procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: What is the most efficient way to query an RBL?

2004-05-24 07:00:31
from [Michelle Konzack] [Permanent Link] 
Am 2004-05-24 15:31:27, schrieb Kai Schaetzl:

Michelle Konzack wrote on Mon, 24 May 2004 11:21:34 +0200:



Curently I have attached a sbl-xbl/rbl filter AFTER spamassassin and I 
get one or two messages per day in its SPAMHAUS-folder.


You do know that procmail + SA doesn't scale very well? Using a milter or 
MailScanner to invoke SA is much more efficient if your daily email gets 
in the thousands. I also always recommend to use RBLs right at MTA level. 


RBLs on MTA level does not work, because I get the messages via 
'fetchmail'. 

8.000 Messages per day mean, all 11 seconds one mail. 
'fetchmail' is started all 10 Minutes and never had problems.


If you use the right ones (and that includes Spamhaus, but using 20 RBLs 
is overkill) your false positive level is nearly zero and you block a lot 


STOP !

I was running the 20 RBL's against a SPAM-Folder (SPAM's fond 
by spamassassin and its bayesian filter) of 34.000 Messages.
Only 2800 are detected as SPAM. 

The 20 RBL's are used for a Test...


of spam and most virus mail at the MTA. This means less processing cost 
(only the remaining stuff has to be scanned) and less traffic (because you 
don't get the DATA portion). We reject about 80% of all incoming mails 
with RBLs at MTA level and get almost no viruses sent to us. The false 
positive rate is something like 1 in 10.000 or 100.000.


I filter Viruses with 'nkvir-rc'   :-)

But in general, I do not accept any kind of binary attachments which
are very good filtered by procmail and mimefilter. 

I have only 3 E-Mails which allow binaries... and this one filter it 
from procmail, munpack and f-prot. if they are compressed, the I have 
unzip, unrar, lha...

It is a little bit work to do the Bash-scripts, but it works to 100%


Kai


Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Attachment: signature.asc
Description: Digital signature

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: What is the most efficient way to query an RBL?, Kai Schaetzl
Next by Date:  Confused newbie...., Steffen Bisgaard
Previous by Thread:  Re: What is the most efficient way to query an RBL?, Kai Schaetzl
Next by Thread:  Re: What is the most efficient way to query an RBL?, Kai Schaetzl
Indexes:  [Date] [Thread] [Top] [All Lists]