Discussion:
Recommended spam.lists and/or sendmail dnsbl settings?
Johnny Stork
2007-12-04 22:17:36 UTC
Permalink
With the ongoing changes to various RBL's and the recent threads on
spamhaus, can someone recommend or share a good/current spam.lists file
along with a recommended "Spam List =" line? and/or sendmail.mc dnsbl
settings?

I used to have

Spam List = spamhaus-ZEN spamhaus.org spamcop.net

Also, from what I understand, adding the DNSBL to sendmail will block
mail without passing into MS, and setting/using them in MS and NOT
sendmail will score and tag offending mail.

Can someone suggest an optimal combination of sendmail dnsbl and MS
"Spam List=" settings? Should I use both? or just one based on whether I
want to block/tag SPAM?


This is what I currently have in sendmail.mc

FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected " $&{client_addr}
" - see http://www.spamhaus.org/SBL/"')dnl
FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " $&{client_addr} " -
see http://dnsbl.njabl.org/method.html"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected "
$&{client_addr} " found in bl.spamcop.net"')dnl
FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected "
$&{client_addr} " found in chinanet.blackholes.us"')dnl
--
*Johnny Stork*
Business & Technology Consultant
***@openenterprise.ca
shuttlebox
2007-12-05 01:19:27 UTC
Permalink
Post by Johnny Stork
I used to have
Spam List = spamhaus-ZEN spamhaus.org spamcop.net
Also, from what I understand, adding the DNSBL to sendmail will block
mail without passing into MS, and setting/using them in MS and NOT
sendmail will score and tag offending mail.
If you use RBL:s in MS you will not score mail, that can only be done
in SA, there's however this option: "Spam Lists To Be Spam". If you
use several RBL:s like above you can set how many are needed for a
message to be blocked, note that MS RBL:s will always override the SA
score.
Post by Johnny Stork
Can someone suggest an optimal combination of sendmail dnsbl and MS
"Spam List=" settings? Should I use both? or just one based on whether I
want to block/tag SPAM?
Use RBL:s only in SA if you want the most accurate spam protection. If
you have performance problems you can block with Sendmail too.
--
/peter
Duncan, Brian M.
2007-12-05 02:27:22 UTC
Permalink
Can someone explain how to get Mailscanner to NOT check any other RBL's
listed in "Spam List =" directive after it hits at least 1?

I have these mailscanner config items set currently:

Spam Lists To Be Spam = 1
Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL

(we pay for use of the maps-all RBL which is now owned by Trend Micro)

As it stands here is an example message that was logged:

to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL

Which suggests to me it is testing against ALL RBL's I have in the Spam
List directive, and NOT stopping after it hits 1.

I read in another email about changing the order of the RBL's in the
Spam List but as it stands now for me it looks like it would have no
impact because
It looks like it's checking them all every time.

If anyone could please tell me how you get this working with Mailscanner
that would be great.

Thanks
-----Original Message-----
Of shuttlebox
Sent: Tuesday, December 04, 2007 1:19 PM
To: MailScanner discussion
Subject: Re: Recommended spam.lists and/or sendmail dnsbl settings?
Post by Johnny Stork
I used to have
Spam List = spamhaus-ZEN spamhaus.org spamcop.net
Also, from what I understand, adding the DNSBL to sendmail
will block
Post by Johnny Stork
mail without passing into MS, and setting/using them in MS and NOT
sendmail will score and tag offending mail.
If you use RBL:s in MS you will not score mail, that can only
be done in SA, there's however this option: "Spam Lists To Be
Spam". If you use several RBL:s like above you can set how
many are needed for a message to be blocked, note that MS
RBL:s will always override the SA score.
Post by Johnny Stork
Can someone suggest an optimal combination of sendmail dnsbl and MS
"Spam List=" settings? Should I use both? or just one based
on whether
Post by Johnny Stork
I want to block/tag SPAM?
Use RBL:s only in SA if you want the most accurate spam
protection. If you have performance problems you can block
with Sendmail too.
--
/peter
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================
shuttlebox
2007-12-05 02:34:22 UTC
Permalink
Post by Duncan, Brian M.
I read in another email about changing the order of the RBL's in the
Spam List but as it stands now for me it looks like it would have no
impact because
It looks like it's checking them all every time.
I think they were talking about Sendmail but I agree that it would be
good if it worked like that in MS as well. Less traffic to the already
busy RBL:s and our servers would run faster too.
--
/peter
Scott Silva
2007-12-05 03:08:20 UTC
Permalink
Post by Duncan, Brian M.
Can someone explain how to get Mailscanner to NOT check any other RBL's
listed in "Spam List =" directive after it hits at least 1?
Spam Lists To Be Spam = 1
Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL
(we pay for use of the maps-all RBL which is now owned by Trend Micro)
to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL
Which suggests to me it is testing against ALL RBL's I have in the Spam
List directive, and NOT stopping after it hits 1.
I read in another email about changing the order of the RBL's in the
Spam List but as it stands now for me it looks like it would have no
impact because
It looks like it's checking them all every time.
If anyone could please tell me how you get this working with Mailscanner
that would be great.
Thanks
MailScanner does lookups in parallel, so you can't. Sendmail does the lookups
serialized, and stops at the first match. If you are going to delete these, do
so in sendmail (or other MTA). If you are going to score and pass or
quarantine, then do them later in mailscanner or with spamassassin.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Duncan, Brian M.
2007-12-05 08:22:58 UTC
Permalink
Thanks for confirming that for me.

So is this not a feature that would benefit many users?

The capability to have MailScanner NOT check ALL RBL's but in an order
based on how many the admin wants till it equals a failure?

It seems kind of inefficient to check ALL RBL's listed if an admin
trusts results from specific RBL's.

Like in my case I could avoid probably 80% of my queries to zen with
this capability.

