You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by R Lists06 <li...@abbacomm.net> on 2006/11/27 21:42:40 UTC
rbl insight and wisdom please
Hopefully this hasn't been rehashed to death on this list yet has there ever
been a general consensus as to which rbl's and similar lists are best to use
if you are going to engineer your mail systems with such?
Anyone care to share their implementations as well as current best and worst
practices please?
Thanks
- rh
--
Robert - Abba Communications
Computer & Internet Services
(509) 624-7159 - www.abbacomm.net
Re: rbl insight and wisdom please
Posted by Duane Hill <d....@yournetplus.com>.
Quinn Comendant wrote:
> I'm using the following with qmail's rblsmtpd:
>
> -r zen.spamhaus.org
> -r bl.spamcop.net
> -r relays.ordb.org
> -r cbl.abuseat.org
I believe the abuseat.org list is incorporated into the zen.spamhaus
list. At least it was with the sbl-xbl and xbl lists.
> I do find it very hard to determine if a list is "malfunctioning" and honest emails are blocked until clients start complaining. It has happened before with me using other blocklists.
>
> One idea just popped into my head: you can grep your logs for all IP addresses you trust (mail from the IPs of trusted users and their recipients) and run that list of IPs against an DNSRBL you are considering using.
>
> You can test a DNSRBL by reversing an IP and appending the RBL domain, so for 111.122.133.144, you might execute:
>
> dig 144.133.122.111.zen.spamhaus.org A | grep -v '^;'
>
> And if there is anything returned, the IP is on the list.
>
> Quinn
>
>
>
> On Mon, 27 Nov 2006 12:42:40 -0800, R Lists06 wrote:
>> Hopefully this hasn't been rehashed to death on this list yet has there ever
>> been a general consensus as to which rbl's and similar lists are best to use
>> if you are going to engineer your mail systems with such?
>>
>> Anyone care to share their implementations as well as current best and worst
>> practices please?
>>
>> Thanks
>>
>> - rh
>>
>> --
>> Robert - Abba Communications
>> Computer & Internet Services
>> (509) 624-7159 - www.abbacomm.net
>>
>>
>>
>
Re: rbl insight and wisdom please
Posted by Quinn Comendant <qu...@strangecode.com>.
Well I'll be darned...you're right. Zen uses CBL.
Q
On Mon, 27 Nov 2006 21:50:47 +0000, Nigel Frankcom wrote:
> Did you know that zen uses cbl anyway?
Re: rbl insight and wisdom please
Posted by Nigel Frankcom <ni...@blue-canoe.net>.
On Mon, 27 Nov 2006 13:06:58 -0800, Quinn Comendant
<qu...@strangecode.com> wrote:
>I'm using the following with qmail's rblsmtpd:
>
>-r zen.spamhaus.org
>-r bl.spamcop.net
>-r relays.ordb.org
>-r cbl.abuseat.org
>
>I do find it very hard to determine if a list is "malfunctioning" and honest emails are blocked until clients start complaining. It has happened before with me using other blocklists.
>
>One idea just popped into my head: you can grep your logs for all IP addresses you trust (mail from the IPs of trusted users and their recipients) and run that list of IPs against an DNSRBL you are considering using.
>
>You can test a DNSRBL by reversing an IP and appending the RBL domain, so for 111.122.133.144, you might execute:
>
> dig 144.133.122.111.zen.spamhaus.org A | grep -v '^;'
>
>And if there is anything returned, the IP is on the list.
>
>Quinn
>
>
>
>On Mon, 27 Nov 2006 12:42:40 -0800, R Lists06 wrote:
>> Hopefully this hasn't been rehashed to death on this list yet has there ever
>> been a general consensus as to which rbl's and similar lists are best to use
>> if you are going to engineer your mail systems with such?
>>
>> Anyone care to share their implementations as well as current best and worst
>> practices please?
>>
>> Thanks
>>
>> - rh
>>
>> --
>> Robert - Abba Communications
>> Computer & Internet Services
>> (509) 624-7159 - www.abbacomm.net
Did you know that zen uses cbl anyway?
Nigel
Re: rbl insight and wisdom please
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 27 Nov 2006, Quinn Comendant wrote:
> I'm using the following with qmail's rblsmtpd:
>
> -r zen.spamhaus.org
> -r bl.spamcop.net
> -r relays.ordb.org
> -r cbl.abuseat.org
Agreed except for spamcop - a lot of people have a low opinion of
their trustworthiness as an all-or-nothing RBL.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
28 days until Christmas
RE: rbl insight and wisdom please
Posted by Quinn Comendant <qu...@strangecode.com>.
opm.blitzed.org is no longer alive:
http://wiki.blitzed.org/OPM_status
I personally have seen a number of false positives using list.dsbl.org with customers who are on sbc and comcast networks. I would suggest using this list only if you have opened a RBL-free email submission port 587 for customers to inject mail.
zombie.dnsbl.sorbs.net seems safe, although there are so many other SORBS lists...any others worth using? It looks like safe.dnsbl.sorbs.net might be a good option.
