On Tue, 2003-12-16 at 10:26, Leonard Spell wrote: > Is it better to start with existing blacklists instead > of creating my own?
I'm no expert but here is what I learned lately. You should use existing blacklists for the general cases and your own to further restrict the holes. I think those 2 lists are essential: cbl.abuseat.org sbl.spamhaus.org They should cut the incoming SPAM by at least 50% and they generate almost no false positive (or is it false negative?). In fact, absolutly none for me. Sprinkle a couple of well maintained lists: relays.visi.com dialups.visi.com opm.blitzed.org dul.dnsbl.sorbs.net list.dsbl.org Add to that as many country BL as you are confortable with. Those are a must for me: cn-kr.blackholes.us russia.blackholes.us singapore.blackholes.us malaysia.blackholes.us nigeria.blackholes.us brazil.blackholes.us taiwan.blackholes.us turkey.blackholes.us thailand.blackholes.us Beware that the more lists you use the longer it takes the server to accept a valid email because it has to go through every BL. The listing order of the BLs has some importance. You want the most effective at the top to minimize traffic. I add to my own BL any IPs from the SPAM that I receive. Sometimes I block a full /16 sometimes just one IP. It's your call. Use these sites to test IPs against a whole bunch of lists: http://www.dnsstuff.com/ http://www.moensted.dk/spam/ http://www.openrbl.org/ Use SPAMTRAPs, they are very useful. You might want to whitelist (Client Hosts) servers that are important to your clients like the big local ISPs. Go slowly, watch your logs and notify your users that they might receive complaints and advise them on how to deal with them. They will probably thank you profusely once they see the results of your filtering. Mine did. To see hardcore anti-spammer at work, hang out in the NANAE newsgroup: news.admin.net-abuse.email. You might learn a thing or two from them. If/when you feel like doing more, install rbldnsd, a small daemon for DNSBLs (http://www.corpit.ru/mjt/rbldnsd.html) and consolidate your lists. It should cut on the traffic and the time to accept a valid email. That's all I have to say. May the anti-spam gods be with you. Clem. ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
