You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Dan Mahoney, System Admin" <da...@prime.gushi.org> on 2004/09/27 18:52:41 UTC
Preferred DNSBL
Hey guys, as a quick survey, if you're blocking ips at the MTA level,
which are you using?
-Dan
--
"A mother can be an inspiration to her little son, change his thoughts,
his mind, his life, just with her gentle hum."
-No Doubt, "Different People", from "Tragic Kingdom"
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
Re: Preferred DNSBL
Posted by Bob Apthorpe <ap...@cynistar.net>.
On Tue, 28 Sep 2004 10:47:20 -0400 Kris Deugau <kd...@vianet.ca> wrote:
> Bob Apthorpe wrote:
> > I also firewall traffic from unassigned ARIN netspace - see
> > http://www.iana.org/assignments/ipv4-address-space.
>
> I did this for a while, but somewhere along the line some of those
> unassigned netblocks got assigned. I didn't discover this until about 6
> months after one corporate customer suddenly couldn't send mail to one
> of their suppliers. Fortunately I had implemented a workaround in the
> meantime.
>
> I've since removed that section of my firewall setup.
It changes slowly but you definitely need to stay on top of it (and yes,
I've been caught by this as well.) As mentioned before, Cymru.com has
some great resources for keeping current. I'm especially fond of their
IP -> AS lookup tool.
--
Bob Apthorpe
Re: Preferred DNSBL
Posted by Tony Finch <do...@dotat.at>.
On Tue, 28 Sep 2004, Kris Deugau wrote:
>
> I did this for a while, but somewhere along the line some of those
> unassigned netblocks got assigned. I didn't discover this until about 6
> months after one corporate customer suddenly couldn't send mail to one
> of their suppliers. Fortunately I had implemented a workaround in the
> meantime.
You should read http://www.cymru.com/Bogons/ and subscribe to the
bogons-announce list.
Tony.
--
f.a.n.finch <do...@dotat.at> http://dotat.at/
THE MULL OF GALLOWAY TO MULL OF KINTYRE INCLUDING THE FIRTH OF CLYDE AND THE
NORTH CHANNEL: WEST OR SOUTHWEST 3 OR 4, OCCASIONALLY 5 AT FIRST, BECOMING
VARIABLE 3 OR 4 LATER. RAIN DYING OUT. MODERATE BECOMING GOOD. SLIGHT OR
MODERATE.
Re: Preferred DNSBL
Posted by Kris Deugau <kd...@vianet.ca>.
Bob Apthorpe wrote:
> I also firewall traffic from unassigned ARIN netspace - see
> http://www.iana.org/assignments/ipv4-address-space.
I did this for a while, but somewhere along the line some of those
unassigned netblocks got assigned. I didn't discover this until about 6
months after one corporate customer suddenly couldn't send mail to one
of their suppliers. Fortunately I had implemented a workaround in the
meantime.
I've since removed that section of my firewall setup.
-kgd
--
Get your mouse off of there! You don't know where that email has been!
Re: Preferred DNSBL
Posted by sn...@fastmail.fm.
On Tue, 28 Sep 2004 08:57:28 -0500, "Bob Apthorpe"
<ap...@cynistar.net> said:
> Hi,
Hello.
> On Mon, 27 Sep 2004 15:10:30 -0700 snowjack@fastmail.fm wrote:
>
> > On Mon, 27 Sep 2004 12:52:41 -0400 (EDT), "Dan Mahoney, System Admin"
> > <da...@prime.gushi.org> said:
> > > Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> > > which are you using?
> >
> > I think it's a bad idea and don't do it at all. Much better to configure
> > your MTA to reject mail based on a SpamAssassin score which nicely
> > combines the RBLs and other spam indicators. Our MTA returns a 550 after
> > the DATA is received on any message that SpamAssassin scores higher than
> > 10, which blocks about 90% of all spam we get (that's about 70% of all
> > incoming mail, lately).
>
> I'll counter that rejecting before DATA saves on bandwidth and CPU, and
> can be done safely with a judicious choice of DNSBLs.
I like your choice of RBL's, but your definition of 'safely' doesn't
match up with what my users consider an acceptable number of false
positives.
