Thank you for your response !
Who on this list was using greylisting and then decided to turn it off. Looking for more feedback.
What rates of spam detection are you getting with surbl ? And what methods do you use to complement it. I would like to run some RFC checks but some of them seem to stringent.... I.E - Reverse PTR checks, etc
Thanks again !
Paul Schwarz Stark Truss Company, Inc. Senior Network Administrator (330) 478-2100
-----Original Message----- From: discuss-bounces@lists.surbl.org [mailto:discuss-bounces@lists.surbl.org] On Behalf Of Chris Santerre Sent: Tuesday, November 30, 2004 9:53 AM To: 'SURBL Discussion list' Subject: RE: [SURBL-Discuss] Hi I'm new and I like SURBL
-----Original Message----- From: Paul Schwarz [mailto:Paul.Schwarz@starktruss.com] Sent: Tuesday, November 30, 2004 9:03 AM To: 'SURBL Discussion list' Subject: [SURBL-Discuss] Hi I'm new and I like SURBL
Greetings noob, I mean Paul :-)
what are others thoughts of the effectiveness of SURBL , risks of false positives, CPU usage, etc
SURBL rocks, but I'm a bit partial. The risks of FP are low, and we strive to get them to zero. And anything reported as an FP is dealt with right away, by numerous people. We take them very seriously.
Lookups are quick and getting quicker with each new mirror added. If you have a LOT of traffic you can rsync to get lookups local. Directions are on the SURBL.org site.
I'm currently doing my spam checking in this order
sbl-xbl.spamhaus.org - reject at SMTP level standard greylisting SURBL
- using multi.surbl.org
I like everything but greylisting. It can have some issues when a timely email is needed. Particularly with airline info. We've seen it here from another SURBL contributor.
How are you guys doing it and do you have any suggestions ? Low false positives are my goal in my setup. I wondered if surbl should replace greylisting or RBL or should just complement.
Complement is always better, but if anything I would remove greylisting for now. With SURBL I don't think you need it. But if you have the time and don't mind waiting sometimes 20 minutes for some companies to resend, then go ahead.
I think you will be very happy with SURBL.
Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Wednesday, December 1, 2004, 6:57:36 AM, Paul Schwarz wrote:
What rates of spam detection are you getting with surbl ? And what methods do you use to complement it. I would like to run some RFC checks but some of them seem to stringent.... I.E - Reverse PTR checks, etc
RFC checks, reverse DNS lookups, etc are nearly worthless since so many mailers are not configured correctly.
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
On Wednesday, December 1, 2004, 6:57:36 AM, Paul Schwarz wrote:
What rates of spam detection are you getting with surbl ? And what methods do you use to complement it. I would like to run some RFC checks but some of them seem to stringent.... I.E - Reverse PTR checks, etc
RFC checks, reverse DNS lookups, etc are nearly worthless since so many mailers are not configured correctly.
tarpitting works nicely.... without the greylist drawbacks
Alex
on Wed, Dec 01, 2004 at 07:20:40AM -0800, Jeff Chan wrote:
On Wednesday, December 1, 2004, 6:57:36 AM, Paul Schwarz wrote:
What rates of spam detection are you getting with surbl ? And what methods do you use to complement it. I would like to run some RFC checks but some of them seem to stringent.... I.E - Reverse PTR checks, etc
RFC checks, reverse DNS lookups, etc are nearly worthless since so many mailers are not configured correctly.
I must admit that I'm finding it difficult to make any sense of this statement at all.
"Many mail servers are broken, so checking for brokenness is not useful?"
I tend to view this another way:
"If you do not accept mail from broken mail servers, maybe the idiots responsible for their being broken will fix the damn things."
On Wednesday, December 1, 2004, 8:04:58 AM, Steven Champeon wrote:
on Wed, Dec 01, 2004 at 07:20:40AM -0800, Jeff Chan wrote:
On Wednesday, December 1, 2004, 6:57:36 AM, Paul Schwarz wrote:
What rates of spam detection are you getting with surbl ? And what methods do you use to complement it. I would like to run some RFC checks but some of them seem to stringent.... I.E - Reverse PTR checks, etc
RFC checks, reverse DNS lookups, etc are nearly worthless since so many mailers are not configured correctly.
I must admit that I'm finding it difficult to make any sense of this statement at all.
"Many mail servers are broken, so checking for brokenness is not useful?"
I tend to view this another way:
"If you do not accept mail from broken mail servers, maybe the idiots responsible for their being broken will fix the damn things."
If 80% of the world's nominally legitimate mail servers are not RFC compliant, should you only accept mail from the 20%. I tend to doubt it.
Jeff C. -- "If it appears in hams, then don't list it."
On Wednesday, December 1, 2004, 6:57:36 AM, Paul Schwarz wrote:
What rates of spam detection are you getting with surbl ?
SURBLs have been shown to detect about 85% of spam by mail volume, which is probably near the theoretical limit of what such a system can do.
Jeff C. -- "If it appears in hams, then don't list it."