SPAM Prevention/Blacklists

Paul Vixie vixie at vix.com
Fri Mar 5 19:36:36 UTC 2004


brandons at wyoming.com ("Brandon Shiers") writes:

> We are using the following RBL's on our MTA right now:
> 
> Spamhaus (sbl-xbl)
> DSBL
> NJABL (dynablock)
> 
> Are there any other good lists out there that you folks have had good 
> experience with? Any that we might want to consider taking a look at? 
> Thanks,

1. here's a chunk of my personal /usr/local/etc/postfix/main.cf file:

smtpd_recipient_restrictions =
	...
	reject_rbl_client rbl-plus.mail-abuse.org,
	reject_rbl_client nonconfirm.mail-abuse.org,
	reject_rbl_client sbl-xbl.spamhaus.org,
	reject_rbl_client opm.blitzed.org,
        reject_rbl_client http.dnsbl.sorbs.net,
        reject_rbl_client socks.dnsbl.sorbs.net,
        reject_rbl_client misc.dnsbl.sorbs.net,
        reject_rbl_client web.dnsbl.sorbs.net,
        reject_rbl_client zombie.dnsbl.sorbs.net,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client dynablock.easynet.nl,
        reject_rbl_client proxies.easynet.nl

2. but the most effective list i have is one i build from the apache log,
grepping for worm spoor.  most spam is sent through proxies left behind
by worms, so if you autoblackhole worm-infected hosts you'll stop a HUGE
amount of spam in the hours and days that follow.  (spammers are now
writing and releasing worms just to create proxy nets, and are also paying
malfeasants to write and release worms just to create proxy nets.)

3. furthermore, DCC (see www.rhyolite.com/dcc) is hereby highly recommended.
-- 
Paul Vixie



More information about the NANOG mailing list