--
snowjack@fastmail.fm
Re: Preferred DNSBL
Posted by Bob Apthorpe <ap...@cynistar.net>.
Hi,
On Mon, 27 Sep 2004 15:10:30 -0700 snowjack@fastmail.fm wrote:
> On Mon, 27 Sep 2004 12:52:41 -0400 (EDT), "Dan Mahoney, System Admin"
> <da...@prime.gushi.org> said:
> > Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> > which are you using?
>
> I think it's a bad idea and don't do it at all. Much better to configure
> your MTA to reject mail based on a SpamAssassin score which nicely
> combines the RBLs and other spam indicators. Our MTA returns a 550 after
> the DATA is received on any message that SpamAssassin scores higher than
> 10, which blocks about 90% of all spam we get (that's about 70% of all
> incoming mail, lately).
I'll counter that rejecting before DATA saves on bandwidth and CPU, and
can be done safely with a judicious choice of DNSBLs. Here's part of my
Postfix config, comments appended:
smtpd_client_restrictions = permit_mynetworks, # my net
# manual white- and blacklists
check_client_access hash:/etc/postfix/access,
# systems persistently bouncing mail to nonexistent users
check_client_access hash:/etc/postfix/access_bounce_morons,
# systems with no fDNS or rDNS; this can FP if you correspond with
# poorly-managed systems
reject_unknown_client,
# no need to accept mail from known exploited machines, open relays,
# open proxies, dynamically-assigned addresses, or systems that can't
# accept mail
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client combined.njabl.org,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client rhsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client relays.ordb.org,
reject_rbl_client bogusmx.rfc-ignorant.org
I manually maintain a list of servers that HELO as my domain and that
have sent to spamtraps and broken addresses (a surprising amount of
web-scraping robots choke on plus-tagged addresses; you'd be appalled at
how much mail is directed at sa@cynistar.net, an address that has never
worked.)
I also firewall traffic from unassigned ARIN netspace - see
http://www.iana.org/assignments/ipv4-address-space. I've hacked in
multiline greeting banner support and plan to upgrade Postfix to support
greylisting/tempfailing which should gracefully reject a lot of traffic
with minimal false positives.
> If I was forced to reject based on a single RBL for some reason, I would
> look at the scores SpamAssassin gives for a hit on each one as a fairly
> objective indicator of which RBLs are best. Note that DSBL.org scores
> highest, with SpamHaus' XBL right behind. As I understand it, the
> genetic algorithms reduce the scores a lot if a significant number of
> false positives are encountered.
My approach is to understand the listing policies of each blacklist,
verify those policies are followed consistently, and decide whether the
listing policy is defensible to my user base. I don't really care how
the GA scores each list because I'm blocking on the basis of a known and
defensible policy. My choice of lists will vary depending on the user
base but my rationale won't.
And yes, I watch my logs.
Anything that passes all that gets handed to SpamAssassin and the little
spam that does make it through gets fed to SpamCop.
--
Bob Apthorpe
Re: Preferred DNSBL
Posted by sn...@fastmail.fm.
On Mon, 27 Sep 2004 12:52:41 -0400 (EDT), "Dan Mahoney, System Admin"
<da...@prime.gushi.org> said:
> Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> which are you using?
I think it's a bad idea and don't do it at all. Much better to configure
your MTA to reject mail based on a SpamAssassin score which nicely
combines the RBLs and other spam indicators. Our MTA returns a 550 after
the DATA is received on any message that SpamAssassin scores higher than
10, which blocks about 90% of all spam we get (that's about 70% of all
incoming mail, lately).
If I was forced to reject based on a single RBL for some reason, I would
look at the scores SpamAssassin gives for a hit on each one as a fairly
objective indicator of which RBLs are best. Note that DSBL.org scores
highest, with SpamHaus' XBL right behind. As I understand it, the
genetic algorithms reduce the scores a lot if a significant number of
false positives are encountered.
