[aclug-L] Re: Using RBL on Email server
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
We use RBLs to stop 80-90% of our incoming SMTP connections, on ~500
anti-spam servers installed throughout the U.S. and Canada.
There are different RBLs, and indeed different _types_ of RBLs. If
you're selective about which ones you use, you can practically eliminate
all false-positives.
sbl.spamhaus.org and xbl.spamhaus.org are pretty safe to block without
fear of false-positives, for instance. pbl.spamhaus.org is a good
candidate for 'intelligent' greylisting like Steve mentioned.
URIBL is also a great content-based RBL to use (it's a blacklist of URLs
found in email content). SpamAssassin 3.2 (and maybe 3.1) has a plugin
to use it. I highly recommend using it! When we have clients call and
complain that they're getting too much spam, 9 times out of 10, it's
because their URIBL SA plugin isn't working properly (usually due to
broken DNS).
A combination of approaches is almost always best.
Steven Saner wrote:
> Dale W Hodge wrote:
>
>> I know this is probably going to be a question that most of you can't
>> answer, but has anyone else on the list tried using RBL's on their mail
>> server? If so, which have you liked and which do you not?
>>
>> For those wondering what I'm asking about, I'm referring to using
>> Realtime Black Lists on my mail server to try and stem the tide of spam
>> email. The concept is to reject the message at the gateway by consulting
>> a list of known and/or potential spammer IP's rather than using
>> filtering software to try to deal with the messages after they've been
>> delivered. The problem as always is one of how much do you trust a list
>> to be accurate. Using a conservative list has helped some, but now
>> wondering which lists are more aggressive without being too aggressive.
>>
>
> As already mentioned, using an RBL to reject mail can be a little dangerous.
> Maybe not for a personal mail server, but for a corporate/ISP mail server you
> can start to reject too much legit mail.
>
> Also already mentioned is greylisting. Greylisting is great. Very effective
> at
> stopping spam and stops very little legit mail because the sender side will
> resend the message again and it will get through. It's downside is that mail
> gets delayed, which can be a problem.
>
> So here's the secret. Combine them. Greylist. But only greylist certain
> messages. Messages that are suspect, such as being on an RBL. You can use
> more
> agressive RBLs because the message will get through if it is legit. And most
> legit mail will not be delayed at all.
>
> Steve
>
>
--
Inbound and outbound email scanned for spam and viruses by the
DoubleCheck Email Manager: http://www.doublecheckemail.com/
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
|
|
