On Sun, 2003-03-02 at 06:44, Nathan E Norman wrote:
> I am looking at revamping my mail setup (caveat; I'm not an ISP so
> this is somewhat off topic). Specifically, I'd like to introduce RBL
> lookups into the mix; connections to port 25 should be compared to
> various RBLs. So, which RBLs are people using? Do you drop/reject
> connections or simply flag messages?
Hi!
Here's what I do - without troubles so far. But I don't have many users,
so I also don't have too many people sending mail to this server.
I reject connections when the server is in one of
sbl.spamhaus.org
list.dsbl.org
ipwhois.rfc-ignorant.org
relays.ordb.org
proxies.blackholes.wirehub.net
+ a very small sets of manually configured IPs (C class net of every
spam mail that comes through to me).
(Opinions about these blacklists welcome...)
I do not use the spamcop rbl, because spamcop doesn't check carefully
enough, imho, when it lists a server. I've heard that it repeatedly
lists mailing list servers and takes some time delisting them again.
Additionally, I have spamassassin+bogofilter (bogofilter will probably
disappear when sa 2.5 becomes available for Debian), which checks a few
more RBLs and razor (is it possible to just recompile pyzor for woody or
sarge?), but spamassassin just tags mail. I (and users) can filter via
procmail/MUA. spamassassin mostly catches mailing list spam these days.
> Also, I've been toying with the idea of maintaining a database of
> "known" SMTP senders that seem to be spam free; that is, IPs not on
> the RBL and that have connected to me before. If I receive a
> connection from an IP I haven't talked to before, I'd like to run a
> quick relay check on that IP. I don't know whether it would be better
> to temporarily reject mail from that IP (4xx code) or just accept mail
> and hope for the best. The latter seems easier to code ...
Just as long as you don't use one of those whitelisting systems
requiring email senders to confirm their emails - you will confuse a lot
of people, and annoy some others.
If we're discussing uce measures:
I've accumulated a few spamtrap accounts (former usenet or web mail
addresses). What possibilies to automatically report these are there? I
currently do
- redirect to uce@ftc.gov (but I heard that's out of service)
- report to razor (but that doesn't do anything against the spammer
I would like it if an incoming mail would automatically cause a dsbl.org
and/or ordb.org check & listing, but I haven't been able to find such a
test program so far (there are some, but they expect me to specify the
IP - and I haven't got time to write a Received: header parser right
now.
greets
-- vbi
--
Available for key signing in Zürich and Basel, Switzerland
(what's this? Look at http://fortytwo.ch/gpg/intro)
Attachment:
signature.asc
Description: This is a digitally signed message part