Re: [exim] Using Blacklists

Top Page
Delete this message
Reply to this message
Author: Matt
Date:  
To: exim-users
Subject: Re: [exim] Using Blacklists
> | I haven't tried it myself, but an acl like this should work:
> |
> | deny
> | dnslists = sbl.spamhaus.org
> | dnslists = bl.spamcop.net
> | message = You are on both spamcop and spamhaus
>
> Yes - that gives the "AND" logic that's asked for.


I am running with this for a while to see how it goes.

# : sbl.spamhaus.org
deny dnslists = sbl.spamhaus.org
       message  = SPAM: rejected because $sender_host_address is in
the blacklist at $dnslist_domain\n\ ($dnslist_text)


# : xbl.spamhaus.org and bl.spamcop.net
deny
dnslists = xbl.spamhaus.org
dnslists = bl.spamcop.net
       message = SPAM: rejected because $sender_host_address is on
both xbl.spamhaus.org and bl.spamcop.net


# : bl.spamcop.net
defer dnslists = bl.spamcop.net
       message  = SPAM: rejected because $sender_host_address is in
the blacklist at $dnslist_domain\n\ ($dnslist_text)


After this Spamassassin still has a whack at it before it hits the
users inbox. They can filter based on Spamassassin header or the fact
we toggle all alleged spam to low priority.

> As for the XBL, we've used it for years and have only ever had to
> whitelist a tiny number of IPs that we wanted to hear from, despite the
> (most likely correct) listing. Then again, we _could_ have considered our
> security policy and decided that it would be unsafe to accept ANY email
> traffic from a compromised system, until it's properly cleaned.
>
> Also note that many very large ISPs use XBL too, so anyone with a legit
> server that gets hacked and listed will experience a HUGE amount of pain
> - it won't just be you they can't mail...


That what I thought in the past but I got the third degree from a few
customers and did not have the time to deal with it. Now my server is
struggling to keep up with load. I think much of problem will be
fixed by automatically shuting down dead accounts that are full of
SPAM. It has to look at them accounts also to figure quottas.

Thanks.

Matt