Autor: W B Hacker Data: A: exim users Assumpte: Re: [exim] DynaStop - I like it!
Marc Perkel wrote: >
> Peter Bowyer wrote:
>> That's why DynaBlock, dynablock.njabl.org etc exist, and why people
>> use them as part of their mail blocking strategy.
>>
>>
>>
>
> Is dynablock.njabl.org the same thing as running DynaStop?
> *heavy sigh*
others might retain...
That, and dul.dnsbl.sorbs.net, and others, along with built-in forward/reverse
lookup of Exim, will derive essentially the same information, but do so with
*zero* extra code, and by a form of DNS lookup that is inherently cached -
largely by the nearest nameservers if not by a bespoke DNS you add locally.
You *will* need to whitelist carefully - not to pick up the social-misfit
running a pirate MTA, but because a number of folks who should *know better*
fail to keep their DNS in proper order - or think they need not.
I include in such illustrious, or *notorious* company the world's oldest and
most famous Golf Club, one of the world's largest domain.tld registrars, several
major banks and brokerages, one of the world's largest accounting firms, alumni
associations of *very* prestigious universities, and all manner of fellow-travelers.
And those are just the ones we have had to manage here.
So - neither rDNS fail, dynamic-IP RBL hits, nor munged HELO rejection are perfect.
But far, far easier to auto/manually whitelist such few - or even few dozens of
these as your individual user community actually need contact with, than to play
silly-buggers with several quadrabrazillians of compromised WinWOES's boxen.
Get it really right and you won't *need* SpamAssassin - just
white/black/brown/grey... pink?.. *source* listing.
