[gtaSAGE-members] Secondary MXs and Spam policies.

Fri Sep 17 10:00:10 EDT 2004

On Thu, Sep 16, 2004 at 12:20:13PM -0700, Thamer Al-Harbash wrote:
> On Thu, 16 Sep 2004, Adrian Chung wrote:
> 
> > 2) Is it considered best practice or preference to do RBL and
> > extensive filtering during the MTA initial session so that mail deemed
> >
> > as spam is dropped on the floor earlier rather than later, or queue
> > the mail and have something more thorough check it and
> > reject/filter/tag it later?
> 
> If you have a handful of accounts you can probably get away with
> queueing and relying on SpamAssassin to do the RBL check. If you
> have 100,000+ accounts I can tell you from experience you should
> do an RBL check first, queue it, and then run it through a spam
> filter if the system load is low enough.
> 
> Incidently, lots of spammers will connect, spam 100+ accounts,
> and disconnect. Dropping the connection before you even process
> the messages can save you a lot of cpu time.

I'm heavily leaning towards doing this, for these reasons...

Anyone actually have a SpamAssassin setup where it checks during the
SMTP dialogue and rejects immediately?  Most setups I've seen have
SpamAssassin checking after the message is queued.

> > I'm aware that having the mail queued and then rejected means that you
> >
> > may end up sending bounces to non-existent (or purposely crafted)
> > forged envelope sender addresses.
> 
> It depends on why you're rejecting it. You don't always generate
> bounces. Ultimately you only generate a bounce if the mail cannot
> be delivered locally.
> 
> Right now my personal mail servers will accept mail as long as
> its destined to my local domain. If you try to send an email to a
> non existant account I write it to /dev/null. It's useless to do
> anything else as you'll just generate bounces to non existant
> addresses 99% of the time.

Absolutely, something else I need to change, sending bounces for
non-existent addresses these days I find a complete waste of time (for
small user bases).

> That's too bad. See if you can get a friend to act as
> secondary. Honestly, for a personal system I wouldn't bother with
> secondary. I only set one up because I had the resources
> available. If I didn't I wouldn't bother.

Well, I've been wondering where the justification in having a
secondary MX even is these days.  If most MTA's are well-behaved
enough to retry for a reasonable period of time against a domain with
one MX record pointing to a server that's temporarily unreachable, why
even bother having a secondary (or secondaries) that aren't just spam
traps?

> > My personal preference at the moment is to queue mail (even at the
> > expense of higher resource utilization) and do more thorough checks
> > later, than to drop things that came from an RBL-listed server at the
> > front door.  Maybe I don't have enough confidence in RBLs.
> 
> Works fine with 5 users. Good luck doing it with 100k users.

Yeah, well, the current setup wouldn't scale to 100K people using IMAP
anyways. :)

> Have you looked at DCC? Spamassassin will use it if it can. It's
> a decent system for rejecting bulk mail based on white lists and
> fuzzy checksums. It's very lightweight too.

Yes, I use DCC as part of the SpamAssassin arsenal, and I'm very happy
with the detection rate.

Any experience with greylisting?

--
Adrian Chung (adrian at enfusion-group dot com)
http://www.enfusion-group.com/~adrian/
GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
[rogue.genosha.enfusion-group.com] up 30 days, 23:36, 10 users