Noel Jones put forth on 11/6/2010 11:53 AM:
> On 11/6/2010 11:48 AM, Noel Jones wrote:
>> On 11/6/2010 11:16 AM, Stan Hoeppner wrote:
>>> Noel Jones put forth on 11/6/2010 10:05 AM:
>> The checkdbl.pl reject rate is far less than 1 per recipient
>> per day here. Any rule that only rejects 1 out of 1000
>> messages that pass prior rules -- regardless of the reason --
>> is ripe for a cost/benefit review.
>
>
> I should clarify that what I find is the after using
> reject_rhsbl_{client, sender} dbl.spamhaus.org that there seems to be
> little added benefit on running the same checks on the sender/from
> domain in the headers.
Interestingly, of my last 3 checkdbl.pl hits, 2 are message-ids. The
3rd is:
Nov 1 11:18:51 greer postfix/cleanup[15300]: 23E306C0B3: reject: header
From:
"=?utf-8?B?0J/QtdGA0LXQs9C+0LLQvtGA0Ysg0L/QviDRgtC10LvQtdGE0L7QvdGD?="
<m...@jomail.ru> from d60-49.icpnet.pl[77.65.60.49];
from=<m...@jomail.ru> to=<*...@*.com> proto=ESMTP helo=<smtp.icpnet.pl>:
5.7.1 jomail.ru, which appears in the 'From' header, is listed on
multi.surbl.org
The host domain and the from domain don't match, so DBL is useless with
this particular spam.
All 3 spams made it past all of my local black lists, and made it past:
reject_rbl_client zen.spamhaus.org
reject_rbl_client psbl.surriel.com
reject_rhsbl_client dbl.spamhaus.org
reject_rhsbl_sender dbl.spamhaus.org
reject_rhsbl_helo dbl.spamhaus.org
Without Sahil's TCP server all 3 would have hit the inbox. Now, that
said, these are the only 3 hits from Nov 1 to now. The additional load
here is worth it. checkdbl.pl is a "last 1 percenter" utility here.
Before implementing it I was averaging ~7 spams a week. I'm currently
running ~2-3 per week, on my personal mailbox that is. So, like I said,
it's worth it for me. For a larger environment, given the resource
consumption, maybe not. As always, YMMV.
--
Stan
