On Mon, 2006-11-27 at 09:27 +0200, guy keren wrote: > i think that you have to give up some of the paranoya (i'm going to > block the e-mail that'll change my life!) in order to get good > filtering.
Its a different kind of paranoia when you're a service provider (and may I say - a bit more legitimate). I'm worried that I'll have a false positive, but I don't let it bother me too much. > > On 27/11/06, Ira Abramov <[EMAIL PROTECTED]> wrote: > > Quoting Oded Arbel, from the post of Sun, 26 Nov: > > > large list of RBLs, including my own RBL with which I > > aggressively block > > > dynamic IP pools (in addition to specific spammers, mostly > > Israeli, who > > > aren't blocked by spamhaus and friends). All the image spam > > is generated > > > > well, care to share that list of usefull RBLs? I'm always > > afraid to > > block too much, and someone else's experiance with specific > > RBLs' record > > is valueable. Up until recently (when I started to run my own RBL), I used to check new SPAM (caught by bogofilter or otherwise) against a multi-RBL checker and add RBLs that block the specific IP range to my list. There are a few such sites that do this, I'm using http://www.robtex.com/rbls.html . Right now my list is as follows: rbl.eonspace.net l1.spews.dnsbl.sorbs.net spam.dnsbl.sorbs.net dul.dnsbl.sorbs.net sbl-xbl.spamhaus.org bl.spamcop.net relays.ordb.org list.dsbl.org cbl.abuseat.org dynablock.njabl.org dnsbl.njabl.org dialups.mail-abuse.org opm.blitzed.org dialup.blacklist.jippg.org mail-abuse.blacklist.jippg.org no-more-funn.moensted.dk dnsbl.ahbl.org psbl.surriel.com spews.dnsbl.net.au The first one is my private RBL - you can use it if you want, but its on your head: I take no responsibility for false positives and I make no guarantees - I don't think I have false positives but its really hard to check when you just reject senders and can't examine the actual e-mail. Do beware as rbl.eonspace.net is very aggressive, and as I don't know how to provide a meaningful bounce messages yet (I'm not sure if its handled on the MTA side or on the RBL side - I can't seem to find good documentation about how to run an RBL), its very hard to get off my list (try 'dig txt rbl.eonspace.net'). The rest of the list goes in order of priority - larger and higher quality RBLs are closer to the top, and the last few RBLs are personal RBLs that are likely to be dropped later (I try to monitor the RBL usage and I don't think I get enough real rejects from an RBL I remove it). > On Mon, 2006-11-27 at 13:17 +1100, Amos Shapira wrote: > > Has anyone though of using geoip data to block entire states from > > which you don't expect to receive mail? > > There's even an iptables module to do that at the firewall level :) For service provider this is not a legitimate way to handle spam - it reminds me the (real) story about a large US based ISP, a couple of years ago, that decided to block all e-mail from Europe as its mostly SPAM, and no one is really interested in receiving e-mail from Europe anyway.. That ISP was, of course, quickly made to change its attitude, but I think its wrong blocking China just as much as it is wrong to block Germany. As a service provider I can't know who my clients will want to talk to. -- Oded ::.. "It's hard to change direction in mid-air." -- Calvin and Hobbes ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