"The Spam Lists To Be Spam" directive could still be set, but
MailScanner could quit RBL checks after meeting that condition.

It could even increase performance couldn't it for heavily loaded mail
servers?

In my organization we rely on MailScanner to do the RBL checks and pass
ALL mail through to end users (We need to, they can never afford to miss
a message) RBL failed messages are considered high scoring spam and get
a slightly different identifier to quickly identify an RBL'ed messages
from one that failed do to message content.
-----Original Message-----
Of Scott Silva
Sent: Tuesday, December 04, 2007 2:54 PM
Subject: Re: Recommended spam.lists and/or sendmail dnsbl settings?
Post by Duncan, Brian M.
Can someone explain how to get Mailscanner to NOT check any other
RBL's listed in "Spam List =" directive after it hits at least 1?
Spam Lists To Be Spam = 1
Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL
(we pay for use of the maps-all RBL which is now owned by
Trend Micro)
Post by Duncan, Brian M.
to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL
Which suggests to me it is testing against ALL RBL's I have in the
Spam List directive, and NOT stopping after it hits 1.
I read in another email about changing the order of the
RBL's in the
Post by Duncan, Brian M.
Spam List but as it stands now for me it looks like it
would have no
Post by Duncan, Brian M.
impact because It looks like it's checking them all every time.
If anyone could please tell me how you get this working with
Mailscanner that would be great.
Thanks
MailScanner does lookups in parallel, so you can't. Sendmail
does the lookups serialized, and stops at the first match. If
you are going to delete these, do
so in sendmail (or other MTA). If you are going to score
and pass or quarantine, then do them later in mailscanner or
with spamassassin.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================
Craig White
2007-12-05 08:32:48 UTC
Permalink
I think that the issue is to implement in your MTA so you 'reject' the
e-mail prior to subjecting it to MailScanner and thereby reducing the
load.

Craig
Post by Duncan, Brian M.
Thanks for confirming that for me.
So is this not a feature that would benefit many users?
The capability to have MailScanner NOT check ALL RBL's but in an order
based on how many the admin wants till it equals a failure?
It seems kind of inefficient to check ALL RBL's listed if an admin
trusts results from specific RBL's.
Like in my case I could avoid probably 80% of my queries to zen with
this capability.
"The Spam Lists To Be Spam" directive could still be set, but
MailScanner could quit RBL checks after meeting that condition.
It could even increase performance couldn't it for heavily loaded mail
servers?
In my organization we rely on MailScanner to do the RBL checks and pass
ALL mail through to end users (We need to, they can never afford to miss
a message) RBL failed messages are considered high scoring spam and get
a slightly different identifier to quickly identify an RBL'ed messages
from one that failed do to message content.
-----Original Message-----
Of Scott Silva
Sent: Tuesday, December 04, 2007 2:54 PM
Subject: Re: Recommended spam.lists and/or sendmail dnsbl settings?
Post by Duncan, Brian M.
Can someone explain how to get Mailscanner to NOT check any other
RBL's listed in "Spam List =" directive after it hits at least 1?
Spam Lists To Be Spam = 1
Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL
(we pay for use of the maps-all RBL which is now owned by
Trend Micro)
Post by Duncan, Brian M.
to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL
Which suggests to me it is testing against ALL RBL's I have in the
Spam List directive, and NOT stopping after it hits 1.
I read in another email about changing the order of the
RBL's in the
Post by Duncan, Brian M.
Spam List but as it stands now for me it looks like it
would have no
Post by Duncan, Brian M.
impact because It looks like it's checking them all every time.
If anyone could please tell me how you get this working with
Mailscanner that would be great.
Thanks
MailScanner does lookups in parallel, so you can't. Sendmail
does the lookups serialized, and stops at the first match. If
you are going to delete these, do
so in sendmail (or other MTA). If you are going to score
and pass or quarantine, then do them later in mailscanner or
with spamassassin.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================
Duncan, Brian M.
2007-12-05 08:56:15 UTC
Permalink
I guess it is the case that everyone has different needs.

We never reject messages at the MTA level. (Well actually messages that
are destined to users that do not have valid MS Exchange SMTP records
are rejected, so I guess never is not correct, but that is the only case
we reject at the edge)

RBL's tend to be a love/hate thing. We love them, based on the fact
that we still deliver every failed RBL message to the users Junk Mail
folder. (Giving them the option to "white list" in outlook RBL'ed
sources.

