On 2017-02-15 16:30, Tom Hendrikx wrote: > Note that the period that you describe as 'seen by SA a bit later' is > typically less than a second.
Not in my case. I have a custom Exim configuration where I intentionally wait for a period of time (currently 4 minutes) between SMTP acceptance and delivery (SA runs at delivery time), precisely because I want to give all the collaborative mechanisms the maximum chance to kick in. When I wrote my OP, 4 minutes was shorter than my BIND max-ncache-ttl parameter. I have since set that to 180 (3 minutes), so that angle shouldn't matter any more. Still the balance between bouncing the most junk outright and the risk of false positives means it's something to think about. > Which RBLs to use, depends on the typical spam you receive, and the > policies that you wish to apply. IMHO, the trust you put in RBLs (and > their listing policies) should be more important in making decisions > than their typical response time to new (types of) spam and their > TTLs. Agreed. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://cr.yp.to/smtp/8bitmime.html
