Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] How to use www.senderbase.org ??

2008-04-17 by Adam Katz

Ondrej Valousek wrote:
> I have just returned from CiscoExpo exhibition - I was quite
> curious to see what technology they offer to fight spam. It turned
> out that they acquired company Ironport which is looking after
> senderbase, the most successful black/whitelist sender database (so
> they say).
> 
> Google says the usage of the senderbase portal should be free so 
> question is:
> - Is it possible to use www.senderbase.org to gather reputation of
>   the sender and set greylisting constants accordingly to that
>   reputation? (i.e. the similar way we can do with dnswl or dnsbl)
> - Is here anyone who managed to do it? How?
> - Any other comments, suggestions?

Short answer:  The Spamcop DNSBL represents the data from Senderbase.
 However, it requires 100% accuracy, and we don't care so much for
greylisting.  I wrote a script to delay members of bad networks.


Ironport owns and operates Spamcop (senderbase's big sister), which is
one of the best of the DNSBLs.  I correlated a significant boost to
spam filtering to the fact that I started reporting spam to them.
Some spam botnet/relays stay below the radar by limiting who they
spam, so it is your duty to report them; DNSBLs can only go so far
with their honeynets.  Take a look at http://stats.dnsbl.com/ for
DNSBL stats and reviews.

My greylisting time is increased for hits in DNSBLs and whitelisted
for DNSWLs.  I bumped up the SpamAssassin score on trusted DNSBLs
rather than rejecting mail outright due to not fully trusting DNSBLs.

Spamcop/Senderbase is GREAT.  I regularly scrape their top offending
/24 blocks to add to milter-greylist for extra delays in hopes that it
delays spam long enough to get reported (this helps fight growing
botnets and the like).

I've attached my update/install script, which should be very portable,
though it might require GNU sed, and systems with non-fully
POSIX-compliant /bin/sh should run it with /bin/bash (it works with
ash/dash but possibly not with jsh (Solaris /bin/sh)).  It's extremely
user-friendly and well documented, even if my code is a bit dense.

I have a similar non-updating rule defined in SpamAssassin, which
seems to verify that this helps a lot.

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.