spamassassin-users January 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Off topic: best RBLs to use to block at

Re: Off topic: best RBLs to use to block at smtp connection?

From: mouss <mouss_at_nospam>
Date: Mon Jan 03 2011 - 23:58:25 GMT
To: users@spamassassin.apache.org

Le 03/01/2011 13:28, Jari Fredriksson a écrit :
>
> I want to secure a postfix site with rbls, no spamassassin at this
> moment. (I use SpamAssassin on other sites, and no RBLs at SMTP time, so
> I'm not very experienced with this. SA has may RBL's, sure, but what to
> use to kill them when seen?)
>
> I can google, but many of those advices tell to use obsolete and dumb
> RBL's, so...
>
> I want a good coverage, but not too many false positives. What do you
> use to block a spammer at SMTP connect?
>

1) the one you should have is zen
        reject_rbl_client zen.spamhaus.org

if you use that and if you are not "unlucky", then you don't need other
DNSBLs:

Recipient unknown................: 5318 ( 73.85 %)
DNSBL zen.spamhaus.org...........: 816 ( 11.33 %)
Helo non fqdn....................: 420 ( 5.83 %)
Relay Attempt....................: 363 ( 5.04 %)
Spamassassin.....................: 155 ( 2.15 %)
DNSBL local......................: 42 ( 0.58 %)
DNSBL psbl.surriel.com...........: 18 ( 0.24 %)
RHSBL dbl.spamhaus.org...........: 16 ( 0.22 %)
Other............................: 14 ( 0.19 %)
DNSBL bb.barracudacentral.org....: 10 ( 0.13 %)
DNSBL bl.spamcop.net.............: 10 ( 0.13 %)
Helo Blocked.....................: 8 ( 0.11 %)
Helo invalid.....................: 4 ( 0.05 %)
Sender Blocked...................: 3 ( 0.04 %)
Client grDNS.....................: 1 ( 0.01 %)
Sender unknown...................: 1 ( 0.01 %)
DNSBL korea.services.net.........: 1 ( 0.01 %)

as you can see, all DNSBLs but spamhaus are more or less useless.

2) other DNSBLs that are considered safe:
         bl.spamcop.net
         psbl.surriel.com
         korea.services.net

3) BRBL is probably safe, but it is linked to a "pay to get whitelisted"
scheme:
        bb.barracudacentral.org

4) mailspike is a newcomer.