> Hi, list, I know this is one of those "egg and chicken" kind > of questions, but having now the possibility of checking the > impact of various setups, I was wondering if it is more > convenient to let the MTA perform the RBL checks, or disable > them and let SA do this job. > Currently I am using zen.spamhaus.org as my primary (and > only) RBL tester on Postfix, and I am kinda surprised. The > daily statistics show that my server is rejecting almost > 22000 connections a day, and accepting only 2500-3000 emails. > The major drawback is bayes. It seems to lack the necessary > amount of data to catch up as the spam evolves, so I'm > continuously getting new kinds of spam (meaning that I can't > figure out a tendency to draw a rule from). So I'm asking if > anyone has a solution for this, or how do you deal with this > (to me) dellicate balance.
For me, it's not an either-or choice. The RBLs I can use on the MTA are very limited because the consequences of a false-positive are very severe (i.e., the message doesn't even get received). Dropping the same from SA reduces its effectiveness. So, I just run them in both places. Repeating a DNS lookup shouldn't be too expensive if your DNS server caches the result. Bret
