Paweł Tęcza wrote: > Steve Freegard pisze: >> Paweł Tęcza wrote: >>> Also a lot of spams I received have good reverse IP address. We use >>> greylisting for our mail system, but we still receive that spam. >>> >>> Maybe that IP address above has been noted on popular RBL lists, but the >>> spammers still use new infected machines, so they can leave RBLed hosts. >>> So I would like to find better solution for fighting that spam than only >>> using RBLs. >> I don't really agree with you; RBLs like the Spamhaus PBL and SORBL DUHL >> list hosts dynamic/consumer IP ranges that should not be connecting >> directly to port 25 and these are precisely the hosts that are sending >> this spam; using the PBL myself and that kills 99.99% of these spams >> cheaply without requiring the more expensive SA checks. > > Hello Steve, > > Probably you misunderstood me. I wanted to say that only RBL protection > is not sufficient to kill all spam messages. > > I use a lot RBLs, below is a list of them: > > bl.spamcop.net > combined.njabl.org > dnsbl.sorbs.net > iadb.isipp.com > list.dnswl.org > plus.bondedsender.org > sa-accredit.habeas.com > sa-other.bondedsender.org > sa-trusted.bondedsender.org > zen.spamhaus.org > > but I still get many spams.
Depending on how you call SA depends on whether it has enough information to actually know the IP address of the host delivering the message and be able to look up the offending IP in the DNSBLs. Put zen.spamhaus.org and bl.spamcop.net into your MTA in addition to SpamAssassin; then see how many you get... > Thank you very much for these rules! :) I can try them. The rule I posted isn't effective any more since I posted it here... I'll send you another off-list... Cheers, Steve.
