On 2016/03/15 12:55, Craig Skinner wrote: > Hi Stuart, > > On 2016-03-14 Mon 16:27 PM |, Stuart Henderson wrote: > > > > There aren't many who provide their whole dataset to anyone other > > than paying customers - e.g. Spamhaus' rsync feeds are for > > organisations with >5000 users and cost US$1700+/year. > > > > I've found these free rsync feeds useful: > > The Passive Spam Block List (collates IPs sending to spam traps): > http://psbl.org/howto/ > CBL (SpamHaus) writes: "The PSBL is a solid and reliable DNSBL. > Amazingly effective for such a modest effort. Generally recommended" > http://www.abuseat.org/faq.html > > UCE Protect (IPs sending to spam traps, and more aggresive options): > http://www.uceprotect.net/en/index.php?m=6&s=10 > > The Composite Blocking List (CBL - a big part of SpamHaus DNSRBLs) can > be rsync'd after rego (free, execpt for spam filter service operators): > http://www.abuseat.org/faq.html > > There are a few more paid rsync lists here: > http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
Ah that is a useful page. Maybe we could list it, e.g. Index: spamd.conf =================================================================== RCS file: /cvs/src/etc/mail/spamd.conf,v retrieving revision 1.5 diff -u -p -r1.5 spamd.conf --- spamd.conf 14 Mar 2016 21:36:52 -0000 1.5 +++ spamd.conf 15 Mar 2016 13:27:04 -0000 @@ -13,8 +13,10 @@ # Lists specified with the :white: capability apply to the previous # list with a :black: capability. # -# As of November 2004, a place to search for blacklists is -# http://spamlinks.net/filter-bl.htm +# As of March 2016, a place to search for blacklists is +# http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists +# - most of these are DNS-based only and cannot be used with spamd(8), +# but some of the lists also provide access to text files via rsync. all:\ :uatraps:nixspam: > Generally, everything has changed from file feeds to DNS. Yep, because for the more actively maintained ones 1) new entries show up more quickly than any sane rsync interval, this is quite important for good blocking these days 2) DNS is less resource intensive and more easily distributed than rsync, and 3) importantly for the rbl providers, it gives additional input to them about new mail sources (if an rbl suddenly starts seeing queries from all over the world for a previously unseen address, it's probably worth investigation - I am sure this is why some of the commercial antispam operators provide free DNS-based lookups for smaller orgs). A more flexible approach would be to skip the PF table integration completely and do DNS lookups in spamd (or, uh, relayd, or something new) and based on that it could choose whether to tarpit, greylist or transparent-forward the connection to the real mail server. This would also give a way to use dnswl.org's whitelist to avoid greylisting for those hosts where it just doesn't work well (gmail, office365 etc).
