Am 09.12.2010 08:12, schrieb Stan Hoeppner: > The original design usage of greylisting was to stop spam bots as they > don't retry as an RFC compliant MTA does. If that is your main goal for > your greylisting daemon, then this set of pcres, along with spamhaus pbl > and cbl checks (use zen) is pretty much equivalent in bot rejection > performance to greylisting. (Run this before the zen query as local > table lookups are faster)
As noted in my other mail I will look into using zen as well, yes. > But with this solution you don't have the dreaded retry wait period, customers/users like that ;-) And I do as well, as I don't have to explain that wait period ... > nor > a triplet database to maintain, nor an extra daemon running. However, > there is the possibility of "false positives" regarding rejected legit > mail. Some ISPs lump SOHO accounts and consumer accounts into the same > rDNS pattern, and there's always the chance someone is hosting a legit > MTA on a consumer line (I've done so in the past). Some ISPs don't > allow custom rDNS. Whitelist such an IP in these cases with a > check_client_access type:table before running this pcre check.. understood, thx. >> * is your list rather static or dynamic? is a frequent "wget" or so >> necessary/recommended? > > Entirely static at this point. However, this list isn't complete by any > means, and is missing many rdns patterns for ISPs around the world. > There have got to be more than 1600 broadband ISPs. This leaves room > for improvement. Someone expressed some interest to me WRT starting a > community project based on this list, with OPs around the world adding > their own expressions to the list to expand it over time and make it > more effective as a more general spam fighting tool. The current set of > 1600 expressions is a good starting point. AFAIK that effort hasn't > begun. I have no interest in leading nor hosting a "big project" based > on this, but I'd gladly accept any *thoroughly tested* regexes and add > them to the "master" list I currently host at > > http://www.hardwarefreak.com/fqrdns.pcre > > I'd be glad to start new sections of the file for spam source types > other than consumer rdns patterns. Patterns of snowshoe farms would be > good. I am not any help here, I assume. I also assume that your list might be a bit more US-centric (haven't really checked it) so maybe it is not as useful for european users like me. But won't hurt anyway ... Maybe some similar list of european ISPs exists already? Anyone? ;) >> * how do/did you generate it? > > As I've stated in the past in many fora, including this list, I didn't > create that set of regexes. It was donated anonymously, originally as a > regexp file, to the spam-l (now defunct) mailing list by a member, who I > believe likely works for a good sized US ISP. I believe he, or his > team, created the list over a lengthy period of time by analyzing spam > logs. Yep. Thanks for your detailled reply, Stefan
