On Fri, Jan 03, 2003 at 03:19:11PM -0500, Chris Santerre wrote: > Well I'm reading more and more with the slow holiday time. I keep coming > back to Theo and kludge.net as great info. Particularly the post Theo made
FYI: that's kluge.net ... I wonder how much mail the guys at kludge.net
get for me? ;)
> (one could argue that the firewall would be the first layer.)
True, but messing with your firewall to block spam is more costly than
blocking at the SMTP level usually. I personally don't want to change
my firewall config if I don't have to. ;)
> So I'm using Theo as a model
Oh boy, I've never been a model. ;)
> So, regarding access db (Theo's) and RBLs.... Our business has the
> unfortunate situation of having to deal with China and Korea. So I'm
> wondering if anyone has had problems using either Theo's access.txt and or
> the popular RBL services while dealing with these countries? I suppose I
> could just turn on the functions, wait for the screams, and whitelist then
Well, my accessdb is for my personal box, so if you're using it for
anything important (ie: company email, etc), use it at your own risk.
I'm going to be setting up anti-spam stuff at my new job sometime in
the near future I think. Since receiving spam is less costly to us than
missing email, we'll probably just setup SA and let the user filter if
they want to on their MUA. I figure they already receive X spam, if I
let them receive X/2 spam, it's a win even if I could have stopped more
at the SMTP level.
At home though, I don't give a crap. If someone gets blocked accidentally
(it's happened), I'll usually either notice it in the logs or someone will
send mail to postmaster, or (I've had this happen) someone will call my
house (from Canada ...) I remove the block and life continues. I figure
spammers aren't going to bother contacting me because they couldn't
send me mail, only people who actively want to send me legitimate stuff
would care enough to let me know I'm blocking them, so I take whatever
the block is out on request. If I start getting spammed again, I can
probably work out some form of whitelist for them (1.2.3.4 OK).
> My main concern is blocking a proxy or IP subnet that is known for open
> relay, but is needed by our company.
Yeah... With the RBLs, at the SMTP level I tend to just use open
relay blocks. I figure it's less prone to FP entries, and it's not
as nebulous as one of the rfc-ignorant rbls or something. Arguably a
customer or vendor could have an open relay, but then do you really
want to do business with them? ;) If you're like me (above), at
work I wouldn't use RBLs or anything at the SMTP level that isn't 100%
guaranteed to be spam only. Filtering with SA is a recoverable process,
blocking at SMTP is not.
--
Randomly Generated Tagline:
Down that path lies madness. On the other hand, the road to hell is
paved with melting snowballs.
-- Larry Wall in <[EMAIL PROTECTED]>
msg11635/pgp00000.pgp
Description: PGP signature