Given that Mailscanner allows "high scoring treatment" on RBL checked
messages, and then the capability to set the intended actions (including
delivery) I would think the extra control over RBL behavior could allow
even finer tuning in some environments.
-----Original Message-----
Of Craig White
Sent: Tuesday, December 04, 2007 8:33 PM
To: MailScanner discussion
Subject: RE: Recommended spam.lists and/or sendmail dnsbl settings?
I think that the issue is to implement in your MTA so you
'reject' the e-mail prior to subjecting it to MailScanner and
thereby reducing the load.
Craig
Post by Duncan, Brian M.
Thanks for confirming that for me.
So is this not a feature that would benefit many users?
The capability to have MailScanner NOT check ALL RBL's but
in an order
Post by Duncan, Brian M.
based on how many the admin wants till it equals a failure?
It seems kind of inefficient to check ALL RBL's listed if an admin
trusts results from specific RBL's.
Like in my case I could avoid probably 80% of my queries to
zen with
Post by Duncan, Brian M.
this capability.
"The Spam Lists To Be Spam" directive could still be set, but
MailScanner could quit RBL checks after meeting that condition.
It could even increase performance couldn't it for heavily
loaded mail
Post by Duncan, Brian M.
servers?
In my organization we rely on MailScanner to do the RBL checks and
pass ALL mail through to end users (We need to, they can
never afford
Post by Duncan, Brian M.
to miss a message) RBL failed messages are considered high scoring
spam and get a slightly different identifier to quickly identify an
RBL'ed messages from one that failed do to message content.
-----Original Message-----
Scott Silva
Sent: Tuesday, December 04, 2007 2:54 PM
Subject: Re: Recommended spam.lists and/or sendmail dnsbl
settings?
Post by Duncan, Brian M.
Post by Duncan, Brian M.
Can someone explain how to get Mailscanner to NOT check
any other
Post by Duncan, Brian M.
Post by Duncan, Brian M.
RBL's listed in "Spam List =" directive after it hits
at least 1?
Post by Duncan, Brian M.
Post by Duncan, Brian M.
Spam Lists To Be Spam = 1
Spam List = spamcop zen.spamhaus.org dnsbl cbl MAPS-ALL
(we pay for use of the maps-all RBL which is now owned by
Trend Micro)
Post by Duncan, Brian M.
to kattenlaw.com is zen.spamhaus.org, cbl, MAPS-ALL
Which suggests to me it is testing against ALL RBL's I
have in the
Post by Duncan, Brian M.
Post by Duncan, Brian M.
Spam List directive, and NOT stopping after it hits 1.
I read in another email about changing the order of the
RBL's in the
Post by Duncan, Brian M.
Spam List but as it stands now for me it looks like it
would have no
Post by Duncan, Brian M.
impact because It looks like it's checking them all every time.
If anyone could please tell me how you get this working with
Mailscanner that would be great.
Thanks
MailScanner does lookups in parallel, so you can't. Sendmail does
the lookups serialized, and stops at the first match. If you are
going to delete these, do
so in sendmail (or other MTA). If you are going to
score and pass
Post by Duncan, Brian M.
or quarantine, then do them later in mailscanner or with
spamassassin.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing
Practice Before the Internal Revenue Service, any tax advice
contained herein is not intended or written to be used and
cannot be used by a taxpayer for the purpose of avoiding tax
penalties that may be imposed on the taxpayer.
Post by Duncan, Brian M.
===========================================================
This electronic mail message and any attached files contain
information intended for the exclusive use of the individual
or entity to whom it is addressed and may contain information
that is proprietary, privileged, confidential and/or exempt
from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any viewing,
copying, disclosure or distribution of this information may
be subject to legal restriction or sanction. Please notify
the sender, by electronic mail or telephone, of any
unintended recipients and delete the original message without
making any copies.
Post by Duncan, Brian M.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois
limited liability partnership that has elected to be governed
by the Illinois Uniform Partnership Act (1997).
Post by Duncan, Brian M.
===========================================================
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Steve Freegard
2007-12-05 17:35:39 UTC
Permalink
Post by Duncan, Brian M.
I guess it is the case that everyone has different needs.
Yup - most definitely.
Post by Duncan, Brian M.
We never reject messages at the MTA level. (Well actually messages that
are destined to users that do not have valid MS Exchange SMTP records
are rejected, so I guess never is not correct, but that is the only case
we reject at the edge)
Count yourself very lucky then - I've worked with many companies in the
past that had similar policies. They got so much junk they were adding
extra MailScanner servers or upgrading existing machines every 6 months
or so to attempt to keep up with the load that this imposed on them.
Post by Duncan, Brian M.
RBL's tend to be a love/hate thing. We love them, based on the fact
that we still deliver every failed RBL message to the users Junk Mail
folder. (Giving them the option to "white list" in outlook RBL'ed
sources.
Yes - but in the case of Spamhaus (which is why people like them) if you
do some analysis you'll find that unless you've got horsepower, disk
space (and the associated money) to burn it isn't worth delivering these
messages.

From the last SpamAssassin mass-check network tests run:

xbl.spamhaus.org hit on 68.7% of spam messages and 0.0033% non-spam
messages (3 out of 90160 non-spam messages)

pbl.spamhaus.org hit on 61% of spam messages and 0.43% non-spam (390 out
of 90160 non-spam messages)

sbl.spamhaus.org hit on 1.26% of spam message and 0.0388% non-spam (35
out of 90160 non-spam messages)

Based on those stats - I love RBLs too as that tells me that I could
potentially gain 70% efficiency by rejecting them before they get to
MailScanner.
Post by Duncan, Brian M.
Given that Mailscanner allows "high scoring treatment" on RBL checked
messages, and then the capability to set the intended actions (including
delivery) I would think the extra control over RBL behavior could allow
even finer tuning in some environments.
I agree - everyone has different requirements and I think checking the
Spam Lists in order and stopping at the first hit would make sense from
an efficiency point of view.

Cheers,
Steve.
Peter Farrow
2007-12-05 18:40:15 UTC
Permalink
Post by Steve Freegard
Post by Duncan, Brian M.
I guess it is the case that everyone has different needs.
Yup - most definitely.
Post by Duncan, Brian M.
We never reject messages at the MTA level. (Well actually messages that
are destined to users that do not have valid MS Exchange SMTP records
are rejected, so I guess never is not correct, but that is the only case
we reject at the edge)
Count yourself very lucky then - I've worked with many companies in
the past that had similar policies. They got so much junk they were
adding extra MailScanner servers or upgrading existing machines every
6 months or so to attempt to keep up with the load that this imposed
on them.
Post by Duncan, Brian M.
RBL's tend to be a love/hate thing. We love them, based on the fact
that we still deliver every failed RBL message to the users Junk Mail
folder. (Giving them the option to "white list" in outlook RBL'ed
sources.
Yes - but in the case of Spamhaus (which is why people like them) if
you do some analysis you'll find that unless you've got horsepower,
disk space (and the associated money) to burn it isn't worth
delivering these messages.
xbl.spamhaus.org hit on 68.7% of spam messages and 0.0033% non-spam
messages (3 out of 90160 non-spam messages)
pbl.spamhaus.org hit on 61% of spam messages and 0.43% non-spam (390
out of 90160 non-spam messages)
sbl.spamhaus.org hit on 1.26% of spam message and 0.0388% non-spam (35
out of 90160 non-spam messages)
Based on those stats - I love RBLs too as that tells me that I could
potentially gain 70% efficiency by rejecting them before they get to
MailScanner.
Post by Duncan, Brian M.
Given that Mailscanner allows "high scoring treatment" on RBL checked
messages, and then the capability to set the intended actions (including
delivery) I would think the extra control over RBL behavior could allow
even finer tuning in some environments.
I agree - everyone has different requirements and I think checking the
Spam Lists in order and stopping at the first hit would make sense
from an efficiency point of view.
Cheers,
Steve.
For me,

