Re: [Exim] Spam blacklist

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Andrew - Supernews
Data:  
Para: exim-users
Assunto: Re: [Exim] Spam blacklist
>>>>> "Konrad" == Konrad Michels <konrad@???> writes:

Konrad> Apologies for the late reply on this one!
Konrad> I've now implimented 127.0.0.2 blocking on my mail server
Konrad> using dsbl.org, abuseat.org, spamhaus.org and spamcop.net.

BTW, if you want to reduce the number of lookups, then use
sbl-xbl.spamhaus.org in place of both cbl.abuseat.org and
sbl.spamhaus.org. Note a documentation error, though -
xbl.spamhaus.org returns 127.0.0.4, not .2 - best to check simply for
the presence of a listing rather than trying to pick specific return
values.

Make sure, of course, that you're using exactly the right zone names
for all of those lists and that you're getting hits on them.

Konrad> In addition I'm also using an old spews list which I
Konrad> downloaded before it went tits-up

tits-up??

http://spews.org/spews_list_level1.txt (add .bz2 if on a slow link)

That's SPEWS level 1 (make the obvious change if you want level 2) in
the form of a CIDR range list. You can run a local DNSBL off that file
simply by fetching it regularly and feeding it to rbldnsd.

Konrad> ANd its amazing what is still slipping through! By far 95%
Konrad> of spam that is still getting through is coming from
Konrad> cable/dsl/dialup related blocks of IP addresses.

Konrad> So what I was wondering was whether anyone know of any more
Konrad> comprehensive list of dynamic IP address ranges: I'd like to
Konrad> impliment a simple rule which just blocks all connections
Konrad> from dynamic IP address subnets?

The problem is that the amount of maintenance needed for dynamic-ip
lists is _huge_. dul.dnsbl.sorbs.net merged in the Easynet dynablock
data and has been maintaining it since, but you may still get the
occasional false positive. What I do with dialup/dynamic addresses
is impose a substantial (currently 80 second) delay for listed sites
in a connect-time ACL - but then allow them through if they wait that
long, which spammers generally don't.

--
Andrew, Supernews
http://www.supernews.com