Re: [exim] No Blacklist DNS List

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Martin A. Brooks
CC: exim-users
Subject: Re: [exim] No Blacklist DNS List


Martin A. Brooks wrote:
> Marc Perkel wrote:
>> I've created a public no blacklist DNS list of host names and IP
>> addresses that should never be blacklisted. Some of them are from my
>> white list, some from my yellow list, and others are just names and
>> IPs that you don't want to be on a blacklist. Here's the link that
>> describes how to use it.
>>
>> http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists#No_Blacklist_List
>>
>>
>> The idea here is if the IP is in this list then you can skip all
>> other IP based blacklist tests because if found it would be a false
>> positive. It also reduces bandwidth usage and system load by skipping
>> useless tests.
>
> Some questions:
>
> 1) On what grounds, exactly, is a host added to this list?

I have a list of host names - some from my white list, some from my
yellow list (yahoo, hotmail, etc.). I'm adding to the name based lists
all the time. Then when I get email from these domains then I record the
IP in the same color list. For example, wellsfargo.com never sends spam.
It's all good. So they are whitelisted by name. Any IP where the host
ends in wellsfargo.com that send an email, I record the IP in my
whitelist. The same is true for yahoo.com. But they get added to my
yellow list. The daya lives for about 10 days in these lists.

> 2) Who is able to edit the contents of the list?

Just me.
> 3) How often are hosts on this list re-evaluated against the
> conditions set in point 1?

Every minute new entries are added. Every 6 hours old entries are expired.
> 4) What exactly are "names and IPs that you don't want to be on a
> blacklist" ?

Ham sources and mixed sources.
> 5) In your documentation at the URL above you state "127.0.0.3 =
> yellowlisted - mixed source - do not blacklist or whitelist". Yet
> here you've said, of hosts that should never be blacklisted, "some
> from my yellow list", which is correct?

I have a white list which means a pure ham domain, and blacklists which
are pure spam domains. Yellow is a mixed domain, like Yahoo, which is
neither white nor black.

Read the wiki to understand it in more detail.

The idea is that forward confirmed rDNS can't be faked so those names
are used in my white/black/yellow lists. Then when I get email that
matches these names I populate the IP addresses. Thus us yahoo adds or
changes IP addresses then my list follows.