Quoting "Ing. Alejandro Rodriguez" <[EMAIL PROTECTED]>:
I have the same problem that you, with dsbl, record are keep over years,
and the delist process is complex. So most
of unskilled Net Admin never take care of this list.
IMHO the dynamic IPs list is dul.dnsbl.sorbs.net
In fact I'm rejecting mails at SMTP conection time using,
sbl-xbl.spamhaus.org
bl.spamcop.net
dul.dnsbl.sorbs.net
with this I'm rejecting 90% of the spam without a single complain.
Well, you didn't recieve any complaints by email!
LOL - the only people that would complain can't get to you. I've found that
watching the body of the email for links or image URLs to RBL listed IPs is
much more effective. Even someone listed in the RBL can send you can email,
provided they don't have a link back to their website.
This was critical as one of the companies we were dealing with had a user that
worked from home behind a custom BSD firewall and mailserver. While
his system
was indeed secure and wasn't sending out spam (we both tested this), he
was on a
dynamic IP that managed to get listed on the spamhaus site - evidently some
neighbor with a cable modem and Windows was sending out loads of SPAM. We
turned off the header checks and eased up on sender-IP checks and focused on
the message content, asking the question "What does a spammer need to send you
to make a sale?"
This means LINKS TO listed IPs, not mail FROM the IP. Add in not accepting
viruses, html forms, or javascript. Don't block someone from sending
you mail
until they actually do something bad. Not all mail from an RBL listed site is
spam. All mail with a LINK to an RBL listed site has been spam - 100%, no
false positives.
Everything else focused on spam-traps, honey-pot addresses, honey-pot email
addresses, tar-pits, "multiple failed RCPT-TO" and other SMTP commands, and
stuff like that for IPs that sent spam or sent mail to a specially listed
honey-pot email addresses or honey-pot domain MX servers, or failed the other
checks. Basically, you have to do something really bad like send an actual
spam or try a long list of addresses to send to and have them all not
exist, in
order to get blacklisted, and then the blacklist doesn't do anything
but tarpit
(Linux netfilter rule can do this) your connections and eventually reject your
mail until the blacklist times out. Automatic whitelisting rules helped keep
out FPs too.
Regular HELO/EHLO checks were considerably lax so that even poorly configured
sales guys could get in from their WinXP laptops on some dial-up or
dynamic DSL
IP.
