[PLUG] The surbl blacklist...

Tim tim-pdxlug at sentinelchicken.org
Sun Sep 6 22:04:19 UTC 2009



> Does anyone use this with Postfix?
> 
> I'm trying to understand why I would want to reference a list of web
> sites to block email?


I was curious to see what you were talking about, so I googled for
"surbl blacklist":

  http://www.surbl.org/


Sounds like an interesting idea, but it's a post-delivery content
filter approach, not something you can deploy as a first line of
defense.


In your quest for more RBLs, obviously there's spamhaus.org that you
hadn't mentioned before.  I also download these two blacklists
periodically, process them, and host my own internal RBL server with
rblsmtpd:
  http://www.openbsd.org/spamd/traplist.gz
  http://www.openbsd.org/spamd/nixspam.gz

Like you, I also use spamcop.  Not using SORBS right now, since I
thought they were throwing in the towel at some point.  

When greylisting first became popular, I figured it would end up being
ineffective after some short period of time.  It's yet another
tit-for-tat defense strategy that just requires about as much effort
on the spammers' part as it does on ours.  I never bothered
implementing, even though early results showed it being very effective
for my brother who has a similar mail setup.  However, I have noticed
a lot of delays for legitimate mail due to greylisting.

On my systems, I've set up scripts to start temporarily blacklisting
IPs that send me mail at nonexistent addresses (after some sanity
checks).  The idea being that spammers often flood many nonexistent
addresses in conjunction with real ones they've harvested.  My scripts
don't stop a whole lot more spam, but it was an interesting
experiment.

Anyway, I'm still not happy with the level of spam that gets through
my border, but I simply don't have time to keep up with it.  Let me
know if you come across any other good blacklists or tricks to cut
down on the volume at the perimeter.

tim




More information about the PLUG mailing list