On 21/02/2007, at 10:59, Guy Hulbert wrote:
On Wed, 2007-21-02 at 08:01 +1100, Charles Butcher wrote:
If you really want to take this into account, use it as part of a
scoring system (e.g. spamassassin) but not as a sole reason.
I spent a while running myself ragged dealing with legitimate mail
from
big ISPs that had no PTR records for their mail servers.
Is it practical to white-list "big ISP"s ?
There can only be so many and one would just need to record the IP
addresses of their mail servers.
My experience was that they kept coming out of the woodwork. And if
the big ISPs weren't all bothering with PTR records you could bet that
a _bunch_ of small but legitimate (and often quite clueless) ISPs don't
have PTR records either. Nor do they have a working
[EMAIL PROTECTED] mailbox, so you can't even tell them about
it..... (sigh)
And don't even get me started about some web-monkey who sets up a "Mark
Webber Fan Club" website and pulls in some bogus java class to do the
mailouts. One that has _NO IDEA_ about the RFCs (e.g. will retry
immediately and incessantly on any 4xx or 5xx response).
So to keep my blood pressure at reasonable levels I found that pulling
all these sorts of violations into the spamassassin scoring system did
the best job of favouring legitimate mail whilst still rejecting the
junk.
FYI, the only qpsmtpd plugins I use to reject mail outright are:
check_earlytalker
require_resolvable_fromhost
count_unrecognized_commands
the virus scanners
and a recipient existence check
because all of the scenarios these plugins cover are 100%
kill-stone-dead showstoppers. Everything else is handled by
spamassassin and can benefit from is +ve and -ve scoring system and its
auto-whitelist.
Here's a log summary from my server (yes its not a very busy machine,
so I can afford to give spamassassin the majority of the work).
# Start : 2006-09-29 13:28:55
# Finish : 2007-02-17 06:18:30
# Elapsed: 140 days, 16 hours, 49 mins, 35 secs
#
# Total transactions : 364549
# Average tx per hour: 107
#
# Most Recent Logfile Cumulative
Totals
# Disposition (plugin) Total Avg/Day Total
Avg/Day
#
-----------------------------------------------------------------------
# spamassassin 8240 ( 33%) 826 149278 ( 40%)
1060
# recipient_exists 6540 ( 26%) 655 106324 ( 29%)
755
# queued 4287 ( 17%) 429 49827 ( 13%)
354
# check_earlytalker 2987 ( 12%) 299 28923 ( 7%)
205
# require_resolvable_fromhost 1868 ( 7%) 187 19350 ( 5%)
137
# rcpt_ok 274 ( 1%) 27 7701 ( 2%)
54
# virus::clamav 164 ( 0%) 16 2085 ( 0%)
14
# virus::klez_filter 65 ( 0%) 6 892 ( 0%)
6
# count_unrecognized_commands 2 ( 0%) 0 119 ( 0%)
0
# tls 0 ( 0%) 0 50 ( 0%)
0
#
-----------------------------------------------------------------------
# TOTALS 24427 (100%) 2449 364549 (100%)
2590
