Mailinglist Archive: opensuse (4610 mails)

< Previous Next >
Re: [opensuse] Can spam be defeated?
  • From: Sandy Drobic <suse-linux-e@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 21 Dec 2006 10:19:48 +0100
  • Message-id: <458A51B4.6080600@xxxxxxxxxxxxxxxxxxxxxxx>
Joachim Kieferle wrote:

[RBLs listed]

Well, I'm still getting mail from this list, so it's not blocking everything. It will take some time to determine if I've blocked things I don't want blocked. So far I have no new spam in the inbox in over an hour. That is very good. Far better than 50%. Thanks

Steven
Hi Steven,

"grep blocked /var/log/mail" shows which mails are blocked. All sender / recipient combinations that I have seen so far were spam. Counting the amount of blocked spam, for our site it's about 2'000 mails that are blocked per day.

You can even cheaply count the number of rejected recipients per blacklist with this one-liner:

grep "blocked using" /var/log/mail | awk '{print $20}' | sort | uniq -c | sort -n

I think for postfix 2.2 or older its awk '{print $19}'


IF BY ACCIDENT a mail is blocked, the positive effect from that is, that the senders are informed about blocking (e.g. Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=82.197.44.218), whereas SpamAssassin "just" marks the spam and one tends to delete the spam without even reading the header / sender.

That is the theory. The trouble is that more than one admins think all bounces are spam and silently delete them or refuse to accept mails with empty envelope sender. It had happened more than one time that the sender did not get any notification. :-((

Sandy gave some very good comments on the sites one should get the blocking information from. That's very helpful, since I just googled this list from a postfix configuration site and didn't up to now find the time to go into details of each site. Thanks for that.

The temptation is great but you should find the time to investigate the site policy and research user experience with the blacklist. You are after all delegating the decision if a mail should be accepted or not to an external third-party.

Currently I am using three blacklists:
zen.spamhaus.org
list.dsbl.org
dynablock.njabl.org

A lot of spam is rejected by helo checks and greylisting.

Sandy
--
List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups