Zitat von Robert Schetterer <rob...@schetterer.org>:
Am 16.07.2010 10:15, schrieb lst_ho...@kwsoft.de:Zitat von Robert Schetterer <rob...@schetterer.org>:Am 16.07.2010 09:27, schrieb lst_ho...@kwsoft.de:Zitat von Henrik K <h...@hege.li>:On Thu, Jul 15, 2010 at 11:06:44PM -0500, Stan Hoeppner wrote:I will say generically that for an OP who has the time, avoiding content filters and using SMTP time blocking methods is probably more effective in the long run and makes more efficient use of network and server resources.You always have time to advertise content filters being "bad", so I just have to make a pointless rebuttal.. Can you tell me any big public service (not a one man server) that doesn't use content filtering at all? By public I don't mean a site that has the ability to block freemailers, universities, etc hacked accounts..In Germany many companies have given up on content filtering because it is not allowed to drop mail after accepting, if there is a chance that private mail *could* be involved. So with content filter your only choice would be to tag spam and let the user sort out, which lead to no advantage for using content filter at all. So content filter are mostly a selling point and not a favorable "solution". Regards Andreaswhy not use spamass-milter drops spam during smtp income stage this is allowed anyway, also clamav-milter with sanesecurity works nice this way, bouncing mail after recieve by whatever reason may produce backscatter, so it isnt a good idea in every case or country, normally you only flag spam and pass it and/or hold it ( for human postmaster inspection ) i. if use amavis with after queue filter , mail always needs daily support, and companies who stopped filtering in germany ( i dont know one ) have mostly a problem with helpless admins ignorant managers/users etc, not with law or existing antispam solutions so its mostly a human problemThe point is - Before-Queue content filter is expansive and must be combined with "cheap" reject techologies anywaysorry explain "cheap"
"cheap" as opposed to expansive in resource usage (CPU/RAM/Connection Slots). You surely don't want to hammer all the spam boots at your content-filter .
- Tagging spam is nearly useless because no user like to poke through the dustbin to search for potential lost maili dont understand, as you always need support mail, its no problem to solve user questions, only the rate of questions should be handable by the corosponding number of postmaster and/or supporters
The problem is that the user after some time abandon to look in the spam folders and therefore fals positives are lost after tagging.
- Spam-Bouncing is no option at allwhy ?, a bounce is no thing of evil, there will be bounces by several reasons ever
I was speaking of bouncing by content filter detected spam. The sender address is faked anyway so bouncing spam *is* evil. You maybe confused bouncing with rejecting??
- In general the false positive rate is a higher and more difficult to find out with content filter compared to a sane set of reputation based filtersi have false postive under 0,1 promille no problem here
It as always a matter of preference. The more you try to achieve 100% spam free the more false positives you have to accept. As said the evil is not merely the rate but the possibility to get lost without notice.
So the most reasonable approch is to ditch content filter at all and use a sane set of reputation based decisions and maybe greylisting to reject spam at earliest possible stage.you should always use all usefull antispam technics which make sense anyway ( specially that ones that are native in postfix ) greylisting is one of them , but in a few cases on my site simply does not work anymore defending bots so antispam is always a filter chain, the real antispam filter such as spamassassin should always be one of the lastI don't speak about or even recommend to not use spam filtering, but content filter is sometimes the bigger problem compared to some slipping through spams.maybe, thats individual, like spam always is, competent postmaster should choose the right way in the right case
Amen
Regards Andreasno need to flame, i have no problem with supporting ca 10 mailservers with antispam enabled up to 10000 mail addresses some spam always slipping trough,always some false positives , thats the nature of the beast, the goal is keeping that rate low in my case spam filtering is no such problem , as mailservers that have buggy dns setups are in rbls etc, after all, one of the biggest problems are false tagging to antispam filters in mail clients i.e outlook which produces more questions then server side filters, as most users dont understand their mail client settings
no flame intended at all. Simply have to say that the conclusion (not from you but from earlier posts in this thread) that one *must* use content filter is plain wrong because it is a matter of preference.
But we should stop right here, its all said. Regards Andreas
smime.p7s
Description: S/MIME Signatur
