On Friday 18 June 2004 16.29, Francisco Borges wrote: [...] > a Block List [...] that blocks not only blocks huge IP > > blocks /permanently/ but also whole countries > (some 25 by default). ouch. > We need to use some form of Block List at the connection level, For a minimal false positive rate I would recommend using greylisting first. This will delay some emails (first occurence of every IP/sender/recipient tripel) by 10min - 1h (depending on the sender mail server), but will instantly block quite a lot of spam and viruses/trojans. (Debian: greylistd. Also, postgrey for postfix. Don't use the greylist example script that comes with postfix 2.1, see the postgrey web site for why). > I've used (through notespam) for my own private email, the following > lists: > Visi (relays.visi.com); Don't know. > ORDB (relays.ordb.org); Good results, but declining over the last months. > SpamCop (bl.spamcop.net); Too many false positives. Will happily list MXen of big ISPs. > dorkslayers (orbs.dorkslayers.com). Dunno. After you greylist, put cbl.abuseat.org in place. Very conservative, very quick to unlist, but will get a lot of mail. I also had very good experiences with list.dsbl.org (or .net?). spews is more aggressive and needs close watching. Probably better not use it. (And, on my server, it doesn't catch much that isn't caught by abuseat or dsbl anyway, so it's not that important anyway.) (Hmm. I posted my setup just recently. Perhaps in -security?) greetings -- vbi -- All Hail Discordia!