On Fri, 2004-09-24 at 14:04 +0200, David wrote:
[This next bit was quoting Tony Finch]
> > Our best rejecter is the RBL+ (35% of rejections) followed by sender
> > callback verification (25%) and the SBL-XBL (15%)
>
> do you use callback after or before helo checks ? for us callback
> verification produces only 1.30% of the rejections, about 17 times
> less rejections than helo checks
Tony did say he checked DNS lists before HELO.
It does look very much from those sets of figures that HELO & DNSBL
checks are broadly very similar in effectiveness.
I would have thought that a basic HELO check - by which I mean checking
for:-
* someone pretending to be me
* particular known bad patterns
would be rather cheaper than a DNSBL check, so my inclination would be
to put them ahead of DNSBL if I was going to reject based on them.
Obviously if you are doing any form of HELO reverse mapping check (ie
DNS lookups on the HELO) then DNSBL/HELO checks would have very similar
complexity and the same sort of DNS caused RTT delays.
I really should go an look and see just what I run on exim.org at
present :-)
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
