--On Wednesday, August 18, 2004 3:48 pm +0100 "Alan J. Flavell"
<a.flavell@???> wrote:
> On Wed, 18 Aug 2004, Ian Eiloart wrote:
>
>> I think that depends on what you mean by "good". In my experience,
>> we reject in the region of 20,000 spams per day from sites that
>> respond with an "unknown local part" error (or similar).
>
> I'm rather sure that there are relatively few of those rejected mails
> which are really offered "from" sites which then repudiate their own
> senders' addresses!
I agree. That's the purpose of the test.
> I'd surmise that almost all of the rejected items
> are being offered to you by MTAs which have nothing to do with the
> purported envelope sender domain.
Well, true, but I have no way of checking that for most domains.
> So I'd have to ask you to consider, how many callouts has _that_
> involved to innocent sites whose only crime was to be the victim of
> this kind of fraud?
About 20,000 per day. But that figure isn't per site. That's the total
number of failed callouts that I do in a day.
> I don't know what volume of mail you handle, but if you're not
> applying every possible rejection criterion that can be applied
> locally /before/ you resort to trying a callout, then you're basically
> throwing the work of rejecting spam onto innocent sites whose only
> offence was to get their domain faked by spammers. That's not a fair
> deal, IMHO.
Good point. I'm not sure of the order, but I think we do this later rather
than earlier. I'll take a look at the config - after all, this is a
relatively expensive test for us, as well as them.
> I don't mind playing my *reasonable* part in responding to callouts
> and helping to block spam; but if I was having to handle 20,000
> callouts a day for spams which are really not my fault, then I might
> take a different view.
Ah, I see that you thought I meant 20k per site. I didn't mean to give that
impression, sorry.
> (In truth of course we've no idea, when we reject a "bounce" for a
> non-existent user here, whether we're rejecting a misguided
> non-delivery report, or responding to a callout. I count 4k+ so far
> this week on our departmental mailer. I *suppose* that most of those
> are in fact misguided non-delivery reports, and that callouts are
> rather unusual, but I really have no idea, nor do I know how to find
> out.)
>
> In the same time that we've responded to those 4k+ bounces, we've made
> only 620 actual callouts (some of which were cached and used to reject
> multiple spam attempts, of course). The key point that I'm trying to
> make here is that we rejected *most* spam attempts at an earlier stage
> (due to tell-tale HELO signs, DNSrbl lookups, local blacklists etc.)
> rather than using the CPU of some innocent bystander to implement
> callouts for us. Unacceptable HELO: about 2k, DNSrbl rejections: 3k,
> local blacklists: 2k, etc. (that's so far this week) and only
> resorted to callouts in a fraction of cases where experience shows
> it's worth a try.
>
>> We get about 500 per day that reject mail from the null sender,
>
> But this is a secondary issue. The primary one is the principle of
> using callout at all, and, if so, under what conditions. I suppose
> we'll be hearing from Suresh shortly... ;-)
>
> As you can see, we're a fairly small operation in global terms.
> Perhaps you're already rejecting (let's say) 500,000 mails a day on
> other criteria?
Well no, today we've rejected 8k
> best regards
>
> --
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>## details at http://www.exim.org/ ##
>
--
Ian Eiloart
Servers Team
Sussex University ITS