If a sender/relay is listed on an RBL I reject it before it gets to
MailScanner. The sender knows they've been rejected so they can talk to
their ISP or IT dept to fix the problem. Personally I see no need to
even consider email from somebody who relayed through a blacklisted
server. This has not caused any complaints from my clients.

Regards

Pete
--
This message has been scanned for viruses and
dangerous content by the Enhancion system Scanner
and is believed to be clean.
http://www.enhancion.net
Scott Silva
2007-12-06 04:13:44 UTC
Permalink
Post by Peter Farrow
Post by Steve Freegard
Post by Duncan, Brian M.
I guess it is the case that everyone has different needs.
Yup - most definitely.
Post by Duncan, Brian M.
We never reject messages at the MTA level. (Well actually messages that
are destined to users that do not have valid MS Exchange SMTP records
are rejected, so I guess never is not correct, but that is the only case
we reject at the edge)
Count yourself very lucky then - I've worked with many companies in
the past that had similar policies. They got so much junk they were
adding extra MailScanner servers or upgrading existing machines every
6 months or so to attempt to keep up with the load that this imposed
on them.
Post by Duncan, Brian M.
RBL's tend to be a love/hate thing. We love them, based on the fact
that we still deliver every failed RBL message to the users Junk Mail
folder. (Giving them the option to "white list" in outlook RBL'ed
sources.
Yes - but in the case of Spamhaus (which is why people like them) if
you do some analysis you'll find that unless you've got horsepower,
disk space (and the associated money) to burn it isn't worth
delivering these messages.
xbl.spamhaus.org hit on 68.7% of spam messages and 0.0033% non-spam
messages (3 out of 90160 non-spam messages)
pbl.spamhaus.org hit on 61% of spam messages and 0.43% non-spam (390
out of 90160 non-spam messages)
sbl.spamhaus.org hit on 1.26% of spam message and 0.0388% non-spam (35
out of 90160 non-spam messages)
Based on those stats - I love RBLs too as that tells me that I could
potentially gain 70% efficiency by rejecting them before they get to
MailScanner.
Post by Duncan, Brian M.
Given that Mailscanner allows "high scoring treatment" on RBL checked
messages, and then the capability to set the intended actions (including
delivery) I would think the extra control over RBL behavior could allow
even finer tuning in some environments.
I agree - everyone has different requirements and I think checking the
Spam Lists in order and stopping at the first hit would make sense
from an efficiency point of view.
Cheers,
Steve.
For me,
If a sender/relay is listed on an RBL I reject it before it gets to
MailScanner. The sender knows they've been rejected so they can talk to
their ISP or IT dept to fix the problem. Personally I see no need to
even consider email from somebody who relayed through a blacklisted
server. This has not caused any complaints from my clients.
Regards
Pete
And for a critical host, whitelisting can be done while they fix their mess.
But not indefinitely. If they don't care to fix it, they shouldn't be running
a mailserver. I have even helped some of our business partners that had
systems set up by clueless or under trained people.
You always get the Mom and Pop shop that let their nephew Jimmy set up their
mail server because they didn't know any better. Most laymen think that e-mail
is like putting a postal mailbox in front of your house, and waiting for the
postman to stop. Although in some ways it is...have you seen the volume of
"spam" in your snail-mail box?
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Nathan Olson
2007-12-05 08:38:54 UTC
Permalink
There is a 'short circuit' feature in the newest versions of SpamAssassin that
I believe does what you are talking about (in SpamAssassin).

Nate
Duncan, Brian M.
2007-12-05 09:00:46 UTC
Permalink
Thanks I will look into that, we really like MailScanner (and have
donated) for the fine program, since we have handled RBL for years with
MailScanner it would be nice to continue to do it that way..

It just seems odd that there is not more control over RBL checking in
the Mailscanner product.

That is why I initially figured I must be missing something and there
must be a way to control how many RBL's it checks instead of all or
nothing type logic.
-----Original Message-----
Of Nathan Olson
Sent: Tuesday, December 04, 2007 8:39 PM
To: MailScanner discussion
Subject: Re: Recommended spam.lists and/or sendmail dnsbl settings?
There is a 'short circuit' feature in the newest versions of
SpamAssassin that I believe does what you are talking about
(in SpamAssassin).
Nate
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================
Scott Silva
2007-12-06 04:20:37 UTC
Permalink
Post by Duncan, Brian M.
Thanks I will look into that, we really like MailScanner (and have
donated) for the fine program, since we have handled RBL for years with
MailScanner it would be nice to continue to do it that way..
It just seems odd that there is not more control over RBL checking in
the Mailscanner product.
That is why I initially figured I must be missing something and there
must be a way to control how many RBL's it checks instead of all or
nothing type logic.
You haven't missed anything, it was just not put in. I think you would
actually waste more time on the serial lookups of the messages "not" in the
lists then you would save. DNS lookups don't add that much to the load.
Spamassassin is the real system hog, and you can already stop spamassassin if
a message hits the lists first.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Scott Silva
2007-12-06 04:08:05 UTC
Permalink
Post by Duncan, Brian M.
Thanks for confirming that for me.
So is this not a feature that would benefit many users?
The capability to have MailScanner NOT check ALL RBL's but in an order
based on how many the admin wants till it equals a failure?
It seems kind of inefficient to check ALL RBL's listed if an admin
trusts results from specific RBL's.
Like in my case I could avoid probably 80% of my queries to zen with
this capability.
"The Spam Lists To Be Spam" directive could still be set, but
MailScanner could quit RBL checks after meeting that condition.
It could even increase performance couldn't it for heavily loaded mail
servers?
It would actually lower performance as each message would have to be checked
one at a time one list at a time instead of firing off multiple queries and
looking at the hits afterward. Think of telling a joke in a room full of
people. Do you tell one person at a time and wait for a laugh (or not), or do
you tell groups of people at the same time?
If a sysadmin trusts a list that well, he/she usually uses it at the MTA. That
is the only way to really cut the load, because no further processing is done
on it. The batch processing is what puts mailscanner ahead of the other
options like mimedefang or amavisd (or ???).
Post by Duncan, Brian M.
In my organization we rely on MailScanner to do the RBL checks and pass
ALL mail through to end users (We need to, they can never afford to miss
a message) RBL failed messages are considered high scoring spam and get
a slightly different identifier to quickly identify an RBL'ed messages
from one that failed do to message content.
Since you forward all messages, you could have some preprocessor do rbl checks
and add headers and then get mailscanner to not re-scan those.

