Milter-greylist

Hello,

is there a list of DNSRBLs which can be used with "milter-greylist?

	Kind regards
	
-- 
Matthias Scheler                                  http://zhadum.org.uk/

Matthias Scheler <tron@...> wrote:

> is there a list of DNSRBLs which can be used with "milter-greylist?

I use SORBS DUHL (dynamic pools) and Spamhaus SBL/XBL


-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Matthias Scheler wrote:
> 	Hello,
> 
> is there a list of DNSRBLs which can be used with "milter-greylist?
> 


Can be used? ANY normal RDNS-style IP based RBL can be used.

Which is pretty much every RBL except the few domain-name based ones (also
called RHSBLs) like fulldom.rfc-ignorant.org, rhsbl.ahbl.org, and
blackhole.securitysage.com.

ie: sorbs, spamhaus, njabl, dsbl, maps, ordb, spews, five-ten, etc will all work
just fine.

Matt Kettler <mkettler@...> wrote:

> Which is pretty much every RBL except the few domain-name based ones (also
> called RHSBLs) like fulldom.rfc-ignorant.org, rhsbl.ahbl.org, and
> blackhole.securitysage.com.

Mmmm... Maybe we should have support for them, but what can we gain
here? ANy idea?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

manu@... wrote:
> Matt Kettler <mkettler@...> wrote:
> 
>> Which is pretty much every RBL except the few domain-name based ones (also
>> called RHSBLs) like fulldom.rfc-ignorant.org, rhsbl.ahbl.org, and
>> blackhole.securitysage.com.
> 
> Mmmm... Maybe we should have support for them, but what can we gain
> here? ANy idea?
> 

Not much.. the DNSRBLs in general perform better.

That said, if you wanted to support these you'd basically want to extract the
domain from the envelope FROM and pass that.


All three of those RHSBLs are supported in my SpamAssassin install and their
hit-rate isn't all that great compared to the DNSBLs SA supports (Sorbs, njabl,
spamcop, spamhaus, completewhois and dsbl)

Out of 23,630 messages scanned by SA last week:
	3,252 matched ahbl.org
	2,185 matched a rfc-ignorant.org list (5 supported)
	   44 matched securitysage.com
	5,397 matched any of the above 3 RHSBLs
	9,144 matched any of the normal DNSBLs SA supports.
	3,722 matched spamcop DNSRBL
	3,285 matched spamhaus SBL
	2,662 matched spamhaus XBL
	2,225 matched no DNSBLs and at least 1 RHSBL.
	  932 matched no DNSBLs and did match ahbl.org

Of course, all of this happens after my milter-greylist config, so my numbers
are biased a bit, but not by much as I'm not using RBLs in milter-greylist yet
and I don't greylist everything.

I also have a LOT of FP's from the RFCI lists. Since their point is to list
anyone not fully supporting all the RFC required contacts/whois/etc a lot of
major ISPs are listed (including yahoogroups.com, which is listed in the abuse
list, and yahoo.com which is listed in abuse, postmaster, and whois lists.)

So, really you'd be adding it just to support ahbl. rfc-ignorant.org is probably
way too FP prone for most folks, and securitysage doesn't hit often enough to
matter.

So assuming that, only 932 messages were matched by AHBL that were not also hit
by one of the SA supported DNSBLs.

That's a lot of work for only a little extra spam caught.

Just my 2 cents.

On Mon, 2006-10-16 at 00:08 +0200, manu@... wrote:
> Matthias Scheler <tron@...> wrote:
> 
> > is there a list of DNSRBLs which can be used with "milter-greylist?
> 
> I use SORBS DUHL (dynamic pools) and Spamhaus SBL/XBL

What about a DNSRBL for greylist's whitelist?
I mean, those known systems that are unable to pass greylist without
manualling ading them to whitelist?
(e.g. Novell servers).


Raul Dias

Raul Dias wrote:
> On Mon, 2006-10-16 at 00:08 +0200, manu@... wrote:
>> Matthias Scheler <tron@...> wrote:
>>
>>> is there a list of DNSRBLs which can be used with "milter-greylist?
>> I use SORBS DUHL (dynamic pools) and Spamhaus SBL/XBL
> 
> What about a DNSRBL for greylist's whitelist?
> I mean, those known systems that are unable to pass greylist without
> manualling ading them to whitelist?
> (e.g. Novell servers).

I don't see why not. You could easily create your own dnsbl zone, add the
necessary records and have milter-greylist query it with an ACL line that's set
to whitelist.

However, you might be better off using ACLs unless you have a LOT of hosts to
whitelist. There's a lot of work creating a subdomain, adding records, etc. If
you're only going to whitelist 50 or so hosts this is just massive overkill.

On Mon, 2006-10-16 at 15:18 -0400, Matt Kettler wrote:
> Raul Dias wrote:
> > On Mon, 2006-10-16 at 00:08 +0200, manu@... wrote:
> >> Matthias Scheler <tron@...> wrote:
> >>
> >>> is there a list of DNSRBLs which can be used with "milter-greylist?
> >> I use SORBS DUHL (dynamic pools) and Spamhaus SBL/XBL
> > 
> > What about a DNSRBL for greylist's whitelist?
> > I mean, those known systems that are unable to pass greylist without
> > manualling ading them to whitelist?
> > (e.g. Novell servers).
> 
> I don't see why not. You could easily create your own dnsbl zone, add the
> necessary records and have milter-greylist query it with an ACL line that's set
> to whitelist.
> 
> However, you might be better off using ACLs unless you have a LOT of hosts to
> whitelist. There's a lot of work creating a subdomain, adding records, etc. If
> you're only going to whitelist 50 or so hosts this is just massive overkill.
> 
I was thinking more on a community shared DNSGWL (better and correct
name).

Raul Dias