[RndTbl] Grey-listing in effect on MUUG server
Tim Lavoie
tim at fractaldragon.net
Fri Nov 17 11:14:49 CST 2006
>>>>> "JK" == John Lange <john.lange at open-it.ca> writes:
JK> Would it not make sense to do it in the other order?
JK> Greylisting being much less CPU intensive than other spam
JK> blocking methods.
The DNS check is pretty lightweight, and early in the process. Heavier
checks do run later.
JK> On a related note, personally I'm strongly opposed to block
JK> lists since:
JK> a) they only work after spam has been sent
JK> b) they catch far to many innocent victims
JK> c) when other methods are applied properly, blocklists only
JK> improve results by a very small amount.
JK> "b" being the main reason I don't like them.
Hm. The Spamhaus lists work after spam has been sent to *somebody*,
not necessarily me, so no problem there.
Innocent whiners can send an email to let me know if they've been
blocked inadvertently. :) More seriously, the RBL stuff does have a
way to request getting your address un-blocked, and I think this sort
of thing does nudge the ISPs into being more proactive to limit
out-bound cruft. The sbl-xbl list also turfs a lot of botnet traffic,
without having to scan each message with a local virus checker at my
end. For my limited scope, with a handful of users and domains, it's
not a big deal to eyeball the log once in a while to see if there's
been a false positive. Haven't had one yet, and it's turfed a *lot* of
crap. Still, it might be fun to run on just the greylist for a while
to see how it does.
I do use an account-specific filter (CRM114) too, but it's now had
nothing to catch since last night. While very effective, it's
naturally the most heavy-weight process, as well as the most fuss to
keep the learning process up to date.
Tim
More information about the Roundtable
mailing list