On Mon, 27 Sep 2004 12:52:41 -0400 (EDT), "Dan Mahoney, System Admin" <[EMAIL PROTECTED]> said: > Hey guys, as a quick survey, if you're blocking ips at the MTA level, > which are you using?
I think it's a bad idea and don't do it at all. Much better to configure your MTA to reject mail based on a SpamAssassin score which nicely combines the RBLs and other spam indicators. Our MTA returns a 550 after the DATA is received on any message that SpamAssassin scores higher than 10, which blocks about 90% of all spam we get (that's about 70% of all incoming mail, lately). If I was forced to reject based on a single RBL for some reason, I would look at the scores SpamAssassin gives for a hit on each one as a fairly objective indicator of which RBLs are best. Note that DSBL.org scores highest, with SpamHaus' XBL right behind. As I understand it, the genetic algorithms reduce the scores a lot if a significant number of false positives are encountered. RCVD_IN_NJABL_RELAY 0 0.934 0 1.397 RCVD_IN_NJABL_DUL 0 1.655 0 0.088 RCVD_IN_NJABL_SPAM 0 1.051 0 1.841 RCVD_IN_NJABL_PROXY 0 1.026 0 0.438 RCVD_IN_SORBS_HTTP 0 0 0 0.043 RCVD_IN_SORBS_MISC 0 0 0 0.338 RCVD_IN_SORBS_SMTP 0 1.597 0 2.493 RCVD_IN_SORBS_SOCKS 0 1.847 0 2.054 RCVD_IN_SORBS_WEB 0 0 0 0.007 RCVD_IN_SORBS_ZOMBIE 0 0.819 0 0 RCVD_IN_SORBS_DUL 0 0.137 0 1.987 RCVD_IN_SBL 0 1.050 0 0.107 RCVD_IN_XBL 0 2.511 0 3.076 DNS_FROM_RFC_POST 0 1.376 0 1.614 DNS_FROM_RFC_ABUSE 0 0.374 0 0 DNS_FROM_RFC_WHOIS 0 0.492 0 0.296 RCVD_IN_RFC_IPWHOIS 0 1.140 0 1.664 DNS_FROM_RFC_BOGUSMX 0 1.463 0 2.630 RCVD_IN_DSBL 0 2.765 0 3.805 DNS_FROM_AHBL_RHSBL 0 0.070 0 0.295 RCVD_IN_BL_SPAMCOP_NET 0 1.832 0 1.216 RCVD_IN_RSL 0 0.677 0 1.720 -- [EMAIL PROTECTED]
