[TriLUG] preferred RBLs?
aaron at joyner.ws
Tue Nov 29 21:06:33 EST 2005
Rick DeNatale wrote:
>On 11/29/05, Corey Mutter <corey at mutternet.com> wrote:
>>On Tue, Nov 29, 2005 at 10:17:18AM -0500, Jason Tower wrote:
>>>anyone have smtp RBLs that they're particularly fond of?
>>I second others' recommendations for sbl-xbl.spamhaus.org.
>>The way I have it set up at my day job, I use MIMEDefang and do the
>>blacklist check in filter_recipient(). It means the list gets checked
>>once per recipient instead of once per connection, but it also means
>>that I can set some addresses (like 'contact' and 'support') to not
>>filter using the blacklist. The machine has a caching DNS server anyway,
>>so no big deal on the DNS load.
>>My Web page referenced in the bounce message given tells people that
>>they can use the contact or support addresses to email us, if they
>>happen to get on the list. So far, in a couple of years, that's only
>>happened once (when an ieee.org mailserver got on XBL because a machine
>>behind their NAT was spewing out viruses...)
>I have to say that I'm a big NON-fan of using RBLs to bounce mail.
Kudos to Rick for making the point I'd been meaning to sit down and
write up in response to this thread. His response was undoubtedly more
concise than mine would have been. :) As an ISP sysadmin vet of many
moons, I can't say it loudly enough... don't use RBLs to block mail.
Assign them a weight in your filtering setup, so you're not throwing
away mail, at the worst you're filing it into a folder marked RBL or
Spam or whatever if it matches any of the RBLs, or more reasonably, such
that you're considering other factors to determine if it's actually
spam. Your users (even if that's just you) will thank you (or yourself,
as the case may be).
Aaron S. Joyner
More information about the TriLUG