[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse
Subject:    Re: [opensuse] Can spam be defeated?
From:       Sandy Drobic <suse-linux-e () japantest ! homelinux ! com>
Date:       2006-12-21 9:19:48
Message-ID: 458A51B4.6080600 () japantest ! homelinux ! com
[Download RAW message or body]

Joachim Kieferle wrote:

[RBLs listed]

>> Well, I'm still getting mail from this list, so it's not blocking 
>> everything.  It will take some time to determine if I've blocked 
>> things I don't want blocked.  So far I have no new spam in the inbox 
>> in over an hour.  That is very good.  Far better than 50%.  Thanks
>>
>> Steven
>>   
> Hi Steven,
> 
> "grep blocked /var/log/mail" shows which mails are blocked. All sender / 
> recipient combinations that I have seen so far were spam. Counting the 
> amount of blocked spam, for our site it's about 2'000 mails that are 
> blocked per day.

You can even cheaply count the number of rejected recipients per blacklist 
with this one-liner:

grep "blocked using" /var/log/mail | awk '{print $20}' | sort | uniq -c | 
sort -n

I think for postfix 2.2 or older its awk '{print $19}'


> IF BY ACCIDENT a mail is blocked, the positive effect from that is, that 
> the senders are informed about blocking (e.g. Blocked - see 
> http://cbl.abuseat.org/lookup.cgi?ip=82.197.44.218), whereas 
> SpamAssassin "just" marks the spam and one tends to delete the spam 
> without even reading the header / sender.

That is the theory. The trouble is that more than one admins think all 
bounces are spam and silently delete them or refuse to accept mails with 
empty envelope sender. It had happened more than one time that the sender 
did not get any notification. :-((

> Sandy gave some very good comments on the sites one should get the 
> blocking information from. That's very helpful, since I just googled 
> this list from a postfix configuration site and didn't up to now find 
> the time to go into details of each site. Thanks for that.

The temptation is great but you should find the time to investigate the 
site policy and research user experience with the blacklist. You are after 
all delegating the decision if a mail should be accepted or not to an 
external third-party.

Currently I am using three blacklists:
zen.spamhaus.org
list.dsbl.org
dynablock.njabl.org

A lot of spam is rejected by helo checks and greylisting.

Sandy
-- 
List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]