That spameatingmonkey.net list is a great tip! There used to be one called "Day Old Bread" that did that same thing but it's been offline for a while and I had never found a replacement.
-- Sam Clippinger On Jul 11, 2012, at 1:15 PM, Gary Gendel wrote: > On 7/11/12 1:50 PM, Eric Shubert wrote: >> On 07/11/2012 10:40 AM, BC wrote: >>> On 7/11/2012 11:00 AM, [email protected] wrote: >>>> I've disabled graylisting on a few domains that are sensitive to timely >>>> delivery. They haven't complained about any increase in spam. You might >>>> try doing the same to see the effect. >>>> >>>> I expect that the various rDNS filters, along with blacklists, are doing >>>> an adequate job. >>> I'm not using any external blacklists, just what spamdyke does internally. >>> >>> Shall I risk it and see? >>> >>> The maillog shows a LOT of "greylisted" attempts that are never >>> repeated. A LOT!!! >>> >> I use: >> dns-blacklist-entry=zen.spamhaus.org >> dns-blacklist-entry=bl.spamcop.net >> >> It's very rare that these give a false positive. I would try them to see >> how they perform for you. >> > I concur with your choices, to round off the list, I use these these > which also have a very low false-positive result: > > b.barracudacentral.org > zen.spamhaus.org > dyna.spamrats.com > ix.dnsbl.manitu.net > > I find barracudacentral to be a bit more robust than spamcop. Barracuda > networks uses this in their own highly rated appliances. Zen is good > because it tends to get spammers on the list quicker, but isn't as > robust as barracudacentral. > > I've also found that right-hand side filtering (rhs-blacklist-file) is > very effective. My list is: > > dbl.spamhaus.org > urired.spameatingmonkey.net > fresh15.spameatingmonkey.net > > The last one is good. It rejects email from domains that have been > created within the last 15 days. You can use the 10 day list instead if > you want. Lots of spam comes from throwaway domains. Once they start > getting a high rate of rejection, they change the domain name. Waiting > 15 days is usually enough for these to get listed on the other blacklists. > > I use an internal caching DNS server as a DNS forwarder for spamdyke's > dns requests. This way I only need to query outside once, and > subsequent spam bursts from the same server are rejected by local > lookups to the cache. This dramatically lowers my pound rate on the > above servers and gets subsequent spam rejected very quickly. I used to > use dnscache, but I'm currently testing unbound as a replacement. > > Gary > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