I agree now that spamcop.net is probably a bad idea. A quick google search shows many other people finding false positives.
Quinn
On Tue, 28 Nov 2006 09:50:03 +0200, Leon Kolchinsky wrote:
> reject_rbl_client zombie.dnsbl.sorbs.net,
> reject_rbl_client relays.ordb.org,
> reject_rbl_client opm.blitzed.org,
> reject_rbl_client list.dsbl.org,
> reject_rbl_client sbl.spamhaus.org,
>
>
> Please do not use spamcop.net it has many many false positives.
RE: rbl insight and wisdom please
Posted by Leon Kolchinsky <lk...@univ.haifa.ac.il>.
I'm using in my main.cf:
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
Please do not use spamcop.net it has many many false positives.
Regards,
Leon Kolchinsky
-----Original Message-----
From: Quinn Comendant [mailto:quinn@strangecode.com]
Sent: Monday, November 27, 2006 11:07 PM
To: SpamAssassin Users
Subject: Re: rbl insight and wisdom please
I'm using the following with qmail's rblsmtpd:
-r zen.spamhaus.org
-r bl.spamcop.net
-r relays.ordb.org
-r cbl.abuseat.org
I do find it very hard to determine if a list is "malfunctioning" and honest emails are blocked until clients start complaining. It has happened before with me using other blocklists.
One idea just popped into my head: you can grep your logs for all IP addresses you trust (mail from the IPs of trusted users and their recipients) and run that list of IPs against an DNSRBL you are considering using.
You can test a DNSRBL by reversing an IP and appending the RBL domain, so for 111.122.133.144, you might execute:
dig 144.133.122.111.zen.spamhaus.org A | grep -v '^;'
And if there is anything returned, the IP is on the list.
Quinn
On Mon, 27 Nov 2006 12:42:40 -0800, R Lists06 wrote:
> Hopefully this hasn't been rehashed to death on this list yet has there ever
> been a general consensus as to which rbl's and similar lists are best to use
> if you are going to engineer your mail systems with such?
>
> Anyone care to share their implementations as well as current best and worst
> practices please?
>
> Thanks
>
> - rh
>
> --
> Robert - Abba Communications
> Computer & Internet Services
> (509) 624-7159 - www.abbacomm.net
>
>
>
Re: rbl insight and wisdom please
Posted by Quinn Comendant <qu...@strangecode.com>.
I'm using the following with qmail's rblsmtpd:
-r zen.spamhaus.org
-r bl.spamcop.net
-r relays.ordb.org
-r cbl.abuseat.org
I do find it very hard to determine if a list is "malfunctioning" and honest emails are blocked until clients start complaining. It has happened before with me using other blocklists.
One idea just popped into my head: you can grep your logs for all IP addresses you trust (mail from the IPs of trusted users and their recipients) and run that list of IPs against an DNSRBL you are considering using.
You can test a DNSRBL by reversing an IP and appending the RBL domain, so for 111.122.133.144, you might execute:
dig 144.133.122.111.zen.spamhaus.org A | grep -v '^;'
And if there is anything returned, the IP is on the list.
Quinn
On Mon, 27 Nov 2006 12:42:40 -0800, R Lists06 wrote:
> Hopefully this hasn't been rehashed to death on this list yet has there ever
> been a general consensus as to which rbl's and similar lists are best to use
> if you are going to engineer your mail systems with such?
>
> Anyone care to share their implementations as well as current best and worst
> practices please?
>
> Thanks
>
> - rh
>
> --
> Robert - Abba Communications
> Computer & Internet Services
> (509) 624-7159 - www.abbacomm.net
>
>
>
Re: rbl insight and wisdom please
Posted by Henrik Krohns <he...@stream.hege.li>.
On Mon, Nov 27, 2006 at 12:42:40PM -0800, R Lists06 wrote:
> Hopefully this hasn't been rehashed to death on this list yet has there ever
> been a general consensus as to which rbl's and similar lists are best to use
> if you are going to engineer your mail systems with such?
>
> Anyone care to share their implementations as well as current best and worst
> practices please?
Use policyd-weight to reduce false positives.
Cheers,
Henrik
Re: rbl insight and wisdom please
Posted by Nigel Frankcom <ni...@blue-canoe.net>.
On Mon, 27 Nov 2006 12:42:40 -0800, "R Lists06" <li...@abbacomm.net>
wrote:
>Hopefully this hasn't been rehashed to death on this list yet has there ever
>been a general consensus as to which rbl's and similar lists are best to use
>if you are going to engineer your mail systems with such?
>
>Anyone care to share their implementations as well as current best and worst
>practices please?
>
>Thanks
>
> - rh
Personally I use zen.spamhaus.org and relays.ordb.org - they've worked
well for me. Zen used to be sbl-xbl.
Others advocate not using any rbls at all.
hth
Nigel