On Thu, Sep 25, 2003 at 12:36:40 +0200, Lukas Beeler wrote: > * Steven Glogger <[EMAIL PROTECTED]>: > > what do you use additionally? good experiences? > > I do not use any DNS-based IP Blacklists, because i think they do > more harm, then they help. IMHO, it depends on what amount of UCE you get... my estimate is that our MTA get's about 50-70% of it.
To get a some stats and on how easynet.nl filters it's mail go to: http://abuse.easynet.nl/spamstats.html # easynet.nl spamlists (access.db, only addresses and domains) # dynablock.easynet.nl dynamic/residential IP DNSBL (dynamic/residential cable/dsl IP ranges - these should use their ISP's smtp gateway) # proxies.blackholes.easynet.nl open proxy DNSBL (IPs of open proxy servers) # dnsbl.njabl.org Njabl's Open Proxy Database (127.0.0.9) (IPs of open proxy servers) # opm.blitzed.org Blitzed's Open Proxy Database (IPs of open proxy servers) # list.dsbl.org DSBL Insecure Server Database (IPs of various types of insecure servers) # dnsbl.njabl.org Njabl's Open Relay Database (127.0.0.2) (IPs of open mail relays) # relays.ordb.org ORDB Open Relay Database (IPs of open mail relays) # blackholes.easynet.nl easynet.nl DNSBL (IPs of persistent spammers, open relay scanners & abusers, spamvertized websites) # sbl.spamhaus.org Spamhaus DNSBL (IPs of registered and proven spam operations) # zombie.dnsbl.sorbs.net SORBS Zombie DNSBL (IPs of hijacked (zombified) netspace) > Have you ever considered using a Content-Filter like spamassassin > (rules based, bayesian optional), or bogofilter (bayesian only)? > They need much more resources than a single DNS Lookup, though. Content filter is IMHO quite a waste of cpu cycles... To get bypass filtering you can simply encode your text with some magic ISO encoding, doing nasty html tricks or simply write the V of thoses funny pills with \/ Bayesian filtering is already dead - as spammers send mails to confuse the filter, and sadly they are quite successful with it. As a sidenote, AOL is blocking _ALL_ dial-up and dynamic IP-ranges... - I guess somebody noted there that most of the UCE originates from such connections. > However, they tend to cause much less problems, because mail > never bounces, and just goes to spam folder. (Iam aware that you > can do the same with DNS Blacklists, however thats not an usual > configuration). RBLs are a tool, how you use it is up to you, you can reject or tag mail based on the information of an RBL, but don't blame RBLs on the way the get used. IMHO, is somebody is listed in a serious RBL than he most definitly deserved it. if you take a close look at you mail.log's you'll see that spammers are _very well_ organized, and thoses recent (and successfull) attacks on these RBLs show, that they have a large amount of hosts (zombies) at hand, from where they can flood a single point in the network or sending their UCE - ignoring that is IMHO quite foolish. regards Philipp -- _;\_ Philipp Morger / PHM2-RIPE System & Network Administrator /_. \ Dolphins Network Systems AG Phone +41-1-847'45'45 |/ -\ .) Email: <[EMAIL PROTECTED]> -'^`- \; Don't send mail to: [EMAIL PROTECTED] ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
