kashani wrote:
1. Block mail up front.
Use greylisting as it stops spam before it enters the MTA's queue.
This keeps 90% of my spam from even entering the more resounce
intensive filtering processes.
This is a very effective filter. However, it does greatly slow down
delivery of legitimate email. I found it a bit of a pain. Further,
there are those servers out there that respond to greylisting as a
bounce, so you need to specifically configure accordingly.
2. Don't use blacklists
30% false positive rate. Comapared to 1-2% for Bayesian or
Markovian filtering.
I use both. As far as false positive goes, I have had very few false
positives ... in fact, i can not think of any. But, for a corporate
setting, I would not use it, but instead leave it all to software like
DSPAM or Spam Assassin.
3. Do some simple check up front, but don't do too many.
Require a helo, reject invalid hostnames, reject unknown domains,
reject non FQDN, and that's pretty much it. Requiring DNS to match and
other checks is something you can do, but I've found that there are
too many poorly configured legitimate mail servers for this to be
worth the hassle.
All corporate servers should implement this IMHO ...
I am always surprised how many sites out there send mail directly from
webservers in a DMZ that do not have proper FQDN setup. I tend to find
these upon making an order and not getting an email ... log searches
reveal the problem. So, if you want maximum ability to receive email,
don't enforce these rules.
Tom Veldhouse
--
gentoo-user@gentoo.org mailing list
