[Mimedefang] 100K SA limit doesn't seem to be enough any more :(

Cormack, Ken Ken.Cormack at yrcw.com
Wed Mar 19 10:45:50 EDT 2008 

> Yikes.

    ::snip::

> Aren't you better off using a whitelist of countries that you do want
> to receive mail from? That way you wont' start receiving mail from
> crapmenichstan once it separates itself from dunceburg (or other
> balkanization effort that are or might be under way).

Agreed, it would have been easier to impliment.  However, it was easier to
get managerial buy-off by showing them the list of countries we don't do
business with.  When I tried "we could allow from X, Y, and Z, while
//blocking everything else//...", management baulked, noting knowing exactly
what "everything else" encompassed.  Granted, I could have sought the
approval by showing the list to block, yet coded it as a short list of what
to allow, but when audits or even general inquiries occurred, it was easier
to have the complete block list right there in the code.

As the world changes and political borders create and reshape countries (ie:
"crapmenichstan"), we would deal with that assuming a spam from there
actually slipped past the other filters, to reach a user's inbox.

> By the way, you're not blocking the largest spam source in the world:
> .us. Just a helpful hint.

Given that the company is located in the US, and that most of our business
is done with companies/customers in the US, we don't block US ip addresses
based on country.  We let the other mechanisms control that.  But for email
originating outside the US, it just made a lot of sense to block in
filter_sender, before getting into the heavy-hitting virus scans and
spamassassin overhead.

> What we use is RBL checks (zen.spamhaus.org is really recommended),
> a HELO pattern check (gathered using statistics and common sense)
> and spamassassin.

We've used these as well, with good success.

> (Then again, if this mail wasn't sent through the mailing list, you
> wouldn't even receive it, unless you have me whitelisted :)

Agreed, but don't take it personally.  The MIMEDefang servers here handle
email for a US-based trucking company (and it's canadian subsidiary), and I
don't know that there's been a whole lot of demand from The Netherlands, for
the company's services.  Ergo, the company doesn't have any customers in NL,
so NL ip addresses are blocked.  That's the rationale.

Ken

More information about the MIMEDefang mailing list