On Mar 27, 2015, at 5:12 PM, Axb <axb.li...@gmail.com> wrote: > DOB isn't realtime/zero hour.
That kind of defeats the point, isn't it? I mean, if you wait too long, it's no longer DOB, it's "few-DOB"... I would have imagined that a DOB server would operate in a caching mode where the first query on a domain would cause a whois lookup, which then generates a cache table entry with the reg date. Subsequent lookups then don't incur a whois hit, they just check the cache table. In this way it could be effectively realtime since only the first query causes a whois load, and it would always return the correct answer. I guess that's not the case? > I have zero Sendmail clue but if you can do it, also check sender/helo/rdns > against dbl.spamhaus.org's reply 127.0.1.2 I haven't found a way to do this, but if someone knows, please post... > You also may want to look at the Invaluement IP/URI lists. > (Invaluement.com). Detection rate is real good and FP level is extraordinary. > IIRC you can get a test drive. > I wouldn't want to miss it. Unfortunately a paid service is not in the cards right now. Does anyone recommend using the PSBL (Surriel) for sendmail dnsbl? I see that it's enabled by default in SA, but should I "promote" it to the sendmail level, or is it too prone to FP? On a related note... since I implemented SpamCop, Barracuda, and SpamHaus at the sendmail level, should I disable those RBL lookups in SA, to prevent double-querying the RBLs for those mails that do get through? Or does SA check _all_ Received lines, in which case I should leave it enabled since sendmail only checks the connecting MTA? (I should note that I _HAVE_ seen RCVD_IN_XBL/PBL/SBL and RCVD_IN_BL_SPAMCOP_NET pop up not infrequently, despite implementing dnsbl for those RBLs in sendmail, which means either they're getting listed in the small interval between sendmail and SA, or SA is checking more than just the last hop...) Thanks. --- Amir
