[Mimedefang] Pre-Acceptance filtering (WAS: Re: recipient filter and RBLs)
Dirk the Daring
dirk at psicorps.org
Thu Dec 6 01:33:16 EST 2007
On Mon, 3 Dec 2007, "Paul Houselander" <housey at sme-ecom.co.uk> wrote:
> After a bit of digging around I think ive pretty much decided not to use the
> rbl feature in sendmail but to intergrate spamhaus checking into my
> mime-defang script.
While you can certainly do this, all you're doing is creating a *lot*
more work for your mailserver, and encouraging the spammers.
DISCLAIMER: I have no beef with SpamAssassin, SpamHaus, DCC
or other similar E-Mail analysis and SPAM tagging
tools. I use some of them myself.
The trouble with post-acceptance tools, like SpamAssassin, SpamHaus,
DCC, et. al., is that you have to accept the E-Mail. That is, the spammer
reached DATA and transmitted the message to you, and you queued it
somewhere prior to submitting it to the analysis/tagging tool.
As far as the spammer is concerned, that is "Mission Accomplished".
They have successfully wasted your bandwidth and disk space, and you're
about to let them waste your CPU and RAM as well.
If the recipient address isn't valid, why let them get past RCPT TO:?
Why even permit the DATA step to happen?
By the end of HELO, I've stopped fully half of the SPAM sent to my mail
relay. By the end of RCPT TO: (before DATA), I've stopped about 75-80%.
Given that roughly 9 out of every 10 E-Mails are SPAM, that is a lot of
garbage that never gets transmitted (so the spammer doesn't get to waste
my bandwidth), never gets queued (they don't get to waste my disk space),
and that my filter never has to submit to ClamAV or to SA/DCC/whatever (so
I don't waste CPU or RAM analysing something I already know is garbage).
If you want to wait until after DATA to see if you should have even
bothered queuing the message, that's fine, but be sure you understand just
how much you're increasing the load on your mail server.
More information about the MIMEDefang
mailing list