> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > I am looking to start using an RBL. In the past, a colegue did some > testing of RBLs and got a lot of false positives.
With RBLs you have to use a different definition of false positives. Various RBLs have different listing criteria. A false positive on an RBL is a blocked mail from a source that doesn't match the criteria of the list. You have to decide if the criteria of the list matches your criteria. For example - a while back it was discussed that RoaringPenguin was listed on RFC-ignorant.org. RFC-ignorant.org does not list spam sources, but those who don't obey RFCs. David argued that his policies do not violate RFCs, RFC-ignorant claimed they did. I don't remember who won - don't really care, I've never used that list. > I am looking for recommendations for a high quality RBL > (preferably free, > we're a K-12 educational organization) that is very low on false > positives. I've been very happy with spamhaus. They run 2 lists - one that lists known, persistent spam sources - one that lists abusable machines. I also use dsbl.org and some of sorbs.net's lists. These mostly list misconfigured and abusable hosts. There have been a couple of IPs on both dsbl.org and sorbs.net that I've had to manually whitelist, but for the most part are very good. Even the two I had to whitelist were "legitimate" - one had been an open relay in that past, but couldn't get past dsbl's de-listing policy (read postmaster mail, and click on a link) - the other was running their mail server temporarily on a consumer DSL connection. > Also, is there a way for a milter to detect a black listed > host and tell > sendmail to close the TCP connection on the spam sending server? There are 3 basic ways to use an RBL. 1 - configure sendmail to use them, which rejects the connection before MimeDefang is even called. 2 - use the RBL function in MimeDefang. Use the results to do whatever you want - reject, discard, quarantine, add headers, etc. 3 - enable net tests in SpamAssassin which will check all IPs in the received headers, with several RBLs and add points to the SpamAssassin score. I like to use the MimeDefang functions and quarantine but still deliver any hits. After a week or two of watching it, I'll either move the test to sendmail, or decide this list doesn't work and remove it. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
