Re: [gentoo-user] Greylisting vs. reject_rbl_client

[Grant]

> Do you think the reject_rbl_client stuff is safer than greylisting?
>
> - Grant

1. Blacklists have the HIGHEST false positive rate of any anti-spam
technique other than sending all mail to /dev/null. 34%
http://www.paulgraham.com/falsepositives.html

2. Blacklists block the least amount of spam. 24%
So it's wrong more often than right.

3. All Blacklists are run by jackasses. Yes, even the ones you like.
http://www.internetnews.com/xSP/article.php/8_1143551
http://www.peacefire.org/anti-spam/group-statement.5-17-2001.html
http://www.networkworld.com/research/2001/0910feat.html

and far too much personal experience*

        In my experience over the past two to three years greylisting and
simple header checks have blocked 99% of spam before it gets to the
queue and generated less admin overhead with false positives and other
nonsense. I'd call its accuracy a solid 99.9% since I've only had to
whitelist three sets of servers over the years, YMMV. It might not be
99.9 for everyone, but it will be far better than blacklisting. There
are some quirks with greylisting, but overall it's been very effective
without much downside.

I can't say enough bad things about blacklisting.

kashani

* The first ISP I worked for actually hosted public.com which has
probably been the most hijacked domain ever. It's a fun Monday morning
when some moron decided to block your entire ISP without actually
looking at the headers. It gets slightly less fun the fifth and sixth
time it happens. Homicide is considered when they assume they are
automatically right, are as rude as possible to you, and then stall for
a day before they grudgingly remove you.

Do you think this postfix anti-spam configuration is OK:

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
       permit_mynetworks,
       reject_non_fqdn_hostname,
       reject_invalid_hostname,
       permit
smtpd_sender_restrictions =
       permit_mynetworks,
       reject_non_fqdn_sender,
       reject_unknown_sender_domain,
       permit
smtpd_recipient_restrictions =
       permit_mynetworks,
       reject_non_fqdn_recipient,
       reject_unknown_recipient_domain,
       reject_unauth_destination,
       permit

Would it be OK to remove the following aliases since I never use them:

# Well-known aliases -- these should be filled in!
root:           grant
operator:       grant

# Standard RFC2142 aliases
abuse:              grant
ftp:                grant
hostmaster:         grant
news:               grant
noc:                grant
security:           grant
usenet:             grant
uucp:               grant
webmaster:          grant
www:                grant
--
gentoo-user@gentoo.org mailing list