On Tue, Dec 19, 2006 at 08:17:06AM +0100, Renaud Allard wrote:
> That's probably the case if you used many other blacklists. But if you
> only use reliable blacklists to stop mail at first sight, I know only
> two of them (ordb.org and njabl.org). The fact is ordb was very accurate
> and didn't list anything else that real, tested openrelays, so there is
> still a need for their kind of blacklist.
I never used ORDB, because from the lack of response, they looked
dead to me long ago.
Open relays/proxies are no longer a significant problem. I run my own
automated blacklist and see a few promille open relays, sometimes even
much less. If I ran a small site, I wouldn't bother.
Looking at black lists, dynablock.njabl.org is very effective, despite
being very incomplete. list.dsbl.org helps a lot, too. Blocking mails
from hosts without DNS reverse entry is somewhere in between (to get
back on topic):
deny message = no DNS reverse entry for $sender_host_address
condition = ${if eq{$host_lookup_failed}{1} {1}{0}}
I put this in the recipient ACL on my personal server and it works great
by blocking a bunch asian spam. No surprise, because many dynamic IP
ranges have no reverse entries. No false positives so far, but your
mileage may vary.
The most promising effort is completing the list of dynamic IP ranges,
because most spam is sent by bot networks from those ranges.
Michael
