still some chances that your user sees it in its
mailbox. From my experience, if a message is blocked at the MTA, it is
spam or a user that is not using it's ISP's mail server as he/she should.
>> Regarding your question, "Address may be forged"... What address do
>> you mean, in your sendmail logs or e-mail address (spf, domain keys,
>> senderID, etc)?
>>
>
> That's supposed to have been "(may be forged)" from the sendmail logs.
This relates to full-circle DNS.
http://www.sendmail.org/faq/section3.html#3.38
I consider it as too strict to reject at the MTA level based on this.
Ugo
More information about the MailScanner
mailing list