List Info

Thread: Re: Use RBLs in MTA or Maia?
Re: Use RBLs in MTA or Maia?
country flaguser name
United States		 2007-11-08 12:14:27 
These are my top 15 by hits, so I'm seeing the same thing. 

Rule  	Explanation  	Score  	Triggered  	Proportion
HTML_MESSAGE  	HTML included in message  	0.001  	47085 
	11.9
BAYES_99 	Bayesian spam probability is 99 to 100% 	3.500
	34630 	8.8
URIBL_BLACK 	Contains an URL listed in the URIBL blacklist
	1.955
	30687 	7.8
AWL 	From: address is in the auto white-list 	-0.609 	24806
	6.3
MIME_HTML_ONLY 	Message only has text/html MIME parts
	1.457
	22745 	5.7
URIBL_OB_SURBL 	Contains an URL listed in the OB SURBL
blocklist
	1.500 	20431 	5.2
BAYES_00 	Bayesian spam probability is 0 to 1% 	-2.599
	15604
	3.9
HTML_IMAGE_RATIO_02 	HTML has a low ratio of text to image
area
	0.383 	13731 	3.5
URIBL_JP_SURBL 	Contains an URL listed in the JP SURBL
blocklist
	1.501 	13274 	3.4
URIBL_RHS_DOB 	Contains an URI of a new domain (Day Old
Bread)
	1.083 	8500 	2.1
RDNS_NONE 	Delivered to trusted network by a host with no
rDNS
	0.100 	7465 	1.9
RCVD_IN_DOB 	Received via relay in new domain (Day Old
Bread)
	1.103 	7147 	1.8
DNS_FROM_DOB 	Sender from new domain (Day Old Bread) 	0.732
	7145
	1.8
MIME_QP_LONG_LINE 	Quoted-printable line longer than 76
chars
	1.396 	6716 	1.7
INVALID_DATE 	Invalid Date: header (not RFC 2822) 	1.245
	5973
	1.5
URIBL_WS_SURBL 	Contains an URL listed in the WS SURBL
blocklist
	1.500 	5848 	1.5

Yeah, the password reset thing with greylisting is a bit of
a pain, but
no solution is perfect.  What I did was identify the sites
that I wanted
to whitelist and plug them into the system in advance, AND
have a <10
minute greylist period so I catch MTAs before their retry
interval gets
too great, and I set the expiration to be greater than 30
days so
periodicals don't get greylisted every month.


-- 
Rick Zeman
Manager of Information Technology
Melwood Horticultural Training Center
301.599.4574 - HelpDesk
301.599.4560 - MyDesk
http://www.melwood.org


>>> "Adam Ellsworth" <adamgetwebspace.com> 11/8/2007 12:38 PM >>>



I agree. Thanks for all the feedback, folks, it's helped a
lot, even
if to solidify what I'm already doing. I forgot to mention
(or
rather, completely forgot), I am blocking using
just SBL-XBL at the MTA level on one server, which blocks
11,500
per day and only has a few dozen domains on it... not sure
if that's
before or after recipient checking, but I'm doing that, too.
(I should
probably make sure that's after.) I've not heard any
complaints in over
a
year since I started doing it, but I'm sure it happens...
though
impact is minimized by the failure being reported by the
sending
server.

>From my Maia stats, SURBL/URI catching are by far
the most successful tools once it gets to spamassassin,
second only to
Bayes. (SBL/XBL doesn't get to Maia at all) and I still have
message
scores in the 50's. I may look into putting a basic scoring
mix of
those into the MTA. My volume isn't enough to have an issue
with
spamassassin load, but I'm hoping to be proactive there. I'm
running
exim.
I miss qmail a lot.

I've been reading a lot on greylisting
since the topic started, but I'm really nervous about it. I
know it
seems
to be very successful based on the comments here and
elsewhere, but I
personally would be frustrated by automated responses
(subscriptions,
forgot password requests) being delayed at all, even if
successful
later.
Too bad there's not an easy way to tell what's spam and what
isn't.

-Adam

> I disagree with that. At least for us, I
analyzed for a month and didn't 
> have a false positive, and I
NEVER have complaints after using Zen. 
> (previously sbl-xbl)
Spamhaus being blocked at the MTA level. That even 
> addresses
the "bring to the attention of SomeCompany"
because the user 
> gets an informative bounce and can follow up
appropriately.
Accepting the 
> mail, then silently discarding based on an RBL is
a WHOLE 'nother story. 
> That's just one tool in a mail admin's
arsenal. Greylisting and 
> recipient validation are others, and
ALL of them are necessary in one form 
> or another. 
>

> -- 
> Rick Zeman 
> Manager of Information
Technology 
> Melwood Horticultural Training Center 
>
301.599.4574 - HelpDesk 
> 301.599.4560 - MyDesk 
>
http://www.melwood.org
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )