[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Complaint about change in spam controls of mailing lists @ Red Hat

>  On Monday 21 April 2003 10:25 pm, Ed Greshko greshko com wrote:
>  > On Mon, 21 Apr 2003, Jesse Keating wrote:
>  > 
>  > > > Personally, these RBL's suck big time.  They have 
>  *not* reduced 
>  the amount
>  > > > of spam I get.  But they force me to spend more money in some 

My personal experience for all it's worth...

Having been professionally "violated" in a major way by spammers
using us as a relay point source for 100's of 1,000's of pure
crap daily. (we were using a raptor firewall at the time
and sendmail on SCO was seeing everything as a relay from Raptor
so we could not stop the relaying until we upgraded to
cisco pix and sendmail on redhat)

I use these RBL's in this order. They are all free except for the
net traffic and time, sometimes you get hung up in sendmail if one
goes offline because of the delays
it causes by retrying the link before it bypasses them.

sendmail needs some smarts to bypass RBL's that have failed
and retry them at a later time. Right now it just hammers
them on every incoming email.

the first few RBL's usually generate the hit. They have cut
my spam load by
98%. The ones that get through are not on the blacklists.

The rest of the sleeze get chopped off by ACCESS database
entries derived from
maillog entries and eventually
all will be blocked upstream by being added to the ACL's
in my cisco border routers.

I have sendmail maillog levels jacked up a bit to log more
of what is going on.
I will crank that into a script that will automatically
generate cisco ACL entries.

these RBL's have not cut off anyone I care to talk too
in the past few months and that's the rest of the world.
I had some issues early on and just had to delete
certain RBL's from the list

I use to use the osriussoft RBL cluster as well until they crashed
and hung up my sendmail daemon big time. only problems
I have seen are RBL server failures hanging up my system
and the occasional blacklisted client complaining to me
when I bounce them.

I know the list is overkill at the moment, it is being trimmed
down over time to be just the best of the bunch.
It currently helps me to generate a list of active
spammer or open relay connections that are coming at me
for the ACL's.

I figure overtime I will collect the major of the recurrent
spammer addresses into my ACL's and sendmail will have less
of a burden and by then the RBL list can be reduced to a few of the
more useful entries.
sample rejection notice for sendmail.mc -

"Message from "$&{client_addr}" rejected - Your EMAIL Server
    is a Blacklisted Spam Source at <http://ordb.org>"

The current rather extensive list in use. It includes local as well
as international RBL's to hopefully catch the offshore creeps.
I cant vouch for any of them personally,
you just have to check to see
if they are zapping people who you want to let through. Some are
a bit overzealous in their blacklistings.
I run them through the openrelay test tools
periodically to verify they still function.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]