RCVD_IN_NJABL_RELAY 0 0.934 0 1.397
RCVD_IN_NJABL_DUL 0 1.655 0 0.088
RCVD_IN_NJABL_SPAM 0 1.051 0 1.841
RCVD_IN_NJABL_PROXY 0 1.026 0 0.438
RCVD_IN_SORBS_HTTP 0 0 0 0.043
RCVD_IN_SORBS_MISC 0 0 0 0.338
RCVD_IN_SORBS_SMTP 0 1.597 0 2.493
RCVD_IN_SORBS_SOCKS 0 1.847 0 2.054
RCVD_IN_SORBS_WEB 0 0 0 0.007
RCVD_IN_SORBS_ZOMBIE 0 0.819 0 0
RCVD_IN_SORBS_DUL 0 0.137 0 1.987
RCVD_IN_SBL 0 1.050 0 0.107
RCVD_IN_XBL 0 2.511 0 3.076
DNS_FROM_RFC_POST 0 1.376 0 1.614
DNS_FROM_RFC_ABUSE 0 0.374 0 0
DNS_FROM_RFC_WHOIS 0 0.492 0 0.296
RCVD_IN_RFC_IPWHOIS 0 1.140 0 1.664
DNS_FROM_RFC_BOGUSMX 0 1.463 0 2.630
RCVD_IN_DSBL 0 2.765 0 3.805
DNS_FROM_AHBL_RHSBL 0 0.070 0 0.295
RCVD_IN_BL_SPAMCOP_NET 0 1.832 0 1.216
RCVD_IN_RSL 0 0.677 0 1.720
--
snowjack@fastmail.fm
Re: Preferred DNSBL
Posted by Barry Porter <ba...@bpuk.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan Mahoney, System Admin wrote:
> Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> which are you using?
list.dsbl.org
sbl-xbl.spamhaus.org
cn.countries.nerd.dk
- --
Regards
Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (Windows XP Pro SP2)
Comment: Public Key: http://bpuk.net/openpgpkey1.html
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBWEe+3wKVPLs2unURAnK1AJwKa8b3yja2oW/x5xTs72swsmmbRgCeJAJE
ZQ10gnM03VPc7cCYEy+7PmQ=
=T0vX
-----END PGP SIGNATURE-----
Re: Preferred DNSBL
Posted by Ed Kasky <ed...@esson.net>.
At 05:01 AM Thursday, 9/30/2004, John Fleming wrote -=>
>----- Original Message -----
>From: "Ed Kasky" <ed...@esson.net>
>To: <us...@spamassassin.apache.org>
>Sent: Monday, September 27, 2004 2:49 PM
>Subject: Re: Preferred DNSBL
>
>
> > Rejects Since Sunday 4:00 am via rbls:
> >
> > spamcop: 65
> > maps rbl+: 154
> > dsbl.org: 9
> > njabl.org: 18
> > spamhaus: 18
>
>What/how are you guys gathering the data above? Thanks - John
A simple shell script that I found somewhere and tweaked for my needs:
#!/bin/bash
#
# spam-stats -- print counts of clean and spammy messages
# from spamassassin.
#echo -e "========================================="
echo -e "SpamAssassin Results for:"
date
echo -e "spam:" `grep "identified spam" /var/log/maillog | wc -l`
echo -e "clean:" `grep "clean message" /var/log/maillog | grep spamd |wc -l`
echo -e "skipped:" `grep "skipped large" /var/log/maillog | wc -l`
echo -e "total:" `grep "spamd[[0-9]*]: connection from" /var/log/maillog |
wc -l`
echo -e "processed:" `grep "processing message" /var/log/maillog | wc -l`
echo -e "========================================="
echo -e "maps rbl+:" `grep "refused by blackhole site
rbl-plus.mail-abuse.org" /var/log/maillog | wc -l`
Produces the following:
SpamAssassin Results for:
Thu Sep 30 13:44:03 PDT 2004
spam: 261
clean: 1715
skipped: 0
total: 1967
processed: 1976
=========================================
maps rbl+: 625
I have more greps but you get the idea...
Ed
. . . . . . . .
Unthinking respect for authority is the greatest enemy of truth.
-Albert Einstein, physicist, Nobel laureate (1879-1955)
Re: [sa-list] Re: Preferred DNSBL
Posted by "Dan Mahoney, System Admin" <da...@prime.gushi.org>.
