At 3:27 PM -0500 2/29/00, Mark E. Drummond wrote:
>I am currently using rblsmtpd to block spammers on the RBL. I may add ORBS as
>well. Think I'll wait, gather some stats on how much is being blocked by RBL,
>and then compare with RBL+ORBS.
Sorry, no suggestions for the rest of your mail, but I do have a
comment here. Be very careful about blocking email with ORBS. You
/will/ loose legit email. I use rblcheck in conjunction with maildrop
and a small perl script to add headers to suspected spam (eg,
"X-Spam: based on relay(1) 24.95.96.166"). I wanted to see what sort
of effect rblsmtpd would have. I compare the IP address of the last
relay before it got my server against
relays.orbs.org
rbl.maps.vix.com
dul.maps.vix.com
relays.mail-abuse.org
Yes, ORBS catches a ton of spam. It also labels a lot of email that
I'd like to see, as spam. The others haven't. In particular
relays.mail-abuse.org seems to catch a fair amount of spam without
mis-labeling any real mail (so far). Next would be DUL, with RBL
bringing up the rear. (Just going by numbers of matches.) Some that
have been ORBS listed: cauce.org (!!!), msdw.com, ebay.com, and
networksolutions.com. Ouch.
That's not to say ORBS isn't useful: it is. I generally try to
contact the admin of the machine to inform them that they are being
used as a relay (or just open for relay). If we can decrease the
number of open relays using ORBS, then it's served its purpose. But I
would never use ORBS to block mail. (Not to mention the people who
run ORBS have been accused of adding servers run by people who don't
agree with their tactics, for no other reason but vengence. I can't
verify that's true, but kinda scary nonetheless.)
jon