In my organisation, if they are on a trusted RBL, they only send spam.
Otherwise the un-trusted RBL's are scored with spamassassin like other
content. That way a message in a less than reliable list, with no other
content problems will usually get through unmolested.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Duncan, Brian M.
2007-12-13 03:06:03 UTC
Permalink
Post by Duncan, Brian M.
Post by Duncan, Brian M.
"The Spam Lists To Be Spam" directive could still be set, but
MailScanner could quit RBL checks after meeting that condition.
It could even increase performance couldn't it for heavily
loaded mail
Post by Duncan, Brian M.
servers?
It would actually lower performance as each message would
have to be checked one at a time one list at a time instead
of firing off multiple queries and looking at the hits
afterward. Think of telling a joke in a room full of people.
Do you tell one person at a time and wait for a laugh (or
not), or do you tell groups of people at the same time?
If a sysadmin trusts a list that well, he/she usually uses it
at the MTA. That is the only way to really cut the load,
because no further processing is done on it. The batch
processing is what puts mailscanner ahead of the other
options like mimedefang or amavisd (or ???).
I know this was from last week, I have been busy and did not see your
reply till today.

So you are saying currently Mailscanner sends out queries to ALL the
RBL's listed in the mailscanner conf, but does NOT wait for ALL of them
to reply?

Your analogy on telling a joke to a room full of people makes sense, but
if you have to wait for the room full of people to all laugh or not
laugh it seems less efficient unless I am missing something there.
Post by Duncan, Brian M.
From what I can see in my logs normally I have log entries for ALL the
RBL's that each message failed against. And only if an RBL times out
does it skip it. So does mailscanner after it queries all the RBL's
initially continue without pause even if one of the RBL's does NOT
answer?

I do see how serial lookup could slow things down now though, if RBL one
say no, then it goes onto RBL 2, etc.. So any valid mail will still wind
up queuing ALL the RBL's anyhow. Just not all at the same time, which
would add delay(how much I don't know). But if as it works now ALL
RBL's have to reply before Mailscanner thinks that it is done with that
message, the difference in time might be very minor. Especially if it
was serial, and you only wanted 1 RBL to fail and your servers receive
allot of Spam. (and your first specified RBL check is what you get your
largest hit on anyhow)
Post by Duncan, Brian M.
Post by Duncan, Brian M.
In my organization we rely on MailScanner to do the RBL checks and
pass ALL mail through to end users (We need to, they can
never afford
Post by Duncan, Brian M.
to miss a message) RBL failed messages are considered high scoring
spam and get a slightly different identifier to quickly identify an
RBL'ed messages from one that failed do to message content.
Since you forward all messages, you could have some
preprocessor do rbl checks and add headers and then get
mailscanner to not re-scan those.
I guess I will have to look into that if I want to do it. I just
figured it might be a benefit to have the capability to do it in
Mailscanner since it already has the RBL checking functionality, just
not the capability to do it in a serial manner.
Post by Duncan, Brian M.
In my organisation, if they are on a trusted RBL, they only
send spam.
Otherwise the un-trusted RBL's are scored with spamassassin
like other content. That way a message in a less than
reliable list, with no other content problems will usually
get through unmolested.
Yeah in my situation I work in an environment where a client could
technically be a Spammer. So many users need ALL messages that were
sent to them. I don't have the option of telling a user, the reason you
did not receive message X which related to a deal you were working on
was because they use an ISP that they just switched to that got assigned
a previous block of addresses that were black listed. They don't care
what I say, they just care they did not receive the message. So we do
this for all users. If something is RBL'ed and it came from a Spammer
we just tell them to add the user to their safe sender list in Outlook
and then I can still fight Spam while giving individual users the
control to receive what they want. Back before we did this, do you know
how much time I would waste having to assist other companies IT
departments in getting off an RBL? Now I never have to.

