[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which Spam Block List to use for a network?

On Friday 18 June 2004 16.29, Francisco Borges wrote:
> a Block List [...] that blocks not only blocks huge IP 
> > blocks  /permanently/ but also whole countries  
> (some 25 by default).


> We need to use some form of Block List at the connection level,

For a minimal false positive rate I would recommend using greylisting 
first. This will delay some emails (first occurence of every 
IP/sender/recipient tripel) by 10min - 1h (depending on the sender mail 
server), but will instantly block quite a lot of spam and 
viruses/trojans. (Debian: greylistd. Also, postgrey for postfix. Don't 
use the greylist example script that comes with postfix 2.1, see the 
postgrey web site for why).

> I've used (through notespam) for my own private email, the following
> lists:
> Visi (relays.visi.com);

Don't know.

> ORDB (relays.ordb.org);

Good results, but declining over the last months.

> SpamCop (bl.spamcop.net);

Too many false positives. Will happily list MXen of big ISPs.

> dorkslayers (orbs.dorkslayers.com).


After you greylist, put cbl.abuseat.org in place. Very conservative, 
very quick to unlist, but will get a lot of mail.

I also had very good experiences with list.dsbl.org (or .net?).

spews is more aggressive and needs close watching. Probably better not 
use it. (And, on my server, it doesn't catch much that isn't caught by 
abuseat or dsbl anyway, so it's not that important anyway.)

(Hmm. I posted my setup just recently. Perhaps in -security?)

-- vbi

All Hail Discordia!

Attachment: pgpRuPDcLPR1z.pgp
Description: signature

Reply to: