NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2004-12

Re: Greylist before or after validating recipient? (and what order to do spam checks in general)

From: Robin Lynn Frank (rlfrankparadigm-omega.com)
Date: Wed Dec 22 2004 - 13:52:58 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-12-22 at 10:16, John Pettitt wrote:
> I was having a discussion about greylisting and the question of when
> to do it came up. I currently greylist first and then only doing
> recipient validation after SPF, rbl and greylist checks. The logic
> being that greylisting before recipient validation makes dictionary
> attacks unprofitable. However it was suggested to me that it would be
> better to reject invalid recipients first to reduce server load (not a
> problem on my server but a potential issue for the person I was
> talking to).
>
> What's the collective wisdom of the list on the ordering of spam
> checks (greylist, spf, rbl's user validation etc)

First, let me state I make no claim that this is wisdom. ;-)

The order we do things is:

1. Recipient validation (if it isn't valid, kill for efficiency)
2. Greylisting (see if it is real before going thru all the look ups)
3. IP and/or domain lookups for client/helo/sender, etc.
4. DNSBL/RHSBL
5. SPF (less productive than above items)*
6. header/body checks (wait till now because its resource-intensive)
7. content filter ( ditto, but even worse

* Actually, we are not currently using SPF, but our last tests showed it
to be less useful than all the items preceding it.

In other words, we put the most productive and least resource-hungry
items first.

--
Robin Lynn Frank Director of Operations
(0 0) Paradigm-Omega, LLC
V http://www.paradigm-omega.com/
=====================================================================
Infinite spamtraps at http://paradigm-omega.net/cgi-bin/custmail.cgi
=====================================================================
Good spam? Sure, low priced coffins for spammers!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Sed quis custodiet ipsos custodes?

iD8DBQBBydCLo0pgX8xyW4YRAlsNAKCyht1KjoyuDDlm6cthXzilZBK86gCgzTuy
YaDEKletMZh9pkteKRHIi2w=
=QtTJ
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]