On Thu, 30 Sep 2004, John Fleming wrote:
I would say a simple "daemon" to tail -F the logfile (-F to cover
rotations, etc), and parse strings for the specific blocklist messages.
-Dan
>
> ----- Original Message -----
> From: "Ed Kasky" <ed...@esson.net>
> To: <us...@spamassassin.apache.org>
> Sent: Monday, September 27, 2004 2:49 PM
> Subject: Re: Preferred DNSBL
>
>
>> Rejects Since Sunday 4:00 am via rbls:
>>
>> spamcop: 65
>> maps rbl+: 154
>> dsbl.org: 9
>> njabl.org: 18
>> spamhaus: 18
>
> What/how are you guys gathering the data above? Thanks - John
>
>
--
"Is Gushi a person or an entity?"
"Yes"
-Bad Karma, August 25th 2001, Ezzi Computers, Quoting himself earler, referring to Gushi
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
Re: Preferred DNSBL
Posted by John Fleming <jo...@wa9als.com>.
----- Original Message -----
From: "Ed Kasky" <ed...@esson.net>
To: <us...@spamassassin.apache.org>
Sent: Monday, September 27, 2004 2:49 PM
Subject: Re: Preferred DNSBL
> Rejects Since Sunday 4:00 am via rbls:
>
> spamcop: 65
> maps rbl+: 154
> dsbl.org: 9
> njabl.org: 18
> spamhaus: 18
What/how are you guys gathering the data above? Thanks - John
Re: Preferred DNSBL
Posted by Ed Kasky <ed...@esson.net>.
At 12:59 PM Monday, 9/27/2004, Raymond Dijkxhoorn wrote -=>
>Hi!
>
>>Rejects Since Sunday 4:00 am via rbls:
>>
>>spamcop: 65
>>maps rbl+: 154
>>dsbl.org: 9
>>njabl.org: 18
>>spamhaus: 18
>
>The question is always, did you block any legit mail...
Since this server supplies email for a limited number of users, we made the
decision to be aggressive in blocking and then allow anyone who gets
legitimate email blocked. They just have to get a hold of us. We are
small enough that it is very easy to contact us. If it were a different
situation, then a different policy would apply.
I work at a very large university (NCAA Div. 1) and the policy there is a
just a bit more complicated than my little domain. There are privacy and
research considerations that I just don't have to consider. They have
implemented Brightmail on a voluntary basis but implement no MTA blocking.
Ed
. . . . . . . .
I distrust those people who know so well what God wants them to
do because I notice it always coincides with their own desires.
-Susan B Anthony, reformer and suffragist (1820-1906)
Re: Preferred DNSBL
Posted by David Brodbeck <gu...@gull.us>.
John Rudd wrote:
> 1) Greet_Delay (default 30 seconds) -- had some brief false positives
> with mac.com, but they fixed their MTA to stop being so impatient.
You might want to keep in mind that some MTAs that do callout
verification use 30 seconds as the default timeout, and if you make them
wait too long you may have trouble sending mail to them. I think this
is too short, personally, but it's the default in Exim. Incidentally,
if you delay all hosts, I think you'll find that some of AOL's servers
get disconnected.
Personally, I don't delay all hosts, just ones that meet one of these
conditions:
- Listed in a DNSBL as being a spam source or dynamic IP
- No reverse DNS
Also, if they give me an invalid recipient, they get a 60-second penalty
before they can try another one.
Re: Preferred DNSBL
Posted by John Rudd <jr...@ucsc.edu>.
On Sep 27, 2004, at 12:59 PM, Raymond Dijkxhoorn wrote:
> Hi!
>
>> Rejects Since Sunday 4:00 am via rbls:
>>
>> spamcop: 65
>> maps rbl+: 154
>> dsbl.org: 9
>> njabl.org: 18
>> spamhaus: 18
>
> The question is always, did you block any legit mail...
>
I realize that the thread here is specifically about DNSBL's, but I
think one tool alone isn't going to be much use. I use a number of
things on my MTA in addition to using SpamAssassin+Razor. Here are the
things I use on my MTA (sendmail 8.13):
1) Greet_Delay (default 30 seconds) -- had some brief false positives
with mac.com, but they fixed their MTA to stop being so impatient.
