Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Karsten M. Self kmself@ix.netcom.com
Tue Feb 3 02:18:28 PST 2004


on Tue, Feb 03, 2004 at 06:47:45AM +0100, Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) wrote:
> * Mike MacCana <mikem@cyber.com.au>:
> 
> > > Better idea: send the bounce to an email address at the sending MX's
> > > domain that must exist, abuse@. If *that* bounces, then put them on the FRC
> > > ignorant blacklist.
> 
> a) there is more than one RFC-ignorant blacklist

Care to enlighten us to those you find useful/useless?  I suspect most
of us are familiar with rfc-ignorant.org.

> > Replying to myself: of course, it'd help if Melbourne IT hadn't made the
> > whole of .com.au RFC ignorant a few months back. Ah well...
> 
> b) nobody who is still sane uses the ipwhois or whois blacklists

Well, after listing a Comcast /12 for a typoed (but nonetheless
nondeliverable) IP WHOIS contact, I heard back from a namless UC
Berkeley EE grad and Debian user who asked me what the hell I was doing,
and went two rounds of email before admitting that, yes, the listing was
technically accurate, and any spam filtering resulting was the result of
a misinterpretation of results.


*Most* DNSBLs provide false-positive results, in terms of flagging mail
which isn't strictly spam.  Hell, you'd expect them to.  They don't flag
email, they flag IPs, and do so on various criteria.

What you *will* find is that used as a weighted predictor of spam,
they're pretty accurate.  And if used to determine quality of service
you're willing to provide a remote SMTP server on some gratation finer
than 1/0, they can be very useful.  E.g.:  teergrubing, firewalling, or
rate-limiting connections from an IP, netblock, ASN, or whatever.

DNSBLs provide information.  What you do with them is your problem,
restricted by your MTA's capabilities.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Ceterum censeo, Caldera delenda est.
		        SCO vs IBM Linux lawsuit info:  http://sco.iwethey.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040203/8d4b773e/attachment.pgp 


More information about the linux-elitists mailing list