Stuart Henderson wrote: > On 2016/03/15 12:55, Craig Skinner wrote: > > There are a few more paid rsync lists here: > > http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists > > Ah that is a useful page. Maybe we could list it, e.g. > > Index: spamd.conf > =================================================================== > RCS file: /cvs/src/etc/mail/spamd.conf,v > retrieving revision 1.5 > diff -u -p -r1.5 spamd.conf > --- spamd.conf 14 Mar 2016 21:36:52 -0000 1.5 > +++ spamd.conf 15 Mar 2016 13:27:04 -0000 > @@ -13,8 +13,10 @@ > # Lists specified with the :white: capability apply to the previous > # list with a :black: capability. > # > -# As of November 2004, a place to search for blacklists is > -# http://spamlinks.net/filter-bl.htm > +# As of March 2016, a place to search for blacklists is > +# http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists > +# - most of these are DNS-based only and cannot be used with spamd(8), > +# but some of the lists also provide access to text files via rsync. > > all:\ > :uatraps:nixspam:
ok mmcc@ > > Generally, everything has changed from file feeds to DNS. > > Yep, because for the more actively maintained ones 1) new entries show > up more quickly than any sane rsync interval, this is quite important > for good blocking these days 2) DNS is less resource intensive and more > easily distributed than rsync, and 3) importantly for the rbl providers, > it gives additional input to them about new mail sources (if an rbl > suddenly starts seeing queries from all over the world for a previously > unseen address, it's probably worth investigation - I am sure this is > why some of the commercial antispam operators provide free DNS-based > lookups for smaller orgs). > > A more flexible approach would be to skip the PF table integration > completely and do DNS lookups in spamd (or, uh, relayd, or something > new) and based on that it could choose whether to tarpit, greylist or > transparent-forward the connection to the real mail server. This > would also give a way to use dnswl.org's whitelist to avoid greylisting > for those hosts where it just doesn't work well (gmail, office365 etc). Interesting, I didn't even know that rsync blacklists existed. That was the cause for confusion about Spamhaus's price earlier. Would it make sense to enable a blacklist or two by default in spamd? They seem to be an effectively necessary part of a sane mail server configuration these days.