1 |
On 21/5/2011, at 5:14pm, Pandu Poluan wrote: |
2 |
> ... |
3 |
> Well, we've been receiving obvious spams from @yahoo.com, @gmail.com, |
4 |
> and these are valid addresses (apparently people who got phished). |
5 |
|
6 |
Have you checked they're originating at yahoo / gmail servers? Anyone can spoof a from: address. |
7 |
|
8 |
> Plus, the Gentoo document I linked earlier also linked to a document |
9 |
> that considers RBLs as... not quite effective. |
10 |
|
11 |
I am sceptical of this conclusion, but you certainly shouldn't be relying upon them as if they're a magic bullet. |
12 |
|
13 |
> In addition, if I rely only on DKIM+SPF+RBL, there will be collateral |
14 |
> damage, i.e., false positives. |
15 |
|
16 |
Only if you choose to reject them on this basis. |
17 |
|
18 |
Why don't you greylist messages that fail DKIM/SPF? |
19 |
|
20 |
> For business reasons, we'd rather have |
21 |
> false negatives (one or two spams got through every week) rather than |
22 |
> false positives. In addition, a cursory check on our clients indicates |
23 |
> that only a few percentage of them implemented SPF. Much less DKIM. |
24 |
> |
25 |
> Due to the above reasons, I need a spamfiltering solution that relies |
26 |
> on analyzing the messages themselves. |
27 |
|
28 |
You're not looking at email filtering in a layered, "holistic" manner. |
29 |
|
30 |
Your answer is "throw spamassassin at the problem, that'll fix it". Personally I've found spamassassin exceedingly poor, if dumbly used in a "naive" manner. |
31 |
|
32 |
Since you've done a check on your clients, you already have some hosts you know to permit. Why would you throw away messages from them? If your answer is "because you told me to do DKIM+SPF+RBL" then you're wrong - I just advised you to look at the bigger picture. |
33 |
|
34 |
Stroller. |