Re: [exim] Anti SPAM Exim configuration

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [exim] Anti SPAM Exim configuration

Well, I suppose this question (which appears to have arrived in
private mail, but I propose to answer in the list) was inevitable...

> What are the technical blacklists you are using? I am only using
> DSBL at home and would love to learn of additional resources...


Well, we've shifted around quite a bit as things have changed, and I
haven't done the statistics recently, so I'm reluctant to say exactly
what we're using right now. I was chastened, earlier today, when I
reviewed the statistics for another part of the ACL, where, in the
recent logging interval, one of the rules had rejected 6,000, while
another had rejected only 2, and a further one had rejected nothing at
all. One has to keep moving, in this business!

Anyhow, I'd recommend consulting
http://www.sdsc.edu/~jeff/spam/cbc.html , reviewing the policies of
the various lists, and trying out some combinations. Some can
confidently be used for outright rejection, sure...

But what I'm saying is we get enhanced results by having an extra
stanza, making up one group which includes "spam seen" (might be, say,
spamcop along with the relevant SORBS entry), and another group which
indicates technical likelihood (dsbl, probable dialups, entry in
SPEWS, whatever appeals to you).

Here's a simplified picture, where in our case
ACL_BLACKLIST=acl_m7

(my colleague prefers mnemonic working variables ;-) , and then it
goes something like this:

  deny hosts = +rbl_hosts
       message = Your mail host $sender_host_address is blacklisted in \
               $dnslist_domain=$dnslist_value as well as in $ACL_BLACKLIST.
       dnslists =  spam.dnsbl.sorbs.net : bl.spamcop.net
       set ACL_BLACKLIST = $dnslist_domain
       dnslists = l1.spews.dnsbl.sorbs.net : \
                          list.dsbl.org : \
                          dul.dnsbl.sorbs.net


But I must emphasise that we switch the blacklists around according to
the results achieved - when we get the time to study them. Don't just
blindly copy the above!

hope that helps a bit.