E-mail Block Lists
Currently I only use the Spamhaus Blocklist (SBL) plus their Exploit Blocklist (XBL): sbl-xbl.spamhaus.org
However I'm still getting a lot of spam, and I've heard of people blocking nearly all spam using just a couple block lists.
Also, I currently use Postfix and put the setting: "rejectrblclient sbl-xbl.spamhaus.org" at the end of my "smtpdrecipientrestrictions" list. Is there a better place to put it?
Thanks in advance.
8 Replies
greylisting
@untitled9:
I was just wondering what block lists (dnsbl, rbl, etc.) people use to block spam.
Currently I only use the Spamhaus Blocklist (SBL) plus their Exploit Blocklist (XBL): sbl-xbl.spamhaus.org
However I'm still getting a lot of spam, and I've heard of people blocking nearly all spam using just a couple block lists.
I'm currently using opm.blitzed.org, lists.dnsbl.org, relays.ordb.org and bl.spamcop.net in addition to the blocklist from Spamhaus. Then again, I don't notice anything since I only have 13 domains that are relatively unknown to most people.
@untitled9:
Also, I currently use Postfix and put the setting: "rejectrblclient sbl-xbl.spamhaus.org" at the end of my "smtpdrecipientrestrictions" list. Is there a better place to put it?
No, that's the correct way to put it.
Without the blacklists I was getting over 185 spam a day. With them in place, I still see 80 or 90 a day (maybe) going into my spam folders. I get maybe an average of one a day that makes it to my inbox.
I'm hoping for something that I could squeeze into my "smtpdrecipientrestrictions" list at some point.
Thanks for the great responses!
Bayesian filtering is very nice if you have the time to mess with it.
I know this is getting mildly off the original topic though, since the question was about blacklists specifically. :)
@gyver:
You can try
. greylisting
Absolutely. I highly recommend using the greylist technique. Greylisting has reduced my spam to almost zero. (Although I use milter-greylist
Greylisting has been so effective for me I've dropped most of the other spam filters I had set up (SpamAssassin and two others). Although I still have the SBL check in place.
–John
Let's say you're running a mail server for example.com on 10.1.2.3; the spammer's mailer or proxy will try EHLO example.com or EHLO 10.1.2.3 to convince your server to go ahead and relay the spam.
A sendmail ruleset that rejects such fraudulent connections is available here
Combining this technique with SBL, XBL, and a local DNSBL to deal with spam and viruses that get through has reduced the spam/virus/phishing flood to a trickle on the server I run for my employer.