Pretty much, yes. The reject-identical-sender-recipient filter can't run until both the sender and recipient have been given, which happens pretty late in the SMTP conversation. RBLs and RDNS entries can be checked as soon as the connection begins. Although the RBL and RDNS filters generate some additional network traffic, spamdyke won't even start the qmail process if they are triggered, which saves server resources (far more than skipping a DNS query or a file search).
In the process of selecting the order in which filters run, I chose least-to-most expensive in places where all of the data is available and I could have selected any order I wished. In cases like this, the order is determined by the availability of the data -- filters run as soon as they have enough data to function. Keep in mind, discussing the "cost" of filters is only relevant when comparing one filter to another. None of the filters in spamdyke are actually more "expensive" than opening a text file or sending and receiving a few data packets. Truthfully, if you are in a situation where reordering the filters will make a big difference, your server is simply overloaded and should be upgraded or load-balanced. -- Sam Clippinger On 9/20/10 3:01 PM, Eric Shubert wrote: > Marcin Orlowski wrote: > >> On Mon, 20 Sep 2010 21:01:39 +0200, Marcin Orlowski<[email protected]> >> wrote: >> >> >> >>> I'd rather expect DENIED_IDENTICAL_SENDER_RECIPIENT to appear >>> in logs, as such filter definitely "costs" less than >>> DNS queries. I tried to find filter chain described in the >>> manual, but seems there's no such information. Sam, wouldn't >>> be much better to have order reversed here? >>> >> I now also spotted that when you enablie any BLs, these are >> also queried before reject-identical-sender-recipient is >> checked - so I second myself :) reject-identical-sender-recipient >> shall be evaluated prior performing any other blocking filters >> simply for faster processing >> >> Regards, >> > I expect that Sam will have some words of wisdom here, but I'll chime in > beforehand. > > The most efficient balance overall for filtering efficiency cannot be > done by doing the least costly filters first. While that's a simple > approach (and simplicity has its merits), it's not necessarily optimal. > > I expect that the RBL and DNS checks are being done as soon as possible > in the process (when the sender's IP address is first known), which is > at a point when the sender and recipient addresses aren't yet available. > In order to do the DENIED_IDENTICAL filter, the smtp session must > progress to the point of having that information, which also uses > resources (a few more send/receive transmissions into the session). In > order process the DENIED_IDENTICAL filter first, resources would need to > be used to get the sender and recipient addresses for *all* messages, > including those that are rejected based on one of the IP filters. I > believe that this extra overhead would outweigh the potential savings of > applying the DENIED_IDENTICAL filter before RBL and DNS filters. In > addition, I think the RBL and DNS filters have a higher probability of > rejecting a given message than the DENIED_IDENTICAL filter, which also > weighs into the equation. > > Is that about right, Sam? > > (FWIW, I don't use this filter, so it doesn't really matter to me. I > just blacklist local domains instead). > > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
