Re: [exim] DNSBLs

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMFred Viles at <-
MM\David Brodbeck at ->
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim-USERS
Subject: Re: [exim] DNSBLs
On Wed, 23 Mar 2005, Kjetil Torgrim Homme wrote:

> On Wed, 2005-03-23 at 12:30 -0500, Wakko Warner wrote:
>
> > We use spamcop, xbl+sbl, njabl, dsbl.
>
> we don't use these due to their listing policy[1].

I understand you to say you don't /reject outright/ on them, though
you use them in other ways...

> we do penalise the hosts with delays based on Spamcop (also +3 SA
> points) and NJABL.

Yes, we also toss some points into the SA score for some dnsrbls on
which we couldn't justify rejecting outright; but spamassassin is
pretty much the most expensive step for us in accepting a mail:
anything which takes load off SA, i.e by rejecting earlier, is a
benefit, if it can be done without causing false positives.

Quite some time back it occurred to me that one could categorise two
classes of dnsRBL: one class of blacklist indicates that a host is
potentially capable of acting as a spam relay (open relay, open proxy
etc.) and the other indicates that the host has been actually seen
relaying spam (spamcop, spam.sorbs etc.).

So, amongst our DNSrbl tests, I included a stanza which tested to see
whether the host had shown up in at least one of several "technically
capable of relaying" lists, *AND* in at least one of a couple of "has
been sighted actually relaying spam" lists, and rejected on that
logical conjunction.

So we get log entries like (picking a recent one at random)

2005-03-23 18:53:29 H=(dts-es.com) [213.13.202.187] F=<vantage@???>
rejected RCPT <our.user@???>: Your mail host
213.13.202.187 is blacklisted in list.dsbl.org=127.0.0.2 as well as in
bl.spamcop.net.

This has worked out reasonably well[1], although the actual selection
of lists used in the mix has been tuned, now and again (for example, a
while back I found that ORDB was almost never triggering in this test,
because an earlier test was almost always triggering first - which of
course is not to say that there's anything wrong with ORDB as such).

all the best

[1] except that in our situation we had to excuse tiscali smarthosts
from these tests, seeing that they're forever wandering in and out of
blacklists, but enough of our users have bona fide correspondents
whose accounts are with them to make outright rejection unacceptable
to the users.

But in the words of Spews: 'One starts to wonder if "tiscali" is
really located in Nigeria'.

[Thinks: might make an interesting candidate for greylisting, though.]


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Heads up?Re: [exim] cyrus/exim verify recipient options (macosx server)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)