On Wed, 13 Mar 2002 09:25:07 -0500 Greg Ward <gward@???> wrote:
> I believe RBL checking is now a feature of ACLs.
>
> Also, if you're going to be looking into SpamAssassin, I wouldn't bother
> with RBL checking. DNS blacklists are pretty much useless on their own,
> but a fantastic tool for adding a point or so to a score-based spam
> filter like SpamAssassin.
i disagree with this. i am finding that the combination of relays.visi.com,
sbl.spamhaus.org, dialups.relays.osirusoft.com, and my own semi-private
list, are probably killing about 1/2 of the inbound spam aimed at my server
with minimal false positives. i set the relays+sbl combo up for two clients
of mine, and was gratified by the sudden rejection of quite a lot of spam
aimed at their users.
RBLs should not be picked casually, though. you need to review their
criteria and record and choose carefully. typically, you'll need one aimed
at open relays (the MAPS RSS, relays.visi.com, or one of the children of
orbs are all examples), one aimed at spamhausen of fixed address (the
traditional MAPS RBL and sbl.spamhaus.org are examples), and perhaps one
aimed at direct-to-MX spam coming from dialup pools (the MAPS DUL and
dialups.relays.osirusoft.com are examples.) i'm seeing very little
direct-to-MX spam these days, and so regard the dialups one as not
absolutely necessary.
there are also combo lists, such as the MAPS RBL+ (combines all the MAPS
lists) and the SPEWS list. when looking at SPEWS, be aware of the potential
for collateral damage. i used SPEWS for a couple of days last year, and
the rejectlog entries suggested that a boatload of legitimate mail was
getting bounced.
which brings up another point -- if you're going to use these methods, keep
an eye on your rejectlog so that you know what is getting bounced, and why.
richard
--
Richard Welty
rwelty@??? Averill Park Networking
rwelty@??? Unix, Linux, IP Network Engineering, Security
rwelty@??? 518-573-7592