[TriLUG] mail filtering

Jeff Groves jgroves at krenim.org
Thu Jun 2 18:42:47 EDT 2005 

Rick:

Yeah, I had to pick and choose which blackhole lists that I use pretty 
carefully and have to watch my mail log file fairly closely.

The lists that seem to do the best are the ones that are geographically 
specific.  I don't expect to be getting email from china or korea, so I 
use cn-kr.blackholes.us.  The same goes for email from Mexico, Nigeria, 
Argentina, Brazil, Russia, and Malaysia.  All sent to the bit bucket.  
Up until recently when I did business with people in Singapore and 
Taiwan, those two were include as well.

The non-geographic specific lists that I use are:

 relays.ordb.org:  hosts with open SMTP relays
 cbl.abuseat.org: hosts controlled by known spammers
 web.dnsbl.sorbs.net: hosts with abusable vulnerabilities
 http.dnsbl.sorbs.net: hosts with open HTTP Proxy Servers
 socks.dnsbl.sorbs.net: hosts with open SOCKS proxy servers
 misc.dnsbl.sorbs.net: hosts with open Proxy Servers
 smtp.dnsbl.sorbs.net: hosts with open SMTP relay servers
 zombie.dnsbl.sorbs.net: hosts that have been hijacked from their owners
 1.spews.dnsbl.sorbs.net: hosts controlled by known spammers
 rhsbl.sorbs.net: hosts that should not be sending email
 list.dsbl.org: hosts known to have open proxies or exploitable 
vulnerabilities

and yes, I have it send these email messages to the bit bucket as well.

This is acceptable, since I too gave up on my ISP's email service and 
set up my own sendmail MTA and only my wife and I receive email through it.

Jeff G.


Rick DeNatale wrote:

>On 6/1/05, Jeffrey A. Groves <jgroves at krenim.org> wrote:
>  
>
>>I too have had mimedefang running for quite some time and have been very
>>pleased with it.  I recently disabled the spamassassin portion as I was not
>>getting any value-add on top of the multiple DNSBL that I use.
>>    
>>
>
>I hope that you are using that DNSBL as a filter rather than a block.
>
>I was quite surprised to see how many false positives get generated by
>DSNBLs. My isp blocks email which comes from any server which appears
>on a variety of DSNBLs.  I was finding that this was doing things like
>intermittently bouncing yahoo groups messages, and blocking certain
>sourceforge and other mailing lists, including the initial sign-up
>confirmation messages.  At the same time, spamassassin was finding
>lots of spam which was slipping through this net.
>
>I couldn't seem to convince the isp that blocking legitimate e-mail to
>their customers was a bad thing, they were happy because it lowered
>the load on their e-mail servers since they were throwing away so much
>"spam."  In fact they were convinced that nothing but spam was getting
>blocked, despite my persistent question of "how do you know?"
>
>I ended up just going around them and setting up my own mail server
>for my own domain which doesn't use DNSBLs except maybe to provide
>input to spamassassin with a fairly low score.
>  
>

-- 
Jeff Groves
email: jgroves at krenim.org             Web Site: http://www.krenim.org/

More information about the TriLUG mailing list