On Thu, 12 Feb 2004, Theo Van Dinter wrote:
> On Thu, Feb 12, 2004 at 10:16:50AM -0600, Dana Holland wrote:
> > When blocking certain addresses (spammers), is it better to use
> > access.db in sendmail, or use the blacklist feature in sa-mimedefang.cf?
>
> "better" is a relative term. I would vote that if you know the access.db
> entries are always going to be correct (ie: no false positives), then
> block at the MTA.
>
> Otherwise, make it a blacklist/etc. (SA, BTW, supports access databases ...)
Agreed. When blocking at the MTA level it is low overhead and
no "Joe-Job" bounces, however higher potential for collateral damage
in the case of an incorrect entry.
(Heck, I've even resorted to router filtering on rare occasion to block
seriously obnoxious pests ;)
One thing that you should do to reduce the collateral damage level
is to enable the "delay_checks" feature and put Spam-Friends entries in
your access.db file for "postmaster" "administrator" and other such
system management type addresses.
That way if somebody is erroneously blocked, they can get an appeal
thru to "postmaster@your.site".
Also customize the reject error message telling them to send mail
to postmaster for more info.
One other thing to consider, if you use SA+sendmail+miter, you can
do SMTP rejects based upon the spam score. This gives you the
advantage of SMTP reject blocking combined with the power
of SA scoring.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{