RE: [cobalt-users] Which RBL is Best ??

["Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>]

> I use the following black lists in my sendmail.mc configuration:
> 
> FEATURE(`blacklist_recipients')dnl
> FEATURE(dnsbl, `sbl.spamhaus.org')dnl
> FEATURE(dnsbl, `relays.ordb.org')dnl
> FEATURE(dnsbl, `bl.spamcop.net')dnl
> FEATURE(dnsbl, `list.dsbl.org')dnl
> 

You might also want to use:
dul.dnsbl.sorbs.net
socks.dnsbl.sorbs.net

In addition to those, I use an /etc/mail/access list similar to
http://home.comcast.net/~mcwebber/blocking.txt although my access list
is over 15,000 lines.

It uses less resources to block those dynamic addresses locally than to
run a DNSBL check. It's possible you may block legit email with that
list. My opinion on those *.dsl.* type domains is that you should get a
real ISP that can give you rDNS to your own domain. 

I also edited the:
R<REJECT> $*
line in sendmail.cf so it doesn't just say Access Denied for "REJECT"
but gives a URL on my server with info on the blocking and a contact
form. That makes my access file smaller since I don't need a ton of 550
yadda yadda yadda lines. Just REJECT.

Lately, I've been adding quite a few type of:
/sbin/route add -net 213.234.233.0 netmask 255.255.255.0 reject to my
RaQ so they don't even get to the maillog. There are plenty of rogue IP
blocks out there.

Just run:
tail -f /var/log/maillog
for a while and watch what's hitting your server. Run a few of the IPs
from strange looking entries through http://openrbl.org/ and you'll
quickly see that blocking just using that .txt file in /etc/mail/access
above would stop a ton of spam. And, convince your clients to turn of
catchalls. I've been seeing a ton of bounces to a couple of client
domains due to spammers apparently forging nonsense addresses at their
domains. If they were running a catchall they would be getting a few
hundred extra email a day.

-- 
C2003 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.