[wplug-internet] Spam filters

Vance Kochenderfer vance at happylemur.com
Thu Jun 11 02:07:47 EDT 2015


Pat Barron wrote:
>   So, I am thinking it might be a good time to revisit this...

Yeah, I haven't really followed up since the last discussion.  These
days, every time I glance at the mail queue there are a bunch of items
that appear to be "your post was held for moderation" messages for
addresses that don't go anywhere.

> We've been using a set of RBL's in our Postfix config (in warning mode
> only) for a while now.  I need to see if I can find any existing tools
> to analyze the logs.  Real quick analysis (i.e., just using "wc"....)
> shows that RBLs would have blocked about 7100 incoming messages in the
> last month.

Yeah, unfortunately it's easy to over-estimate the effectiveness of RBLs
since an RBL warning is added to the log even if a message was blocked
by greylisting.  It takes a more sophisticated approach to detect which
messages survived greylisting but would have been blocked by the RBLs.
One of these tools may help, though I don't have experience using any
of them: <http://www.postfix.org/addon.html#logfile>.  Last time around
I manually read through the logs (which I wouldn't recommend :).

If necessary, it shouldn't be *too* hard to write up a custom script.

> and we'd need to find a reasonable way to analyze the existing logs to
> see if the RBLs would have dropped any legitimate traffic if they'd been
> turned on "for real"...

I think that probably the only way to identify legitimate traffic is
for a human to look at it.  Not really scalable, but I could take a
random sample.

In the recent past, I have personally run into systems using the SORBS
RBL that block my (IMO legitimate) mail.  So at this point, I'm not too
fond of the idea of using them.

Vance Kochenderfer        |  "Get me out of these ropes and into a
vance at happylemur.com      |   good belt of Scotch"    -Nick Danger


More information about the wplug-internet mailing list