[sclug] dynamic iptables updates for SMTP server

Darren Davison darren at davisononline.org
Tue Jun 3 16:46:53 UTC 2008 

On Tue, Jun 03, 2008 at 12:45:16PM +0100, Mark Robson wrote:
> Relying on third party blacklists for spam prevention is very bad;
> they usually contain quite a few false positives. If you have a site
> of any size, you are likely getting false positives (which you won't
> know about becuase your mail server doesn't even accept the mail to
> find out what it is).

yeah, I'm aware of that.  But since it's a small home network, accepting
around 150 legitimate mails a day for my wife and I (the vast majority
being unimportant mailing list traffic for me), I can live with it.
It's happened maybe once or twice in 3 years that someone has told me
legitimate mail got blocked or otherwise failed to arrive in my inbox.


> You may of course use a third party blacklist as an indicator that a
> delivery attempt is more likely to contain spam, but should not reject
> connections based on the assumption that anything on a blacklist will
> only ever attempt to send spam.

'should not' is a matter of taste of course, so long as the decision is
made in face of the facts.  For which, see above.


> Is it causing a performance problem? Have you measured the performance
> impact? Is the bandwidth of rejecting connections really costing you
> money?

as my ISP meters bandwidth during office hours, so if most of that
traffic occurs during that time, there's a good possibility it might.
Of course, if I just allowed the spam in as you suggest, that
possibility becomes ever greater as the payload of the message could be
aything.  Mainly I'm trying to avoid reaching the situation where I get
flooded with connection attempts, and to take action before the
situation gets critical either from a cost (money or performance) point
of view.

 
> I am assuming that this message actually reaches you (i.e. your RBL
> doesn't include google's server that this message comes out of)

obviously not.

Well, I thank you for the reply and for your opinions on how I should
set up my mail, but it doesn't in any way address the question asked.
Does anyone know of such a thing? (before I attempt to write it -
badly!)

Regards,

-- 
Darren Davison
Public Key: 0xE855B3EA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://sclug.org.uk/pipermail/sclug/attachments/20080603/98ce708a/attachment.bin

More information about the Sclug mailing list