I wish I could dump RBL'ed messages at my edge. But all I can do is
wish.
Post by Duncan, Brian M.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================
Scott Silva
2007-12-13 04:33:06 UTC
Permalink
Post by Duncan, Brian M.
Post by Duncan, Brian M.
Post by Duncan, Brian M.
"The Spam Lists To Be Spam" directive could still be set, but
MailScanner could quit RBL checks after meeting that condition.
It could even increase performance couldn't it for heavily
loaded mail
Post by Duncan, Brian M.
servers?
It would actually lower performance as each message would
have to be checked one at a time one list at a time instead
of firing off multiple queries and looking at the hits
afterward. Think of telling a joke in a room full of people.
Do you tell one person at a time and wait for a laugh (or
not), or do you tell groups of people at the same time?
If a sysadmin trusts a list that well, he/she usually uses it
at the MTA. That is the only way to really cut the load,
because no further processing is done on it. The batch
processing is what puts mailscanner ahead of the other
options like mimedefang or amavisd (or ???).
I know this was from last week, I have been busy and did not see your
reply till today.
So you are saying currently Mailscanner sends out queries to ALL the
RBL's listed in the mailscanner conf, but does NOT wait for ALL of them
to reply?
Your analogy on telling a joke to a room full of people makes sense, but
if you have to wait for the room full of people to all laugh or not
laugh it seems less efficient unless I am missing something there.
Post by Duncan, Brian M.
From what I can see in my logs normally I have log entries for ALL the
RBL's that each message failed against. And only if an RBL times out
does it skip it. So does mailscanner after it queries all the RBL's
initially continue without pause even if one of the RBL's does NOT
answer?
I do see how serial lookup could slow things down now though, if RBL one
say no, then it goes onto RBL 2, etc.. So any valid mail will still wind
up queuing ALL the RBL's anyhow. Just not all at the same time, which
would add delay(how much I don't know). But if as it works now ALL
RBL's have to reply before Mailscanner thinks that it is done with that
message, the difference in time might be very minor. Especially if it
was serial, and you only wanted 1 RBL to fail and your servers receive
allot of Spam. (and your first specified RBL check is what you get your
largest hit on anyhow)
That is a best case senario.
<snip>
Post by Duncan, Brian M.
Post by Duncan, Brian M.
Since you forward all messages, you could have some
preprocessor do rbl checks and add headers and then get
mailscanner to not re-scan those.
I guess I will have to look into that if I want to do it. I just
figured it might be a benefit to have the capability to do it in
Mailscanner since it already has the RBL checking functionality, just
not the capability to do it in a serial manner.
Julian made this decision when he created mailscanner. It also uses this same
parallel processing on virus scanning, which saves a lot more cpu power. There
are already a bunch of other options that do it the way you would like.
Mimedefang, amavisd, and a few others that I can't remember right now. Julian
set out to make mailscanner stand out from the crowd. I think he was successful.
<snip>
Post by Duncan, Brian M.
Yeah in my situation I work in an environment where a client could
technically be a Spammer. So many users need ALL messages that were
sent to them. I don't have the option of telling a user, the reason you
did not receive message X which related to a deal you were working on
was because they use an ISP that they just switched to that got assigned
a previous block of addresses that were black listed. They don't care
what I say, they just care they did not receive the message. So we do
this for all users. If something is RBL'ed and it came from a Spammer
we just tell them to add the user to their safe sender list in Outlook
and then I can still fight Spam while giving individual users the
control to receive what they want. Back before we did this, do you know
how much time I would waste having to assist other companies IT
departments in getting off an RBL? Now I never have to.
I wish I could dump RBL'ed messages at my edge. But all I can do is
wish.
Yes, that is too bad. We drop 60 to 70% of all incoming messages at the MTA.
That is stuff I don't have to scan, check, store, or be responsible for.
Every requirement is different, that is why there are so many tools available.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Scott Silva
2007-12-05 03:05:07 UTC
Permalink
Post by Johnny Stork
With the ongoing changes to various RBL's and the recent threads on
spamhaus, can someone recommend or share a good/current spam.lists file
along with a recommended "Spam List =" line? and/or sendmail.mc dnsbl
settings?
I used to have
Spam List = spamhaus-ZEN spamhaus.org spamcop.net
Also, from what I understand, adding the DNSBL to sendmail will block
mail without passing into MS, and setting/using them in MS and NOT
sendmail will score and tag offending mail.
Can someone suggest an optimal combination of sendmail dnsbl and MS
"Spam List=" settings? Should I use both? or just one based on whether I
want to block/tag SPAM?
This is what I currently have in sendmail.mc
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected " $&{client_addr}
" - see http://www.spamhaus.org/SBL/"')dnl
FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " $&{client_addr} " -
see http://dnsbl.njabl.org/method.html"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected "
$&{client_addr} " found in bl.spamcop.net"')dnl
FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected "
$&{client_addr} " found in chinanet.blackholes.us"')dnl
If you put your spamhaus lookups at the bottom, you will generate less traffic
to them. The sendmail RBL lookups are serial and stop on the first positive.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Budi Febrianto
2007-12-05 07:57:51 UTC
Permalink
Post by Scott Silva
Post by Johnny Stork
This is what I currently have in sendmail.mc
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected "
$&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl
FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " $&{client_addr}
" - see http://dnsbl.njabl.org/method.html"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected "
$&{client_addr} " found in bl.spamcop.net"')dnl
FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected "
$&{client_addr} " found in chinanet.blackholes.us"')dnl
If you put your spamhaus lookups at the bottom, you will generate less
traffic to them. The sendmail RBL lookups are serial and stop on the
first positive.
ah, so if I put zen.spamhaus.org at the bottom of the list, it will
reduce a lot of query to spamhaus, so I should be safe ( I hope so).
I will put bl.spamcop.net at first, and two or three others before
zen.spamhaus.org.
--
Budi Febrianto
www.indomino.net/blog
Scott Silva
2007-12-06 04:26:10 UTC
Permalink
Post by Budi Febrianto
Post by Scott Silva
Post by Johnny Stork
This is what I currently have in sendmail.mc
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected "
$&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl
FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " $&{client_addr}
" - see http://dnsbl.njabl.org/method.html"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected "
$&{client_addr} " found in bl.spamcop.net"')dnl
FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected "
$&{client_addr} " found in chinanet.blackholes.us"')dnl
If you put your spamhaus lookups at the bottom, you will generate less
traffic to them. The sendmail RBL lookups are serial and stop on the
first positive.
ah, so if I put zen.spamhaus.org at the bottom of the list, it will
reduce a lot of query to spamhaus, so I should be safe ( I hope so).
I will put bl.spamcop.net at first, and two or three others before
zen.spamhaus.org.
Spamcop will probably catch a large portion, at least 60% or better.
You could also put cbl.abuseat.org before spamhaus, even if it is a double
lookup, because that list is a significant portion of the zen list, and will
cut lookups to zen even more.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Joost Waversveld
2007-12-06 16:28:45 UTC
Permalink
Post by Scott Silva
Post by Budi Febrianto
Post by Scott Silva
Post by Johnny Stork
This is what I currently have in sendmail.mc
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected "
$&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl
FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected "
$&{client_addr} " - see http://dnsbl.njabl.org/method.html"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected "
$&{client_addr} " found in bl.spamcop.net"')dnl
FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected "
$&{client_addr} " found in chinanet.blackholes.us"')dnl
If you put your spamhaus lookups at the bottom, you will generate
less traffic to them. The sendmail RBL lookups are serial and stop
on the first positive.
ah, so if I put zen.spamhaus.org at the bottom of the list, it will
reduce a lot of query to spamhaus, so I should be safe ( I hope so).
I will put bl.spamcop.net at first, and two or three others before
zen.spamhaus.org.
Spamcop will probably catch a large portion, at least 60% or better.
You could also put cbl.abuseat.org before spamhaus, even if it is a
double lookup, because that list is a significant portion of the zen
list, and will cut lookups to zen even more.
Because of your message I was looking on the website of the
cbl.abuseat.org and founf on http://cbl.abuseat.org/faq.html the
following text:
------------------------------------------------------------------------------------------
If you wish to download the CBL zone, YOU MUST register

