gordan at bobich
Dec 30, 2010, 12:22 PM
Post #14 of 19
(679 views)
Permalink
|
|
Re: Which spam filtering package do you think is best?
[In reply to]
|
|
On 12/30/2010 05:54 PM, Tomas Kuliavas wrote:
>>>>> Can I collect opinions here about favorite/least favorite spam
>>>>> filtering packages, for use in a dbmail environment?
>>>>>
>>>>> What have you had luck with? What works best? What's your opinion?
>>>>> Which should a happy dbmail (postfix) user, now getting too much
>>>>> spam, use for filtration?
>>>>>
>>>>> TIA, Lou Picciano
>>>>>
>>>>> I'm using sqlgrey (postgrey implementation with database (mysql)) and
>>>>> spamassassin. So far so good. sqlgrey is the best tool (to my
>>>>> knowledge)
>>>>> for front-line protection against spam before spamassassin takes over
>>>>> the job. I'm welcome for other suggestions.
>>>> So, you don't mind not receiving mail from multi-homed hosts (*cough*
>>>> gmail *cough*)? Greylistting's very concept is broken by design.
>>>
>>> So using myriad of outgoing email servers is not something unusual.
>>
>> You are missing the point. Consider this scenario. A server has multiple
>> NICs on different networks, all routing to the internet. The default
>> route gets rotated around (when it expires, after a few minutes) in
>> order to load balance. This sort of a setup is fairly common on big
>> installations (helps with resiliency, too).
>>
>> So, such a server gets a message in it's outbound spool. It tries to
>> deliver it to you via one of it's several routes/NICs. You see the
>> connection, greylist it and temporarily reject. Server goes away for a
>> bit. By the time it retries, the route has expired, and you get an
>> incoming connection from the same server but from a different source IP.
>> Your greylist hasn't seen that IP, so you temporarily reject again. This
>> can go on forever. Some of your mail might get lucky and get through.
>> Most will probably get massively delayed, and some will likely keep
>> bouncing in the outgoing spool until it expires and bounces back,
>> several days later.
>
> So network design with routes that last less than couple of hours is
> perfectly ok? Trying to feed same email from different locations is
> exactly what spammer would do.
Equal cost routes rotate all the time, frequently on a per-TCP-session
basis. It's a perfectly legitimate, RFC compliant thing to do.
If spammers start to have heavily multi-homed zombies on a large scale,
that would arguably be pretty concerning.
>>> Anyone who does not like some tool can call it broken by design.
>>
>> You are mixing up cause and effect. I dislike tools if they are broken.
>> I don't call them broken because I dislike them.
>
> If you have information that tool has problems with some types of
> networking setups, you should say that it has problems with such setups.
Sure, and if you are happy to have unreliable service between your
servers and MSPs with multi-homed hosts, then you are welcome to break
your mail servers as much as you like. I don't really care.
> Tool works fine with other servers. Design is not broken. Calling
> something broken by design does not show what is broken in design. It only
> shows that you dislike the tool.
It's broken because it demonstrably fails, by it's very design, to work
reliably in a very real and valid scenario.
Gordan
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
|
signature.asc
