Re: [Exim] Black lists

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] Black lists
On Sun, 14 Sep 2003, Lane Vance wrote:

> Which RBLs do you use and trust as reliable?


Well, here's another data point for your perusal. We're just a single
rather large department, so it's a fairly small-scale operation.

If they get past the locally-configured blocks (which are cheap so we
do those first), we're blocking on the JANET mirror of MAPS, then

           : sbl.spamhaus.org \
           : proxies.relays.monkeys.com=127.0.0.2


Last week's score was
  JANET MAPS   1301  (RBL, DUL and RSS together)
  spamhaus.org  531
  proxies...    428


I think it's generally agreed that Spamcop turns up false positives,
and so do ORDB, formmail etc. But if they're in both ORDB (meaning
they're technically open to be used) _and_ in Spamcop (reported as
actually being used) then they're toast. The same kind of argument
goes for some of the other entries in the following list, although
it's arguable that some of them could go into the absolute block
instead of waiting for them to turn up in spamcop.

At any rate it's my understanding that on the basis of the following
ACL lines, if they aren't in Spamcop then we don't bother to look them
up in the other lists, which might reduce the work a bit (correct me
if I'm wrong). But anyway they collect spam-rating points elsewhere
on the basis of some DNSRBLs (partly overlapping with what's used
here), which might (help to) get them rejected by spamassassin (after
DATA) even if we don't reject them on dnsbl basis (at RCPT time).

               dnslists = bl.spamcop.net
               dnslists = relays.ordb.org : list.dsbl.org \
                             : blackholes.easynet.nl : opm.blitzed.org \
                             : formmail.relays.monkeys.com \
                             : dynablock.easynet.nl


Hmmm, interesting: I see that in the last week's log we haven't
actually rejected anything on the basis of opm nor formmail. Which is
not to say that there were no IPs blacklisted there, but they must
have fallen-out on the basis of one of the earlier criteria.

In fact here's last week's score for that particular ACL
 Spamcop .AND. :
  ORDB        51
  DSBL       359
  blackholes 121
  dynablock  209


> At this time, I am only using spamhaus as I trust them for not
> causing collateral damage like spews does regularly.


It's a bit unfair the way you worded that. Spews _policy_ is to
inflict collateral damage, it's no accident. If you use them, then
you need to be aware you're taking that policy on board.

all the best

[TOFU snipped - there's a perfectly good mail archive of the list,
IMHO we don't need the whole thread history to be carried in every
contribution.]