WARNING: it is CBL policy that spam filter and spam filter service
vendors MUST obtain a paid-for feed from Spamhaus. Filter providers that
do not have a paid-for feed from Spamhaus, or who have not registered
for the CBL feed, MAY find themselves inhibited from obtaining a CBL
feed without warning.
------------------------------------------------------------------------------------------

I do not know how they count the connections to the servers, but
officially you will still need an paid-for feed from Spamhaus.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071206/09e3e905/attachment.html
Steve Freegard
2007-12-06 16:44:17 UTC
Permalink
Post by Joost Waversveld
Post by Scott Silva
Post by Budi Febrianto
Post by Scott Silva
Post by Johnny Stork
This is what I currently have in sendmail.mc
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected "
$&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl
FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected "
$&{client_addr} " - see http://dnsbl.njabl.org/method.html"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected "
$&{client_addr} " found in bl.spamcop.net"')dnl
FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected "
$&{client_addr} " found in chinanet.blackholes.us"')dnl
If you put your spamhaus lookups at the bottom, you will generate
less traffic to them. The sendmail RBL lookups are serial and stop
on the first positive.
ah, so if I put zen.spamhaus.org at the bottom of the list, it will
reduce a lot of query to spamhaus, so I should be safe ( I hope so).
I will put bl.spamcop.net at first, and two or three others before
zen.spamhaus.org.
Spamcop will probably catch a large portion, at least 60% or better.
You could also put cbl.abuseat.org before spamhaus, even if it is a
double lookup, because that list is a significant portion of the zen
list, and will cut lookups to zen even more.
Because of your message I was looking on the website of the
cbl.abuseat.org and founf on http://cbl.abuseat.org/faq.html the
------------------------------------------------------------------------------------------
If you wish to download the CBL zone, YOU MUST register
WARNING: it is CBL policy that spam filter and spam filter service
vendors MUST obtain a paid-for feed from Spamhaus. Filter providers that
do not have a paid-for feed from Spamhaus, or who have not registered
for the CBL feed, MAY find themselves inhibited from obtaining a CBL
feed without warning.
------------------------------------------------------------------------------------------
I do not know how they count the connections to the servers, but
officially you will still need an paid-for feed from Spamhaus.
That text is talking about downloading the *zone file* via rsync, not
querying the public mirrors.

Regards,
Steve.
Joost Waversveld
2007-12-06 17:27:25 UTC
Permalink
Post by Steve Freegard
Post by Joost Waversveld
Post by Scott Silva
Post by Budi Febrianto
Post by Scott Silva
Post by Johnny Stork
This is what I currently have in sendmail.mc
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `"554 Rejected "
$&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl
FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected "
$&{client_addr} " - see http://dnsbl.njabl.org/method.html"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected "
$&{client_addr} " found in bl.spamcop.net"')dnl
FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected "
$&{client_addr} " found in chinanet.blackholes.us"')dnl
If you put your spamhaus lookups at the bottom, you will generate
less traffic to them. The sendmail RBL lookups are serial and stop
on the first positive.
ah, so if I put zen.spamhaus.org at the bottom of the list, it will
reduce a lot of query to spamhaus, so I should be safe ( I hope so).
I will put bl.spamcop.net at first, and two or three others before
zen.spamhaus.org.
Spamcop will probably catch a large portion, at least 60% or better.
You could also put cbl.abuseat.org before spamhaus, even if it is a
double lookup, because that list is a significant portion of the zen
list, and will cut lookups to zen even more.
Because of your message I was looking on the website of the
cbl.abuseat.org and founf on http://cbl.abuseat.org/faq.html the
------------------------------------------------------------------------------------------
If you wish to download the CBL zone, YOU MUST register
WARNING: it is CBL policy that spam filter and spam filter service
vendors MUST obtain a paid-for feed from Spamhaus. Filter providers
that do not have a paid-for feed from Spamhaus, or who have not
registered for the CBL feed, MAY find themselves inhibited from
obtaining a CBL feed without warning.
------------------------------------------------------------------------------------------
I do not know how they count the connections to the servers, but
officially you will still need an paid-for feed from Spamhaus.
That text is talking about downloading the *zone file* via rsync, not
querying the public mirrors.
Regards,
Steve.
Ok, then it is a good solution. Sorry for the misunderstanding.

