On Sunday 10 February 2019 13:08:59 G.W. Haywood wrote: > Hello again, > > On Sun, 10 Feb 2019, Gene Heskett wrote: > > most of what gets my attention comes from local to the US servers > > Well the USA _is_ the world's number one spam source. :( > > > , like earthlink. > > In addition to DNSBL stuff I operate ten local blacklists - see my > blacklist list below. Earthlink is explicitly listed here in the list > which rejects on the client server's 'HELO' greeting but certain ASNs, > network blocks and individual IPs also get the boot. Where possible > local blacklists are consulted before going out to DNS-based block > lists like Spamhaus, as it's much more efficient and will also work > for new spam sources which the DNS based lists haven't yet had enough > reports about to consider listing. For the avoidance of doubt, _all_ > connections from _all_ earthlink servers are rejected by our servers. > Which I don't think you had to do when Joann Dow was teching at earthlink. That goes back up the log quite a ways though, a good 25 years or more.
> On Sun, 10 Feb 2019, J.R. wrote: > > Trying not to get too far off topic ... > > Until someone persuades me otherwise, IMO anything which tends to make > the use of ClamAV more efficient and/or more effective is on topic for > this list. :) > > > ... if you reject based on the hostname of the mail server ... > > ... red flags ... > > +1, and you can also look for other red flags at each stage of the > SMTP conversation, including mail headers. Here are my blacklists > at the moment: > > xm_connect_blacklist (some hostnames, domains and even TLDs are dire) > xm_country_blacklist (some countries send me nothing but spam) > xm_whois_blacklist (even some registrars are dire) > xm_ASN_blacklist (some ASNs are especiall dire) > xm_helo_blacklist (full/partial domain names, TLDs e.g. 'local' here) > xm_envfrom_blacklist (full or partial address/domain name/TLD) > xm_SPF_blacklist (see if the sender's SPF record contains red flags) > xm_RP_blacklist (see if the sender's Responsible Party flags up red) > xm_rcpt_blacklist (I have numerous spam trap addresses etc.) > xm_header_blacklist (spam software often writes red flag headers) > > There's also a list of DNS-based block lists like Spamhaus. Anyone is > welcome to all these lists, although they're very much personalised to > our situation. In any case to use some of them effectively might take > quite a bit of work. > > I don't have at my fingertips much in the way of useful statistics for > the relative effectiveness of the various blacklists, but if anyone is > interested I can process the logs for the last couple of years and > come up with some rough numbers like the 1.3% that I mentioned earlier > (that is effectively what's left after mail has been run past the > blacklists). Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
