Marc Perkel wrote: > As opposed to preprocessing before using SA to reduce the load. (ie. > using blacklist and whitelist before SA) >
We don't. We use a locally modified MaRBL that uses weighted scoring, RHSBLs against helo/sender domain/reverse, and the BOTNET plugin (each meta-rule gets its own weight), then greylisting (gld policy server), then clamav w/sane+msrbl, then finally SA. All this does for us is reduce the load on the spamd servers and bayes database, the amount of marked spam that would actually get to a user that /dev/null's over a certain score does not change significantly. This brings the detected spam rate to about 2% of all delivery attempts or 14.8% of what SA sees; what the user sees may be much less depending on what they set their /dev/null score to. We used to use just greylisting, but it was becoming far less effective over time (~8 months ago), by adding weighted rbl lookups to reject at SMTP time and then greylist the rest, the amount of spam as seen by SA dropped to 12% of what it was with just greylisting alone. At some point we should add in SPF checks to MaRBL and maybe integrate p0f from its latest release.
