* On 2006-11-02 at 17:53 GMT, eclark wrote:
> Jon, please refer to Matthias' previous email, regarding use of rbls
> to do greylisting, not blacklisting. Specifically these bits:
>
> dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10 acl greylist dnsrbl
> "SORBS DUN" delay 12h
They are being greylisted. Or am I missing the point? I'm hoping
milter-greylist doesn't blacklist _anything_ else I'm going to have
serious issues.
I'll definitely take a look at this, but it'll have to wait until a
version which supports it is released as stable, as I don't have time
to track beta releases at the moment.
> Its far easier to greylist everything under the sun with varied
> durations and whitelist one problem user, than white list everyone
> and try to force a handful regular expressions to compensate for
> your overly lenient policy.
Unfortunately this simply isn't possible in an organisation like the
BBC. You say one problem user; the reality is that this is likely to
be a thousand, all with broadcast critical (literally) issues. We
have such a diverse set of requirements and policies that it is very
tricky to balance the spam issue.
> The greylist all + 1min delay on non-dynamic ips (we greylist those
> in sorbs for 6 hours) has slashed our network bandwidth costs by
> 30%, and has knocked out a clean 78-85% of our inbound mail traffic.
> The principle behind the extremely short duration greylist is to
> obliterate botnets.
Indeed, I'd love to be able to implement rulesets like this, but in a
broadcast organisation you simply cannot afford delays on legitimate
email. Even with a 1 minute greylist on *, you are going to hit
issues with clients which retry after 15 minutes, 30 minutes, or
longer. If you're broadcasting Chris Moyles who wants people to email
in about a particular topic, but they don't get emails through until
after the show has finished, they're not going to be happy. Same goes
for breaking news stories for News24, etc. You get the idea...
This was only a test, and it didn't work very well. I'll re-evaluate
the situation in light of other emails on this thread and try again
another time.
Thanks,
--
Jonathan Perkin Unix Systems Administrator
Formerly BBC Technology http://www.siemens.co.uk/sbs/
Siemens Business Services Ltd, Maiden House, Vanwall Road, Maidenhead
-=-
This email (and any attachments) contains confidential information and
is for the exclusive use of the addressee(s). Any views contained in
this e-mail are not the views of Siemens Business Services, ORS unless
specifically stated. If you are not the addressee then any distribut-
ion, copying or use of this email is prohibited. If received in error
please advise the sender and delete / destroy it immediately. We acc-
ept no liability for any loss or damage suffered by any person aris-
ing from use of this e-mail / fax. Please note that Siemens Business
Services ORS monitors e-mails sent or received. Further communication
will signify your consent to this.
-=-
Siemens Business Services Ltd Registered No: 04128934 England
Registered Office: Siemens House, Oldbury, Bracknell, Berks. RG12 8FZMessage
Re: Limiting resident memory usage
2006-11-02 by Jonathan Perkin