Alas, someone picked up on this part of the question :)) OK.. thankfully,. I don't think I'm at the break even point. I have only 200+ domains with 500 mailboxes and even at extreme spam time I can't imagine reaching more than 1,000 emails per mail box per day,. so provided that the threshold is above the 1 million, I'm "safe" for the time being.
Obviously, following your explanation, there is no need to setup an rsync version of a local mailing. That is really something I was hoping not to engage and based on your explanation, I'm saved from that pain :). As for the listing of the RBLs, I found this service to be of great help to identify if an IP is listed or not,. and it kinda gave me a directions on who to add to the RBL filters: http://openrbl.org/client/ It makes it easy to identify which lists are more effective in terms that "if you see it more that few times... you might want to add it to your deny list". With the exception of BLARS which seem to hit almost on every spam, I've seen lots of spam captured in combined.njabl and xbl-xbl.spamhause dnslists = sbl-xbl.spamhaus.org dnslists = relays.ordb.org dnslists = dnsbl.sorbs.net=127.0.0.5 dnslists = bl.spamcop.net dnslists = combined.njabl.org dnslists = blackholes.njabl.org dnslists = blackholes.five-ten-sg.com dnslists = dnsbl-2.uceprotect.net dnslists = psbl.surriel.com dnslists = cbl.abuseat.org dnslists = dnsbl.sorbs.net!=127.0.0.6 dnslists = rhsbl.sorbs.net/$sender_address_domain Just to clarify.. you indicated: "Not all DNSBLs are available for free rsync of course ",. I'm assuming (a dangerous word I know) that, this isn't a problem with just adding them as filters and using them to filter out spam. My only concern is,. how do I SAFELY whitelist specific domains. I can't use whitelist_domains as this is a big no-no as it allows for open relay and of course that is the last thing I want to have. Is there a way to add specific domains to an ACL group so that I can still allow traffic for specific domains? Perhaps with extra checks to minimize exposure? If this help in any way. .this is a code bit from a different user: # host name based ! drop message = Forged Microsoft, connection denied! senders = [EMAIL PROTECTED] condition = ${if match {$sender_host_name}{\Nmicrosoft.com$\N}{no}{yes}} delay = 20s #helo based ! drop message = Forged HELO: you are not $sender_helo_name condition = ${if match {$sender_helo_name}\ {^(gmail\.com|msn\.com|yahoogroups\.com|aol\.com)\$}} delay = 20s AND, this is how I have my filters setup: # deny using .spamhaus deny message = Email blocked by SPAMHAUS SBL+XBL- to unblock see http://www.myserver.com/spamlistschecker.html # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = sbl-xbl.spamhaus.org # deny using ordb deny message = Email blocked by ORDB - to unblock see http://www.myserver.com/spamlistschecker.html # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = relays.ordb.org and on and on with each and every filter. Thanks, - Alon [EMAIL PROTECTED] ----- Original Message ----- From: "Andrew - Supernews" <[EMAIL PROTECTED]> To: "exim users" <[email protected]> Sent: Monday, October 23, 2006 12:27 AM Subject: Re: [exim] require_verify = sender + RBLs - clarification on the How-to >>>>>> "Alon" == Alon <[EMAIL PROTECTED]> writes: > > Alon> RBLs (hey,. it's in the subject line!): > > Since no-one else seems to have responded... > > Alon> I can use RBLs like the following: > [snip] > > Alon> but my concern is that at one point if I get lots of emails, > Alon> I'll be actually considered as a "hostile" checker and get > Alon> blacklisted for excessive checks. > > Alon> Is that likely to happen? > > No, providing you're staying within whatever terms and conditions > apply to the specific DNSBLs you're using, and provided you're not > deliberately breaking DNS caching. > > DNS queries are (from the publishing server's point of view) a pretty > lightweight and efficient way to distribute the data. For a blacklist > that lists individual IPs, updates frequently and is large enough to > be useful, the break-even point for the blacklist publisher as to > whether DNS queries or rsync is most efficient is typically somewhere > between 1 million and 5 million queries per day. > > Not all DNSBLs are available for free rsync of course (Spamhaus > certainly is not, haven't checked on the others you mentioned). For > the ones that are, maintaining your own mirror is usually unwise > unless you know _exactly_ what you're doing - you're more likely to > have problems caused by your own setup breaking. The reduced latency > for lookups isn't likely to be a significant benefit _unless_ you're > out in the weeds somewhere with a slow or congested pipe. > > -- > Andrew, Supernews > http://www.supernews.com > > > -- > ## List details at http://www.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
