On 8/16/07, Matthias Haegele <[EMAIL PROTECTED]> wrote: > John Rudd schrieb: > > Marc Perkel wrote: > >> As opposed to preprocessing before using SA to reduce the load. (ie. > >> using blacklist and whitelist before SA) > >> > >> > > > > > > I do not. > > > > (greet-pause of 5 seconds; zen and dsbl as blacklists; local access type > > blocks; dangerous attachment filename blocker; and then clamav with > > Sanesecurity, MSRBL, MBL signatures; all of those _reject_ messages > > during the SMTP session before Spam Assassin gets to see them) > > Nearly same setup as John. If you have the opportunity to block at MTA > level i think u *really should do this*. (Its around 80% rejects here). > Additionaly i block some TLDs like .ar|br|cl|ru|pl|jp|hu which i dont > have regular mail contact here ... > btw: MTA is Postfix. >
I agree and have yet another similar setup here. We reject about 80% as well, which helps reduce the load on the servers and on the users who manage their quarantines. We allow users to choose whether to use no filtering, the "pre SA", reject filtering only, or full content filtering with SA. A surprising number prefer to use just the more basic checks and deal with what gets through with their mua. -Aaron
