Complete.Org: Mailing Lists: Archives: discussion: January 2008:
[aclug-L] Re: Using RBL on Email server 		Home

[aclug-L] Re: Using RBL on Email server

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: discussion@xxxxxxxxx
Subject: [aclug-L] Re: Using RBL on Email server
From: Carl D Cravens <raven@xxxxxxxxxxx>
Date: Sat, 19 Jan 2008 21:41:59 -0600
Reply-to: discussion@xxxxxxxxx 
Dale W Hodge wrote:
> I know this is probably going to be a question that most of you can't 
> answer, but has anyone else on the list tried using RBL's on their mail 
> server?  If so, which have you liked and which do you not?

I use the Spamhaus.org "SBL+XBL" RBL (verified spam sources, verified
exploited machines) and have for a few years now... without them (when I
forgot to turn them on for my new server) my spam load is at least
double.  Spamhaus is well-respected, conservative, and very effective.
Avoid Spamcop... they're experimental and aggressive.

If you can, also reject connections based on invalid HELO/EHLO
information... anybody that gives you 127.0.0.1, your own IP address or
hostname, or a syntactically invalid hostname in a HELO is obviously
bogus.  Exim will do this, and I can point you to the recipes that I use
if you use it.

Any time you can drop a connection before DATA, you save a lot of
processing overhead.  Just don't be too aggressive.

If you don't mind a delay in delivery, look at greylisting.  Personally,
I don't like it, but it is very effective.  It relies on the fact that
99% of spam software never retries a delivery.  The first time mail is
delivered from a particular IP address, the mail is rejected with a
"temporarily unavailable" message.  When the mail is retried, it is
accepted... spammers "never" retry.  Only problem is, many mail servers
are set to run their queues every 30 minutes.  So you're introducing a
delay on mail delivery.  One that can be significant in a business
environment.

The one we use at work keeps track of sender/recipient pairs and, once
mail is successfully delivered for a pair, puts the sender in a
whitelist for that recipient.  So once you get mail through, it goes
through quickly.  But it's a royal pain when you've got a tech support
guy on the phone and he says, "Let me email you a new license key," and
you know that it's not going to come through while you're on the phone.
 (I really need to find out if our system has the facility to hand-load
the whitelist in advance.)

(I really can't believe that the users haven't pushed back on this one
and insisted on its removal.  But I think they consider mail delivery
such a black box that they don't even realize why their mail might be
delayed.)

-- 
Carl D Cravens (raven@xxxxxxxxxxx)
Some days it's not worth chewing through the restraints.

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
[Prev in Thread] Current Thread [Next in Thread]