Rick:
Yeah, I had to pick and choose which blackhole lists that I use pretty
carefully and have to watch my mail log file fairly closely.
The lists that seem to do the best are the ones that are geographically
specific. I don't expect to be getting email from china or korea, so I
use cn-kr.blackholes.us. The same goes for email from Mexico, Nigeria,
Argentina, Brazil, Russia, and Malaysia. All sent to the bit bucket.
Up until recently when I did business with people in Singapore and
Taiwan, those two were include as well.
The non-geographic specific lists that I use are:
relays.ordb.org: hosts with open SMTP relays
cbl.abuseat.org: hosts controlled by known spammers
web.dnsbl.sorbs.net: hosts with abusable vulnerabilities
http.dnsbl.sorbs.net: hosts with open HTTP Proxy Servers
socks.dnsbl.sorbs.net: hosts with open SOCKS proxy servers
misc.dnsbl.sorbs.net: hosts with open Proxy Servers
smtp.dnsbl.sorbs.net: hosts with open SMTP relay servers
zombie.dnsbl.sorbs.net: hosts that have been hijacked from their owners
1.spews.dnsbl.sorbs.net: hosts controlled by known spammers
rhsbl.sorbs.net: hosts that should not be sending email
list.dsbl.org: hosts known to have open proxies or exploitable
vulnerabilities
and yes, I have it send these email messages to the bit bucket as well.
This is acceptable, since I too gave up on my ISP's email service and
set up my own sendmail MTA and only my wife and I receive email through it.
Jeff G.
Rick DeNatale wrote:
On 6/1/05, Jeffrey A. Groves <[EMAIL PROTECTED]> wrote:
I too have had mimedefang running for quite some time and have been very
pleased with it. I recently disabled the spamassassin portion as I was not
getting any value-add on top of the multiple DNSBL that I use.
I hope that you are using that DNSBL as a filter rather than a block.
I was quite surprised to see how many false positives get generated by
DSNBLs. My isp blocks email which comes from any server which appears
on a variety of DSNBLs. I was finding that this was doing things like
intermittently bouncing yahoo groups messages, and blocking certain
sourceforge and other mailing lists, including the initial sign-up
confirmation messages. At the same time, spamassassin was finding
lots of spam which was slipping through this net.
I couldn't seem to convince the isp that blocking legitimate e-mail to
their customers was a bad thing, they were happy because it lowered
the load on their e-mail servers since they were throwing away so much
"spam." In fact they were convinced that nothing but spam was getting
blocked, despite my persistent question of "how do you know?"
I ended up just going around them and setting up my own mail server
for my own domain which doesn't use DNSBLs except maybe to provide
input to spamassassin with a fairly low score.
--
Jeff Groves
email: [EMAIL PROTECTED] Web Site: http://www.krenim.org/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
