Exim RBL droplist

[mickalo]

Hello,

I wanted to check our RBL list currently being used and wanted to check if this is an accurate list or if someone has a more up-to-date list to use:

dnslists = zen.spamhaus.org :\
                 dul.dnsbl.sorbs.net :\ 
                 xbl.spamhaus.org :\
                 sbl.spamhaus.org :\
                 multi.uribl.com :\
                 combined.njabl.org :\
                 pbl.spamhaus.org :\
                 spambag.org :\
                 hil.habeas.com :\
                 list.dsbl.org :\
                 bl.spamcop.net :\
                 dnsbl.njabl.org :\
                 proxies.blackholes.easynet.nl :\
                 psbl.surriel.com :\
                 dynablock.easynet.nl

are any of these out-dated/not used or are there others to add to it.

Thx's
Mickalo

 

[easyhoster1]

for starters, remove

xbl.spamhaus.org :\
sbl.spamhaus.org :\

since your using zen.spamhaus.org

zen querys both sbl and xbl and your just wasting spamhaus
resources by leaving them in there.

 

[mickalo]

thx's all for the feedback, we'll trim it down.

Much appreciated.

Mickalo

 

[phoenixdarkdirk]

All we use in Exim are:

dnslists = zen.spamhaus.org : bl.spamcop.net

If you are using zen.spamhaus.org, you should not be using any of Spamhaus's other RBLs -- it only adds load on both ends. Zen includes the SBL, XBL, and PBL lists.

We use Chirpy's excellent MailScanner add-on, which queries several SURBLs after the message is received, but the two RBLs stop about 80% of incoming connections, leaving MailScanner+SpamAssassin to block about 40% of the remainder.

 

[Solokron]

cbl.abuseat.org

 

[celliott]

combined.njabl.org

I have found that any of the njabl.org blacklists tend to block a lot of legit mail, so I no longer put this in my RBL lists.

 

[jupiter]

Here is another one of those RBL's that utilizes a few of their databases at once. I'm not sure how effective using DOMAIN BASED in combination with IP BASED blocking.. They have some logic in their explanation.I would just be worried about spoofed headers and scripts that randomize the reply to: and From: fields...

They say,

<QUOTE>
"Judging e-mail based on the MAIL-FROM or hostname of the connecting mail server or websites advertised within an e-mail, is effective. Many unsolicited e-mailers regularly buy domains for the sole purpose of spam. No matter where the spam is sent from, it can be blocked based on the senders' domain name, or the domain name used in advertising URLs in the body of the e-mail.

Blocking based on IP address is effective only as long as the spammer continues to send from these IP addresses, it does not take into consideration that spammers can quickly move to another set of IP addresses, or use unlisted proxies.

Using a combination of domain-based and IP-based blacklists is an effective weapon against spam."
<UNQUOTE>


block.rhs.mailpolice.com

For exim 4

Put the rules below under the "acl_check_rcpt" after the allow rules.

deny message = Your hostname is blocked. See http://rhs.mailpolice.com/lookup/$sender_address_domain ($dnslist_text) dnslists = block.rhs.mailpolice.com/$sender_address_domain



Get the scoop here
http://rhs.mailpolice.com/



Jupiter

 

[easyhoster1]

edit

### The spammer was removed###

 

[rpmws]

low life scum bag spammer!!!!!!!

that's ok ..i am sure cancer will get him eventually if one of us doesn't first.

 

[easyhoster1]

that's ok ..i am sure cancer will get him eventually if one of us doesn't first.

LOL...........:D :D :D

 

[jupiter]

DUL databases ! PROBLEMS!

After doing some research I ran across a serious problem. The use of DUL backends by many services including spamhaus. MAPS(mail-abuse.org), and orbs --they are blocking many legit users from sending out and even sending locally to other domains on the same box!

I'll explain... The DUL databases also check to see if a user is using the SMTP server address OF their ISP that they are connected to at the time of sending, if so everything works ok. I don't know about everyone else, but with the Cpanel accounts I sell many of the customers when they set up their email accounts in their mail client they also input the smtp server address using their domain settings. THAT'S a problem! If they have an isp that allows the use of other SMTP server addresses, their mail will be rejected by any server that makes use of DUL data bases... That includes customers emailing their other internal accounts if we use the DUL in some fashion on the same box.

Now my personal ISP doesn't allow me to use any other smtp server address than theirs, so I don't persoanlly have this problem and I encourage everyone I sell an account to, to use the smtp sever address of their ISP instead.

What happens to those folks whos ISP simply alllows any SMTP server address while that client is connected to their service... The client is none the wiser for a while and ANY host that makes use of DUL will reject the message. It's a support nightmare for me anyway. Offering the SMTP part of a cpanel account when it comes to mail is pretty standard. I watch for spamming and have limitations set. I felt like I was swatting flies!

BUT How many hosts now with Cpanel are inputting these RBLS without knowing exactly whats being blocked and why... The most popular RBL services out there now are making use of DUL and in effect it's going to make SMTP on Cpanel accounts obsolete. No question about it.


Now most Cpanel hosts I know are making use of spamhaus...
They had a number of separate RBLS that you could make use of and I see lots of folks
doing just that.. Spamhaus as mentioned above incorporates multiple databases in one easy rbl called ZEN Youch! It taps into the DUL portion of the database.
Personally I make use of spamcop and simply the slb database from spamhaus which catches most the spam among other very selective items. NOTHING with DUL.

Also ORBS DUL database does just that as well.. blocks many of my customers sending even to their own accounts because many of my customers make use of their own domains smtp service. It's hell to get them to change to their ISP for this. It's difficult to explain to them too the part of authentication and using the pass and user of their isp.. They can't seem to get their head around why they would use their isp user and pass in the same pop3 email setup in their outlook. whew!

Anyway, I just thought I would bring this subject up because
1. Some Cpanel admins aren't putting two and two together when they input RBLS and wonder why their customers can't send to local accounts, or get rejected emails and it's because the host is using DUL in conjunction with the customer using their own smtp provided BY us Cpanel hosts.
2. It affects the very Cpanel accounts I sell and there is no warning about the downs of using their own smtp server address I provide. Nothing is written in the guide or when they set up their pop3 account. Can you imagine the reaction get now when I tell a customer if they use their smtp settings in Cpanel that they will get rejects back from other hosts as they more and more use the DUL fed RBL's and most importantly they cannot send mail to their own customers and collegues on the same box because we use the DUL database? sheeeesh I don't think that would go over very well. That's why I no longer use DUL fed RBL's

I had to discontinue the subscription I had with MAPS mail-abuse.org because of the DUL
and only use slb for spamhaus and drop the zen totally.


Sorry for my brain blithering... It happens lol
This is the Greatest forum in the world and the people who spend time here
researching and posting I truly respect... Ive learned so much from everyone here

Jupiter