Jim Pazarena wrote: > I have experienced an incredible increase in volume of spam these days. > My spam filter and RBL blocks at least 25,000 daily (quite a bit in a dinky > little 600 customer client base), it seems just as much sneaks thru. > > Can anyone recommend a fairly aggressive RBL which doesn't suffer from > too many false positives? > > Thanks > > Jim >
A look at what RBL's current updates of SpamAssassin are using AND the relative point-value / weight they assign to hits from each should have as good a chance of any of reflecting the current experience of a large community. We then run these, NOT in SA, but earlier in Exim: Most effective on a server with 12+ month history, fairly 'global' balance of traffic AND spam/mal-traffic: xbl.spamhaus.org / sbl-xbl.spamhaus.org (recent change) dul.dnsbl.sorbs.net (used for dynamic-IP checking) CAVEAT: That box stops checking on first hit, so *results ARE skewed!*. A devel/test server instrumented to run multiple checks, NOT stop on first hit, shows: list.dsbl.org ..with more hits, BUT nearly always matched by sbl-xbl.spamhaus.org. CAVEAT: The second set of results reflect less than a full month of instrumentation, and are to-date *heavily* skewed towards spam/mal-traffic between/among Asian and Middle-Eastern countries, Korea, Taiwan, the Gulf States, and PRC in that order. NB: Something fairly new (as we archive and analyze the messages) - we caught two networks in Taiwan beating the Royal Aitch out of *each other* with useless traffic. Some of it appeared to be to 'honeypots'. The rise in traffic may reflect splash from that sort of 'apparently successful' activity being repeated with vigor. :-( Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
