[Mimedefang] Re: Pre-Acceptance filtering (WAS: Re: recipient filter and RBLs)
Dirk the Daring
dirk at psicorps.org
Fri Dec 7 07:43:22 EST 2007
On Thu, 6 Dec 2007, Jan-Pieter Cornet wrote:
> On Thu, Dec 06, 2007 at 01:33:16AM -0500, Dirk the Daring wrote:
>> On Mon, 3 Dec 2007, "Paul Houselander" <housey at sme-ecom.co.uk> wrote:
>>> After a bit of digging around I think ive pretty much decided not to use
>>> rbl feature in sendmail but to intergrate spamhaus checking into my
>>> mime-defang script.
> That's a wise decision, I'd say.
>> While you can certainly do this, all you're doing is creating a *lot*
>> more work for your mailserver, and encouraging the spammers.
> Err, no. You have the wrong idea about mimedefang.
Actually, I have the right idea about MD. I made the mistake of
thinking about SpamBayes when I saw spamhaus. SpamBayes being a
post-acceptance tool and spamhaus being an RBL.
>> As far as the spammer is concerned, that is "Mission Accomplished".
>> They have successfully wasted your bandwidth and disk space, and you're
>> about to let them waste your CPU and RAM as well.
> Not quite, it's "Nuisance Accomplished". For a spammer, it's only
> "Mission Accomplished" as soon as someone actually buys something. Or
> in practice, this means that as soon as a large enough population of
> people see the message.
We may be arguing semantics here. If the spammer never reaches DATA,
they *know* their crap is not going thru. Mission Failed. If they reach
data, they can (possibly reasonably) *assume* that it has a chance to get
Remember, we're not dealing with ethical or honest individuals.
I've seen some spam-for-hire arrangements that work based on a very
small commission amount per E-Mail "successfully sent" and then a larger
commission per sale. The spammer wants to recoup *something* for their
large investment in millions of victim E-Mail addresses, while the company
hiring the spammer doesn't want to pay serious money without sales.
>> By the end of HELO, I've stopped fully half of the SPAM sent to my mail
>> relay. By the end of RCPT TO: (before DATA), I've stopped about 75-80%.
> Roughly the same here, I suppose. Let's see, the stats for the day:
> blocked by HELO pattern: 86 (21%)
> pregreeting traffic: 21 (5%)
I'm seeing GREETPAUSE block perhaps 1%, if that. It used to be
What I *do* see being very successful right now is sendmail's RATECONN
Feature. That is tagging about 30% right now, and only about 15% or so of
total connections are being stopped by HELO filtering specifically.
> blocked using blacklists: 258 (64%)
Only half of the incoming connections survive to be checked by RBL, and
I'm only dropping about 13% of incoming connections via RBL.
More information about the MIMEDefang