Article 5954 at 06/07/07 11:51:33 From: cobaltfacts (at mark) virtbiz.com Subject: [coba-e:05954] Re: DNSBL

Index: [Article Count Order] [Thread]
Date:  Thu, 06 Jul 2006 21:53:54 -0500
From:  Chris Gebhardt - VIRTBIZ Internet <cobaltfacts (at mark) virtbiz.com>
Subject:  [coba-e:05954] Re: DNSBL
To:  coba-e (at mark) bluequartz.org
Message-Id:  <44ADCCC2.7060307 (at mark) virtbiz.com>
In-Reply-To:  <200607062008.13861.lesmith (at mark) ecsis.net>
References:  <042001c6a10c$49779110$0301a8c0 (at mark) Jerrycp> <fc.000f81470023692a3b9aca00c4d49ebb.23692e (at mark) fc.zio.com> <44AD7F0D.9080308 (at mark) virtbiz.com> <200607062008.13861.lesmith (at mark) ecsis.net>
X-Mail-Count: 05954

Larry Smith wrote:
> On Thursday 06 July 2006 16:22, Chris Gebhardt - VIRTBIZ Internet wrote:
>> Steve Davis wrote:
>>> Does this interfere with Nuonce SpamAssassin for Blue Quartz? Which does
>>> a great job, with the flip of a switch.
>> Nuonce can give you the definitive answer, but I would think not.
>>
>> Filtering at the Sendmail level will cause inbound email to be rejected
>> by the MTA before it is even accepted by the server.   So SpamAssassin
>> won't ever see anything that is blocked by the DNSBL's.
> 
> Not running Brian's version or release of spamassassin, but believe there are 
> settings in spamassassin to "test" the various RBL's that you want to and add 
> appropriate scores.  As already mentioned (correctly), the problem with that 
> approproach is that your server has already accepted the message and now must 
> do something with it.  Much better to RBL at the sendmail level (DNSBL) and 
> not even accept connections from listed hosts.
> 

There is no one "right" answer.   Rejecting wholesale from any DNSBL 
opens you to complaints from your users.  Invariably, one of your users 
will have an email rejected from somebody they want to hear from, and 
they won't really care all that much that your server is doing "the 
right thing" by rejecting it.

OTOH, using SA to score the messages takes system overhead, and weak or 
overloaded systems may tend not to handle the strain very well.  And 
even at that, listed mailservers might still get their messages through 
if they don't score highly enough to get the message kicked on other 
grounds.

I encourage any admin to carefully weigh the benefits and drawbacks of 
each method and then choose which one, or (hint!) which combination of 
methods works best for your particular set of parameters.

For us, we use Dual-proc 3Ghz boxes w/ 2GB RAM and a "streamlined" OS to 
pre-filter all email before it hits the Cobalts or BQ boxes.  We filter 
for upwards of 4,000 domains and reject aprox. 78% (on average) of all 
inbound mail, either at the MTA or the SA level.  It's not a perfect 
system, but so long as there are spammers out there looking for new ways 
to get their messages across, there never will be a perfect filtering 
system.   My point is... do what's best for YOU.

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Hosting, Collocation, Dedicated Servers, Internet Access
(972) 485-4125 | http://www.virtbiz.com