rbl sites
in [Postfix]
|
From: /dev/rob0 on 19 Feb 2010 19:41 On Fri, Feb 19, 2010 at 11:51:22AM -0800, brian moore wrote: > "Jon L Miller" <jlmiller(a)mmtnetworks.com.au> wrote: > > Is there a preferred list of rbl sites one can use in postfix. > > I keep getting the following on the following: > > Since others answered your error message, I'll answer the first > question: snip > See http://barracudacentral.org/rbl > > This is a very effective filter run by a commercial entity (ie, > Barracuda, the people who make and sell spam filtering appliances), > so they have a name and reputation to protect. (Ie, it's not just > some pissed off admin that blocks all of 12.0.0.0/8 because AT&T > sucks...) Whilst the above sounds a bit like a straw-man argument condemning other DNSBLs (I'll get to that in a bit), it does bring up a very important point, which, given the OP's post in the other thread, needs to be emphasized. Apparently Jon googled and found someone's old list of anti-spam settings. BAD IDEA when you just copy something like that. You should know every list's listing and delisting policies. If those are not acceptable to you for any reason, it is not safe to use that DNSBL for blocking of mail. You should keep informed about any DNSBL service you want to use. Many of them have mailing lists for announcements. If so, subscribe. Use of a DNSBL means you are delegating control of who can send mail to you to a third party. Don't get me wrong, that's not a bad thing by any means; it's a necessity for most sites by now. But you owe it to your users to know something about that third party. Obviously, Jon knew nothing about ORDB nor about DSBL. Now, the straw man. Perhaps it was not intended, but it sounded like a veiled criticism of other public DNSBLs. In fact all major DNSBLs are concerned about their reputations. They don't become a major DNSBL service by blocking all of 12/8 because AT&T sucks. I'll go on to share my own thoughts. There is Spamhaus, and there are others. An essential tool. Spamhaus Zen is so widely used as to make the concept of "false positive" irrelevant. If any site gets listed by Spamhaus, it cannot afford to ignore that fact. They're not likely to single you out for their complaints, because they will be having delivery problems just about everywhere. :) Spamhaus got to this position by being careful and conservative. Consequently, people who desire more aggressive blocking which can include some "human shields" as "collateral damage" will be a bit disappointed. But it can easily block 70-95% of your spam. See http://www.spamhaus.org/zen/ for more. Others that I would consider worthy of a look include NJABL (part of which is in Spamhaus XBL) and Spam-eating monkey. SORBS is a bit more aggressive, and will not hesitate to list the outbound relays of major sites when spamtraps are hit, as happens regularly. A careful site might want to try it in "warn_if_reject" mode before going live. Like Spamhaus and NJABL, there are special purpose lists served by SORBS. Spamcop is mostly automated, so, like SORBS, it's not unusual that major freemail providers are listed. CBL deserves a mention, although I never use it directly. It's the major part of the Spamhaus XBL. This one does get occasional "false positives", in that a virus-spewing site which also has real mail can get listed. See above about complaints, you are not going to be the only one blocking these "false positives". I'm not comfortable with the term, "false positive," in case you wondered about the quotation marks. It's not false if listing criteria were met. Cases in which something is listed without having met the listing criteria are extremely rare. Most of this is offtopic here, BTW. Anyone who's serious about blocking spam might want to consider joining Spam-L: http://spam-l.com/ -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
From: LuKreme on 19 Feb 2010 20:20 On 19-Feb-2010, at 12:51, brian moore wrote: > so they [Barracuda] have a name and reputation to protect. Heh. Sorry, but this make me laugh. -- What is best in life? To crush your enemies, see them driven before you, and to hear the lamentation of the women
From: /dev/rob0 on 19 Feb 2010 20:37 On Fri, Feb 19, 2010 at 06:20:27PM -0700, LuKreme wrote: > On 19-Feb-2010, at 12:51, brian moore wrote: >> so they [Barracuda] have a name and reputation to protect. > > Heh. Sorry, but this make me laugh. Ha, yes, indeed they have a sordid past, but I think they're doing better now. I have not used the Barracuda RBL yet, but from Brian's and other reports, I think it is one worth considering. Fair enough to expect them to give back to the community after all the backscatter they have spewed at us. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
From: mouss on 20 Feb 2010 05:23 /dev/rob0 a �crit : > On Fri, Feb 19, 2010 at 06:20:27PM -0700, LuKreme wrote: >> On 19-Feb-2010, at 12:51, brian moore wrote: >>> so they [Barracuda] have a name and reputation to protect. >> Heh. Sorry, but this make me laugh. > > Ha, yes, indeed they have a sordid past, but I think they're doing > better now. I have not used the Barracuda RBL yet, but from Brian's > and other reports, I think it is one worth considering. Fair enough > to expect them to give back to the community after all the > backscatter they have spewed at us. I use it in spamassassin (with a high score). it gives good results, but I've seen false positives, so I wouldn't use it in postfix. example FP: a recent debian-kde mail was sent from 195.113.0.235 (smtpa.koleje.cuni.cz) which is listed in BRBL.
From: mouss on 20 Feb 2010 12:34 mouss a �crit : > /dev/rob0 a �crit : >> On Fri, Feb 19, 2010 at 06:20:27PM -0700, LuKreme wrote: >>> On 19-Feb-2010, at 12:51, brian moore wrote: >>>> so they [Barracuda] have a name and reputation to protect. >>> Heh. Sorry, but this make me laugh. >> Ha, yes, indeed they have a sordid past, but I think they're doing >> better now. I have not used the Barracuda RBL yet, but from Brian's >> and other reports, I think it is one worth considering. Fair enough >> to expect them to give back to the community after all the >> backscatter they have spewed at us. > > I use it in spamassassin (with a high score). it gives good results, but > I've seen false positives, so I wouldn't use it in postfix. > > example FP: a recent debian-kde mail was sent from 195.113.0.235 > (smtpa.koleje.cuni.cz) which is listed in BRBL. > a "better" example: $ host 202.244.160.119.b.barracudacentral.org 202.244.160.119.b.barracudacentral.org has address 127.0.0.2 $ host 119.160.244.202 202.244.160.119.in-addr.arpa domain name pointer n7b.bullet.tw1.yahoo.com.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: smtpd_reject_unlisted_sender Next: How to manage local blacklist on my postfix relay? |