[KLUG Members] Tuning qmail

Bruce Smith members@kalamazoolinux.org
Thu, 12 Feb 2004 08:40:35 -0500

Previous message: [KLUG Members] Tuning qmail
Next message: [KLUG Members] Tuning qmail
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > 1.) SPAMCop, support for this is built into almost all MDA/MTAs.  All
> > it takes is a DNS query per message.  We've found this blocks almost
> > all SPAM, and anything that comes through can be easily reported.
> > This is Morrison's only anti-SPAM mechanism and we get almost none.
> 
> What false positive problems have you had with SpamCop? Have you had to
> whitelist any addresses?

I'm another VERY happy spamcop user.  At my work, spamcop blocks about
9000 spams every week.  We've been using spamcop for years and have had
almost no problems.

The only thing we've ever encountered is (twice I think), we've had a
customer who couldn't send us email.  Sales gets all panic-like and my
boss tells me to shut off spamcop.  I reply "so, you want me to open the
gates and let 9000+ spam though?".  Then he says:  ah ah ah ah ah ah ah
what else can we do?  We check into this and our customer is the user of
a MAJOR domestic broadband provider, we find the IP of the MTA he's
using (server run by his ISP), check with spamcop, and sure enough, that
IP is blacklisted and has lot of sample spam with it.  We then inform
our customer to call his ISP and let them know that one (or more) of
their users are sending spam through their network, they are being
blacklisted, and tell the ISP to get a handle on their spam situation.
A couple days later and all is fixed.  No more problems.

So instead of letting 9000+ spam into our network, we shutdown at least
one major spammer instead.  Much better solution, IMO.  :-)

When we first started, we only blocked a few hundred spam per week. 
Since then it's been constantly increasing (to ~9000/week now).  The
amount of spam getting though has also increased, although the overall
percentage of spam getting though is probably the same or less.  It's
getting to the point now that I'm going to give spamassassin (or
something else) a try in addition to spamcop.

Since Spamcop is driven by users reporting spam, it's my opinion that
there is no such thing as a "false positive" with spamcop.  Other people
tend to disagree (I'm BCC'ing one such person on this email, maybe he'll
join this list and tell us his side about why he won't use spamcop). :-)

 - BS

Previous message: [KLUG Members] Tuning qmail
Next message: [KLUG Members] Tuning qmail
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]