Re: [exim] Integrating URI Blacklists into Exim

Alan J. Flavell wrote:
> On Thu, 18 May 2006, Johann Spies wrote:
>
>
>> I have so far considered spamassassin's approach to blacklist as a
>> safer option. As I understand it that a single rule in Spamassassin
>> is not supposed to allocate enough points to categorise the mail as
>> spam.
>>
>
> You have the choice!
>
> But this idea is not exclusive to spamassassin. We have some
> RCPT-time ACLs which are designed to reject mail only if a certain
> combination of factors occurs together.
>
> Considering the comparative overhead involved in accepting DATA and
> feeding it to spamassassin, it seems to me that if one can, with good
> confidence, reject an item at an earlier stage (e.g RCPT), then it's
> good to do so. (Although I know that not everyone is of that
> opinion.)
>
>

It depends on your circumstances. If you have a small operation and
excessive processing power then you can run everything through the
standard Spam Assassin setup and do a reasonably good job of filtering
spam. In my situation I'm blocing over 2 million spams a day and doing
it with one primary spam filter and two backup servers. Performance is
important and anything I can reject before SA reduces system load. And
my setup is extremely customized and complex to help ensure that false
positives are avoided.

Sometimes you have to scream test things. Try something and watch it and
see if anyone screams. So far so good on this one. But I could modify
the code to make it require that the spam be listed in two lists before
it is rejected. And I might do that if I get false positives.

I rejected 20,000 messages yesterday using this and so far no
complaints. It's the best improvement I've made in a long time.