From: Robert Felber (no email)
Date: Tue Aug 02 2005 - 03:42:11 EDT
Well, we are using it too, of course and I set the default scores as it
seems reasonable for our environment and with an eye to the RFCs.
Also I must note, that the development might be slow as I have not only mail to
handle but also MS clients and users which keep me running because of jammed
printers or coffee-machines ;)
I admit that policyd-weight lacks heavily of a proper documentation which
should help others to adjust scores, even more when I consider, that the scores
manipulate eachother.
Also I am aware of the DNS HELO/FROM check issues of _very_ bad configured
clients. Especially when I know that even HELOs and FROMs are treated valid
if they are only in a /24 or /16 network, but some admins cannot even manage
this.
The problem I see is, that big players think about SPF/greylisting.
SPF is a nice idea.
But SPF is the same thing as setting up (half) correct DNS entries.
Another problem with SPF is, that this will block forwarders.
Greylisting might also cause FPs and forces you to whitelist, I don't say
greylisting is bad, but for some it is no option.
To solve the HELO/FROM check failure issue, the devel version has an option
to turn off tests after DNSBL lookups. If I am right, there are policyd
daemons out there, which do also scored DNSBL checks, maybe those are more
suitable as they might be smaller.
To solve the "perfect"-scoring issue I am thinking about a section like
"Contributed configurations" with a rating and download counter and some
additional information about how many mails the submitter has to handle and
so on. But this is future talk.
For the moment I have to prepare the release of the devel version as beta which
includes that I have to rewrite some "documention" and informations and also
to reorganisate(spell?) the FreeBSD port.
For perl coders: I appreciate patches which help to ease the chance of FPs
without adding a big hole for spammers and without adding 10% of current
CPU/MEM/bandwidth requirements.
The philosophy of policyd-weight is: reduce bandwidth, reduce CPU time,
reduce bogus mails, reduce administrative work (no whitelisting, and so on):
whois checks are no option (bandwidth),
SPF is no option (no proper scoring mechanism available)
Another approach would be, that postfix checks are scored (soft error?) and
the mail gets rejected at the max soft error level or something like this.
This would also reduce CPU time and bandwidth and give some more
freedom/tolerance to admins.
-- rob
|
|
|