[Mimedefang] Spamhaus on SA

Jason Gurtz jason at jasongurtz.com
Fri Sep 10 11:06:29 EDT 2004


On 9/9/2004 19:47, Al Sparks wrote:
> First,
>     skip_rbl_checks 0
> is already unset in my SA.

I'm not sure why it wouldn't be working then.

> I just incorporated spamhaus into my sendmail.mc as you suggested and
> it works.
> 
> So, what runs first with this configuration?  Spamhaus or MD?

The sendmail "FEATURE(`dnsbl'...)" runs first.  That gives you a couple
of advantages.

  - It doesn't touch any perl, so it's faster.

  - If the sending MTA is in the dnsbl the mail is DSN rejected, which
    means...

    - The mail is never queued.

    - No more processing is needed.


Disadvantages?  You don't get very much granularity.  It's either pass
or fail.  IOW, I know a lot of people who run mail servers on a "dynamic
IP" (or a range of addresses considered as dynamic; DSL, cable, etc...)
but I still want to take advantage of blocking the spammers doing the
same.  Letting MD run the SA dnsbl check means that I can assign a small
score increase instead of just rejecting it at the cost of greater CPU
usage.

For me, in general, dnsbls that I think are sane and fair go in the
sendmail.mc.  The nutty fanatics find themselves in MD/SA.  You may want
to consider the spamhaus xbl list also; I've had quite good luck with it.

Yet, some things will just get through, even with much training.  I've
been fighting some Cyrillic spams that come from another mailing list.
The Content-type header lies about the charset and most sail through
with a SA score of <2.  Most annoying...

Cheers,

~Jason

-- 



More information about the MIMEDefang mailing list