North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SPAM Prevention/Blacklists

  • From: Paul Vixie
  • Date: Fri Mar 05 14:38:41 2004

[email protected] ("Brandon Shiers") writes:

> We are using the following RBL's on our MTA right now:
> 
> Spamhaus (sbl-xbl)
> DSBL
> NJABL (dynablock)
> 
> Are there any other good lists out there that you folks have had good 
> experience with? Any that we might want to consider taking a look at? 
> Thanks,

1. here's a chunk of my personal /usr/local/etc/postfix/main.cf file:

smtpd_recipient_restrictions =
	...
	reject_rbl_client rbl-plus.mail-abuse.org,
	reject_rbl_client nonconfirm.mail-abuse.org,
	reject_rbl_client sbl-xbl.spamhaus.org,
	reject_rbl_client opm.blitzed.org,
        reject_rbl_client http.dnsbl.sorbs.net,
        reject_rbl_client socks.dnsbl.sorbs.net,
        reject_rbl_client misc.dnsbl.sorbs.net,
        reject_rbl_client web.dnsbl.sorbs.net,
        reject_rbl_client zombie.dnsbl.sorbs.net,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client dynablock.easynet.nl,
        reject_rbl_client proxies.easynet.nl

2. but the most effective list i have is one i build from the apache log,
grepping for worm spoor.  most spam is sent through proxies left behind
by worms, so if you autoblackhole worm-infected hosts you'll stop a HUGE
amount of spam in the hours and days that follow.  (spammers are now
writing and releasing worms just to create proxy nets, and are also paying
malfeasants to write and release worms just to create proxy nets.)

3. furthermore, DCC (see www.rhyolite.com/dcc) is hereby highly recommended.
-- 
Paul Vixie