On Sat, Mar 29, 2008 at 06:42:57PM +0000, Vernon Schryver wrote:
> > From: Gary Mills <[EMAIL PROTECTED]>
>
> > We are using Spamhaus' XBL, and are happy to pay for it.
>
> Since you are already using the XBL, I think you should switch to
> Spamhaus' ZEN unless you are checking the XBL via dccm, dccproc, or
> dccifd. Even if you are using `dccm -B`, you should enable ZEN checks
> on SMTP clients and on MX servers for SMTP envelope domains with something
> like this in /var/dcc/dcc_conf
> DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 %ID %BT
> http://www.spamhaus.org/query/bl?ip=%BIP' -Bsbl-xbl.spamhaus.org -Bset:no-NS
> -Bzen.spamhaus.org"
>
> That is because ZEN/PBL includes IP addresses of legitimate DNS servers
> and so should not be used for the default dccm, dccproc, or dccifd DNSBL
> checks on NS records.
Yes, I'm using XBL through DCC because I want users to be able to
whitelist messages rejected by XBL in the same manner that they can
for messages rejected for bulkiness. I'm using this setting:
DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 id %s from %s rejected. See
http://www.spamhaus.org/xbl/' -Bset:no-body -Bset:no-MX -Bset:no-NS
-Bxbl.dnsbl,any"
I don't want to use PBL, included in ZEN I believe, because it includes
the IP networks of many of our SMTP mail submission clients. I don't
want to reject those. Now that most ISPs are blocking the SMTP port,
it may be possible to revisit that decision.
--
-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
_______________________________________________
DCC mailing list [email protected]
http://www.rhyolite.com/mailman/listinfo/dcc