2) Connection Rate Control (default 2 connections) -- I have had one
site try to send me quick messages, from a mailing list my wife is on,
that got blocked, but they trickle through later in the day when that
happens. Otherwise, I've seen a few sites show up in there that were
clearly trying to spam me (and/or do a dictionary type attack on me),
but got caught by the connection rate control.
3) SBL and XBL, listed separately so that I can track them
individually. I block FAR more SBL than XBL hosts, and I have yet to
see any host names in the logs that look even remotely legitimate. And
no complaints from anyone that I have been blocking their legit mail.
Since I started using those, I get so few spam messages that I almost
never have something for spam assassin to drop into my spam folder.
Yet, all of my legit mail still comes through.
Re: Preferred DNSBL
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hi!
> Rejects Since Sunday 4:00 am via rbls:
>
> spamcop: 65
> maps rbl+: 154
> dsbl.org: 9
> njabl.org: 18
> spamhaus: 18
The question is always, did you block any legit mail...
Bye,
Raymond.
Re: Preferred DNSBL
Posted by Will Yardley <sa...@veggiechinese.net>.
On Mon, Sep 27, 2004 at 12:49:14PM -0700, Ed Kasky wrote:
> At 09:52 AM Monday, 9/27/2004, Dan Mahoney, System Admin wrote -=>
> > Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> > which are you using?
> Rejects Since Sunday 4:00 am via rbls:
>
> spamcop: 65
> maps rbl+: 154
> dsbl.org: 9
> njabl.org: 18
> spamhaus: 18
Of course with most MTAs, first match wins, so the ordering of the lists
in your configuration may have something to do with this if there's
overlap.
We use cbl, and an internally compiled list.
Re: Preferred DNSBL
Posted by Ed Kasky <ed...@esson.net>.
Rejects Since Sunday 4:00 am via rbls:
spamcop: 65
maps rbl+: 154
dsbl.org: 9
njabl.org: 18
spamhaus: 18
At 09:52 AM Monday, 9/27/2004, Dan Mahoney, System Admin wrote -=>
>Hey guys, as a quick survey, if you're blocking ips at the MTA level,
>which are you using?
>
>-Dan
Ed
. . . . . . . .
I distrust those people who know so well what God wants them to
do because I notice it always coincides with their own desires.
-Susan B Anthony, reformer and suffragist (1820-1906)
Re: Preferred DNSBL
Posted by Tony Finch <do...@dotat.at>.
On Mon, 27 Sep 2004, Dan Mahoney, System Admin wrote:
> Hey guys, as a quick survey, if you're blocking ips at the MTA level, which
> are you using?
The MAPS RBL+ is our most effective blocking rule.
Tony.
--
f.a.n.finch <do...@dotat.at> http://dotat.at/
FORTIES: WEST OR NORTHWEST 6 OR 7, VEERING NORTH 3 OR 4. RAIN OR SHOWERS.
MODERATE OR GOOD.
Re: Preferred DNSBL
Posted by Jeff Chan <je...@surbl.org>.
On Monday, September 27, 2004, 9:52:41 AM, System Dan Mahoney wrote:
> Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> which are you using?
sbl-xbl.spamhaus.org
list.dsbl.org
Spamhaus catches 90+% of them.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: Preferred DNSBL
Posted by Kelson <ke...@speed.net>.
Dan Mahoney, System Admin wrote:
> Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> which are you using?
Just one: Spamhaus SBL+XBL
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
RE: Preferred DNSBL
Posted by Greg Deputy <gr...@blastzone.com>.
spamhaus
> -----Original Message-----
> From: Dan Mahoney, System Admin [mailto:danm@prime.gushi.org]
> Sent: Monday, September 27, 2004 9:53 AM
> To: users@spamassassin.apache.org
> Subject: Preferred DNSBL
>
>
> Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> which are you using?
>
> -Dan
>
> --
>
> "A mother can be an inspiration to her little son, change his
> thoughts, his mind, his life, just with her gentle hum."
>
> -No Doubt, "Different People", from "Tragic Kingdom"
>
>
> --------Dan Mahoney--------
> Techie, Sysadmin, WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144 AIM: LarpGM
> Site: http://www.gushi.org
> ---------------------------
>
>
Re: Preferred DNSBL
Posted by Andy Jezierski <aj...@stepan.com>.
