Re: SPAM Prevention/Blacklists

[Richard Welty <rwelty () averillpark net>]

On Wed, 3 Mar 2004 17:45:59 -0500 "Patrick W.Gilmore" <patrick () ianai net> wrote:
> On Mar 3, 2004, at 4:23 PM, Brandon Shiers wrote:
> > Just a real quick question for the folks on the Nanog list:

> > We are using the following RBL's on our MTA right now:

> > Spamhaus (sbl-xbl)
> > DSBL
> > NJABL (dynablock)
 
> Of the ones above, I only use spamhaus, combined with opm.blitzed.org & 
> relays.visi.com

i use the same ones as Patrick, but i also use the cbl (a component of the
spamhaus xbl, perhaps the only one at the present time, but that could change.)

one thing i do is use opm.blitzed.org and cbl.abuseat.org at connect time.
hosts on these lists are pretty much guaranteed to be open proxies or
compromised hosts, so listening to them at all is a waste of time. no need
to wait until after RCPT TO: to 5xx, i just drop the connection.

> Also, I like sender verification, but that's me.

i used it for some time, and reluctantly shut it down. blocked a lot of email
abuse, but too many false positives for my taste.

richard
-- 
Richard Welty                                         rwelty () averillpark net
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security