Author: Toralf Lund Date: To: Exim Mailing List Subject: Re: [Exim] RBL/anti-spam advice?
Tim Jackson wrote:
>Hi Toralf, on Mon, 03 Nov 2003 14:25:05 +0100 you wrote:
>
>
>
>>rbl_domains =
>>proxies.blackholes.wirehub.net/warn:proxies.relays.monkeys.com/warn:rel
>>ays.ordb.org/warn:bl.spamcop.net/warn:dnsbl.njabl.org/warn# check all
>>hosts other than those on internal network rbl_hosts =
>>!^(.*\.|)(DOMAINS)$
>>Have the spammers got smarter
>>lately, or has something happended to the above mentioned lists? Can
>>anyone recommend other RBL hosts?
>>
>>
>
>IIRC, monkeys has died, which probably accounts for most of the increase.
>Wirehub has changed its name to proxies.blackholes.easynet.nl - the old
>one may still be working but either way I'd update your config.
>
>Try adding list.dsbl.org to that (in fact, I'd reject on it rather than
>just warning). That's a fantastic list which combines all kinds of open
>relays/proxies. I have it first in my reject list and it catches loads.
>
>I would also add sbl.spamhaus.org (and, again, reject on it rather than
>warning - you are not likely to get anything of value from hosts listed in
>it).
>
> I've removed "monkeys", changed "wirehub" to "easynet" and added "dsbl"
& "spamhaus". The situation is at least slightly better now. Thanks.
>opm.blitzed.org is another open proxy list worth looking at, although most
>of them are also in DSBL.
>
>blackholes.easynet.nl is also worth looking at, although has more
>collateral damage.
>
> I haven't tried these yet, though.
>
>
>>Should I perhaps use SpamAssasin or similar?
>>
>>
>
>SpamAssassin is handy as an addition to the various DNSBLs, yes. Although
>I'd upgrade to Exim 4
> I've been planning to do that since just after it was released, but I
never seem able to find the time to do it. I'm assuming it involves a
certain amount of work updating configs etc...
>first so you can take advantage of exiscan-acl or
>SA-Exim (although it matters less if you are not actually going to reject
>but just move mail around - but if you are installing SpamAssassin, it
>almost seems a shame not to reject stuff outright at least at a high
>threshold).
>
> It seems to me that using SA-Exim or similar would be the right thing.
At least, I don't like the idea of passing messages back via the exim
command line or similar.
>It's also handy not only for the content-analysis, but because you can add
>extra DNSBL's (like Easynet Blackholes or SPEWS) where you don't want a
>black or white result from them (ie reject/don't reject), but just want to
>bump up the "spam score" of a mail.
>
> Ah. Never thought of that. It seemed to me that SmapAssasin would give
me a lot of redundant functionality, which is something I generally try
to avoid.
>Tim
>
>--
>
>