On 16-02-17 06:22, Ian Zimmerman wrote: > On 2017-02-15 16:30, Tom Hendrikx wrote: > >> Note that the period that you describe as 'seen by SA a bit later' is >> typically less than a second. > > Not in my case. I have a custom Exim configuration where I > intentionally wait for a period of time (currently 4 minutes) between > SMTP acceptance and delivery (SA runs at delivery time), precisely > because I want to give all the collaborative mechanisms the maximum > chance to kick in.
Why are you keeping mail in your queue, when you could also use greylisting and achieve roughly the same delivery delay? Except that lots of spambots don't understand greylisting and will never return for the second delivery? And that you don't get a full queue when something weird happens? To be honest, I never heard of this kind of setup before. Is this a typical Exim trick?:) > > When I wrote my OP, 4 minutes was shorter than my BIND max-ncache-ttl > parameter. I have since set that to 180 (3 minutes), so that angle > shouldn't matter any more. Still the balance between bouncing the most > junk outright and the risk of false positives means it's something to > think about. > >> Which RBLs to use, depends on the typical spam you receive, and the >> policies that you wish to apply. IMHO, the trust you put in RBLs (and >> their listing policies) should be more important in making decisions >> than their typical response time to new (types of) spam and their >> TTLs. > > Agreed. >