Regards, Joost Waversveld
Marcello Anderlini
2007-12-06 20:15:56 UTC
Permalink
I know this has been discussed many, many time but I still waiting for a
final and clear answer.

For example now, without change nothing spamassassin is very slow. I'm using
spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory.

I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and
razor, rulues_du_jour.

Now I'm getting:SpamAssassin timed out and was killed, failure 0 of 10 msg
error. If I run spamassassin --lint -debug I see just the test with all
check made by spamassassin but I can not understand where it became slow.

Thanks for any kind of answer and please use a easy and clear english.

Thanks a lot.

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: 05/12/2007
21.29
--
Messaggio verificato dal servizio antivirus di Database Informatica
Julian Field
2007-12-06 20:36:41 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try not using pyzor, to start with. Then try not using razor, then try
not using RBLs in SpamAssassin.
Post by Marcello Anderlini
I know this has been discussed many, many time but I still waiting for a
final and clear answer.
For example now, without change nothing spamassassin is very slow. I'm using
spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory.
I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and
razor, rulues_du_jour.
Now I'm getting:SpamAssassin timed out and was killed, failure 0 of 10 msg
error. If I run spamassassin --lint -debug I see just the test with all
check made by spamassassin but I can not understand where it became slow.
Thanks for any kind of answer and please use a easy and clear english.
Thanks a lot.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: 05/12/2007
21.29
Jules

- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.0 (Build 867)
Comment: (pgp-secured)
Charset: windows-1250

wj8DBQFHWAjpEfZZRxQVtlQRAjxwAKDwqWXNRgg5DWgr6y82rkcXNCVebACghHbv
3sppdhXpdlXjsS145zi/JTA=
=sZDY
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Richard Frovarp
2007-12-06 20:36:46 UTC
Permalink
Post by Marcello Anderlini
I know this has been discussed many, many time but I still waiting for a
final and clear answer.
For example now, without change nothing spamassassin is very slow. I'm using
spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory.
I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and
razor, rulues_du_jour.
Now I'm getting:SpamAssassin timed out and was killed, failure 0 of 10 msg
error. If I run spamassassin --lint -debug I see just the test with all
check made by spamassassin but I can not understand where it became slow.
Thanks for any kind of answer and please use a easy and clear english.
Thanks a lot.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: 05/12/2007
21.29
spamassassin --lint -debug doesn't do network tests. Give spamassassin
an email to work on to see if there is an issue with network tests.

Richard
Randal, Phil
2007-12-06 21:20:24 UTC
Permalink
Have you run sa-update?

Have you ensured that in /etc/MailScanner/MailScanner.conf

SpamAssassin Local State Dir=

and checked that when you run

MailScanner --debug --debug-sa

that the SA rules are being loaded from the correct directory?

e.g. /var/lib/spamassassin/3.002003/updates_spamassassin_org/

Cheers,

Phil

--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-----Original Message-----
Of Marcello Anderlini
Sent: 06 December 2007 14:01
To: 'MailScanner discussion'
Subject: Spamassassin speed
I know this has been discussed many, many time but I still
waiting for a
final and clear answer.
For example now, without change nothing spamassassin is very
slow. I'm using
spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory.
I've put /var/spool/MailScanner/incoming in memory. I'm using
pyzor and
razor, rulues_du_jour.
Now I'm getting:SpamAssassin timed out and was killed,
failure 0 of 10 msg
error. If I run spamassassin --lint -debug I see just the
test with all
check made by spamassassin but I can not understand where it
became slow.
Thanks for any kind of answer and please use a easy and clear english.
Thanks a lot.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release
Date: 05/12/2007
21.29
--
Messaggio verificato dal servizio antivirus di Database Informatica
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Matt Kettler
2007-12-06 22:47:13 UTC
Permalink
Post by Marcello Anderlini
I know this has been discussed many, many time but I still waiting for a
final and clear answer.
For example now, without change nothing spamassassin is very slow. I'm using
spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory.
I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and
razor, rulues_du_jour.
Word of warning: RDJ is almost obsolete, but is still useful for small-scale
rule developers. Any rules from the SpamAssassin team can be updated with
sa-update. You can also update SARE rules this way if you add their channel.

See also: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt


You can still use RDJ for various web-hosted rulsets that don't have sa-update
channel support. However, many copies of RDJ floating around support rulesets
that *nobody* should use. Make sure you're not using any of these sets with RDJ:

antidrug - part of SA official set since 3.0.0, and only maintained in the
official tree.

sa-blacklist - too large for anyone to practically use. Consumes about 500MB per
child and grinds SA to a screeching halt.

blacklist-uri - as above, and wholly redundant with the WS list on SURBL
(supported by default in SA 3.0 and higher if network tests are enabled.)
Martin.Hepworth
2007-12-06 20:20:54 UTC
Permalink
http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips

and the section after...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-----Original Message-----
Sent: 06 December 2007 14:01
To: MailScanner discussion
Subject: Spamassassin speed
I know this has been discussed many, many time but I still waiting for a
final and clear answer.
For example now, without change nothing spamassassin is very slow. I'm
using
spamassassin-3.2.3-1.el4.rf on centos 4.5 with 2gb memory.
I've put /var/spool/MailScanner/incoming in memory. I'm using pyzor and
razor, rulues_du_jour.
Now I'm getting:SpamAssassin timed out and was killed, failure 0 of 10 msg
error. If I run spamassassin --lint -debug I see just the test with all
check made by spamassassin but I can not understand where it became slow.
Thanks for any kind of answer and please use a easy and clear english.
Thanks a lot.
No virus found in this outgoing message.
Checked by AVG Free Edition.
05/12/2007
21.29
--
Messaggio verificato dal servizio antivirus di Database Informatica
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
Loading...