Re: blacklists
On Thu, Dec 09, 2004 at 07:04:49PM +0100, Richard Zuidhof wrote:
> To see some statistics on the hit rate of various blacklists see:
> http://cgi.monitor.nl/popstats.html
> http://www.sdsc.edu/~jeff/spam/cbc.html
or if you run postfix and want to compare RBLs against the client IPs in your
mail.log, then download http://taz.net.au/postfix/scripts/compare-rbls.pl
notes:
1. you will also need to download openlogfile.pl from the same place
and put it in the same directory as compare-rbls.pl
2. i wrote it several years ago, so it has several very old and now defunct
RBLs listed in it. change the @dnsrbls array to list only the ones you
want to check.
for example, change this:
my @dnsrbls = qw(blackholes.mail-abuse.org relays.mail-abuse.org
dialups.mail-abuse.org
relays.osirusoft.com
inputs.orbz.org outputs.orbz.org
or.orbl.org
relays.ordb.org);
to this:
my @dnsrbls = qw(cn-kr.blackholes.us
taiwan.blackholes.us
brazil.blackholes.us
hongkong.blackholes.us
list.dsbl.org
sbl-xbl.spamhaus.org
dul.dnsbl.sorbs.net
dnsbl.sorbs.net
Dynablock.njabl.org
relays.ordb.org
);
BTW, except for dnsbl.sorbs.net (which i don't use because i don't like their
de-listing policy - but i do use their DUL list), these are the RBLs i am
currently using.
3. i just updated the script to use the @dnsrbls array as shown above....but
it's still useful to know how to configure it.
4. it is very slow. it has do to one DNS lookup per RBL per IP address seen.
this is fairly slow, anyway, and it uses Net::DNS, which is not noted for it's
speed.
if you want to trial it on a small subset, do something like this:
tail -1000 /var/log/mail.log >/tmp/small.log
compare-rbls.pl /tmp/small.log | less
craig
--
craig sanders <cas@taz.net.au> (part time cyborg)
Reply to: