Matt Kettler wrote on Mon, 12 Dec 2005 18:42:49 -0500: > Personally, I have yet to find a single RBL that's sufficiently accurate and > FP > free for me to begin to consider it for use as an MTA layer rejection > criteria. > > But I consider using a RBL for MTA block an act of extreme trust.
trust is trust ;-) My stance on this is that I want to avoid extra cpu cycles and bandwidth if I can. Using rbl at MTA level drops about 80-90% of all incoming messages. The FP rate is very low, probably not 1 per billion, as you want to have it but something like 1 per 10.000 or 100.000 or so. That's good enough for me. It's also a matter of how you define an FP. If a message is rejected because it came from a dialup but is not spam it's not an FP for me. It's exactly what I don't want to get: mail from dialups, people can use their provider's smarthost, full stop. If a mail gets rejected because of "collateral" damage by blocking a network block that contains non-spam senders as well I indeed consider this as an FP. I haven't yet seen such FPs here. The only very few complaints I had all turned out to be either dynamic IP space or bad helo's. I had some other complaints in the past when big mail providers got on the spam.dnsbl.sorbs.net list. This is inevitable and you can workaround this by whitelisting (in access.db) or using the sorbs safe list. I did both. Since then I barely had any complaints. Whitelisting is actually anyway what you *have* to use when you use RBLs at MTA level. One should use them. I also use heavy blacklisting on MTA level in addition to RBLs and other checks. The access.db rejects usually account for at least the same amount as rejections by all other means. > The only RBL close to that accurate in the SA testing is XBL. No RBL is > 99.999% > accurate, Even XBL is only 99.994% (which rounds to a S/O of 1.000 in SA's > STATISTICS-set1.txt, but if you re-extrapolate the raw numbers it is 272715 > spam > hits, 14 nonspam hits, or S/O 0.99994 which is still only 4 nines, not 5) I would be interesting to know the nature of these 14 nonspam hits. As I said, if they were not spam but cam from dynamic IP space I *do* consider them as unwanted. I haven't yet seen a complaint because of SBL+XBL. I use that plus safe-sorbs plus njabl and the only one, as explained above, that had a few problems was sorbs-spam which I discontinued. Now, you can argue that greylisting may indeed help much better and "safer". I think I would agree. But this technique is new, f.i. I started using it only some days ago. With greylisting one could possibly drop all lists based on dynamic IP space, proxies and such and keep only spamhaus. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
