Set it and forget it?

Ugo Bellavance ugob at lubik.ca
Mon Nov 26 19:36:48 GMT 2007


Steve Campbell wrote:
> 
> 
> Ugo Bellavance wrote:
>> Steve Campbell wrote:
>>> I'm curious as to how much time is spent by most of the email admins 
>>> here using MS. I realize that some of my efforts could be streamlined 
>>> by upgrading to the latest release, but the people here seem to think 
>>> that this is a "set it and forget it" type of operation.
>>
>> I don't believe that.
> Gosh, maybe it _is_ me then.

Not sure.  What I meant is similar to what Hugo said.  It does need 
maintenance, as spam is evolving.  We see a new version of SA almost 
every 3 months, MS about the same, then razor, DCC, system updates.

More components you have, more effective it is, but more maintenance it 
requires.

What I meant is that it is not a system that you can install and let hum 
for a few months w/o touching it.

>>> There is a real problem here in that people want all the mail they 
>>> are supposed to get, and 100% trashing of the email they shouldn't 
>>> get. I find that I spend a little time daily managing this stuff, but 
>>> my system isn't like anyone else's who's system isn't like the next 
>>> guy's .....
>>
>> Well, the more time you spend on your system, the better it will run, 
>> but don't worry, we do have some issues with our users as well!
>>
>>> A specific question I have, though, would be:
>>>
>>> I think I was following a thread a while back about an RBL that has 
>>> some specifics for blocking those "Address may be forged" emails (Zen 
>>> or something like that). Can anyone elaborate on that for me and let 
>>> me know how to set it up on my 4.52.2 version until I get it 
>>> upgraded. I do all of my RBL checks in SA.
>>
>> Well, using zen.spamhaus.org at the MTA level could help you a lot. 
>> I've never seen a false positive from that list ever.
>>
> I think I'd still prefer to do the check in SA as long as resources 
> remain sufficient. Any other reason to put it at the MTA level?

Yes, accuracy.  If a message is on zen.spamhaus.org it gets a score 
added.  So there is still some chances that your user sees it in its 
mailbox.  From my experience, if a message is blocked at the MTA, it is 
spam or a user that is not using it's ISP's mail server as he/she should.

>> Regarding your question, "Address may be forged"... What address do 
>> you mean, in your sendmail logs or e-mail address (spf, domain keys, 
>> senderID, etc)?
>>
> 
> That's supposed to have been "(may be forged)" from the sendmail logs.

This relates to full-circle DNS.

http://www.sendmail.org/faq/section3.html#3.38

I consider it as too strict to reject at the MTA level based on this.

Ugo



More information about the MailScanner mailing list