"help@nantucket.net" <he...@nantucket.net> wrote on 09/27/2004 12:42:20 PM:
> Agreed, comcast.net's mail servers were in sorbs big list...our customers
> didnt like that!
>
> it might be helpful to know in what capacity the servers are working
> in...ISPs, corporate, private?
>
That's why I tend to shy away from the big combined lists and the overly
aggressive lists. I pick and choose certain lists and keep a watchful eye
on things to make sure things don't go awry. When I switched to the
spamhaus sbl-xbl list, the number of blocked E-Mails shot sky high, I was
hoping I'd found THE list, but unfortunately the next day the inquiring
E-Mails from my users started coming in and it was back to the regular sbl
list.
And as Chris mentioned, delay-checks in sendmail is your friend. We have a
couple of customers in Indonesia that started getting blocked because their
ISP was added to one of the lists. A quick edit of the access file and
they were allowed in while keeping the spammers out. They were maybe 1 out
of every 500 spam messages, but they were a customer, so it was nice to be
able to block the spammers while still allowing valid E-Mail in. Without
delay-checks, I would have had to drop that list.
Corporate site BTW.
Andy
Re: Preferred DNSBL
Posted by "help@nantucket.net" <he...@nantucket.net>.
Agreed, comcast.net's mail servers were in sorbs big list...our customers
didnt like that!
it might be helpful to know in what capacity the servers are working
in...ISPs, corporate, private?
> From: Andy Jezierski <aj...@stepan.com>
> Date: Mon, 27 Sep 2004 12:18:21 -0500
> To: users@spamassassin.apache.org
> Subject: Re: Preferred DNSBL
>
>
>
>
>
> "Dan Mahoney, System Admin" <da...@prime.gushi.org> wrote on 09/27/2004
> 11:52:41 AM:
>
>> Hey guys, as a quick survey, if you're blocking ips at the MTA level,
>> which are you using?
>>
>> -Dan
>>
>> --
>
> Sorted by number of hits, the first three are by far the big hitters. Had
> sbl-xbl.spamhaus.org for a while but had to switch back to the plain sbl
> because of some false positives.
>
> dul.dnsbl.sorbs.net
> sbl.spamhaus.org
> http.dnsbl.sorbs.net
>
> socks.dnsbl.sorbs.net
> misc.dnsbl.sorbs.net
> opm.blitzed.org
> misc.dnsbl.sorbs.net
> relays.ordb.org
>
>
> Andy
>
Re: Preferred DNSBL
Posted by Andy Jezierski <aj...@stepan.com>.
"Dan Mahoney, System Admin" <da...@prime.gushi.org> wrote on 09/27/2004
11:52:41 AM:
> Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> which are you using?
>
> -Dan
>
> --
Sorted by number of hits, the first three are by far the big hitters. Had
sbl-xbl.spamhaus.org for a while but had to switch back to the plain sbl
because of some false positives.
dul.dnsbl.sorbs.net
sbl.spamhaus.org
http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
opm.blitzed.org
misc.dnsbl.sorbs.net
relays.ordb.org
Andy
RE: Preferred DNSBL
Posted by Bret Miller <br...@wcg.org>.
> Hey guys, as a quick survey, if you're blocking ips at the MTA level,
> which are you using?
sbl-xbl.spamhaus.org
Re: Preferred DNSBL
Posted by "Jack L. Stone" <ja...@sage-american.com>.
At 12:52 PM 9.27.2004 -0400, Dan Mahoney, System Admin wrote:
>Hey guys, as a quick survey, if you're blocking ips at the MTA level,
>which are you using?
>
>-Dan
>
Sendmail's access.db/milter-regex & milter-greylist(delay, not block)
Cannot get milter-sender to work because it requires compiling in DB3+
to Sendmail that is in the base system -- FBSD-4.10p2. Would sure like
to use its callback feature to verify sender's mailbox
and ability to look in my aliases DB for good recips.
I've become a real milter fan because they use less resources.
HTH....
Best regards,
Jack L. Stone,
Administrator
Sage American
http://www.sage-american.com
jacks@sage-american.com