Some pre-written ACLs for SORBS, NJABL, and Spamhaus, and all their sub-lists.
2006-11-03 by Matt Kettler
I compiled a quick list of MANY RBL acls that folks might find useful. I don't really think anyone will, or should, use all of these, but I wanted to be fairly comprehensive. I made these as adaptations from several of the RBL rules included in SpamAssassin. I make no suggestions about the relative accuracy or usability of these rules, but there here for folks to use. As such, I used 1hr delay, without regard for how good or bad I personally think the list is. Do your own research. (SpamAssassin's STATISTICS-set3.txt might be a good source of useful data, but it's not entirely applicable as SA checks all the Received: headers, not just the currently connected host) That said, perhaps we should have a place to compile a master list folks can copy-paste from. There are several that have been posted on the list already. It should also be noted that milter-greylist will make one query per ACL. If you're using a local caching DNS (highly recommended for any mailserver), the subsequent lookups should be cached and only the first one will do an expensive network lookup. If you're locally hosting any of these RBLs, then those queries should be all as fast as a cached query. Regardless, the more you use, the more overhead you'll have. If you're not hosting locally, but do have at least a caching DNS it's much cheaper to add more queries from the same list than to add ones from other lists. Choose carefully, and don't just use them all to start with. ################ # nlabl lists ################ #open relays dnsrbl "NJABL-RELAY" combined.njabl.org 127.0.0.2 acl greylist dnsrbl "NJABL-RELAY" delay 1h #dynamic IPs dnsrbl "NJABL-DYNABLOCK" combined.njabl.org 127.0.0.3 acl greylist dnsrbl "NJABL-DYNABLOCK" delay 1h #source of spam dnsrbl "NJABL-SPAMSRC" combined.njabl.org 127.0.0.4 acl greylist dnsrbl "NJABL-SPAMSRC" delay 1h #relay which accepts feeds from another server which is open dnsrbl "NJABL-RELAY-MULTI" combined.njabl.org 127.0.0.5 acl greylist dnsrbl "NJABL-RELAY-MULTI" delay 1h #note - 127.0.0.6 exists, but it's unwise to use unless you're being aggressive #listing criteria is strictly based on "odd" server behavior #open formmail and similar CGI issues dnsrbl "NJABL-CGI" combined.njabl.org 127.0.0.8 acl greylist dnsrbl "NJABL-CGI" delay 1h #open proxies #note: redundant with XBL from spamhaus dnsrbl "NJABL-PROXY" combined.njabl.org 127.0.0.9 acl greylist dnsrbl "NJABL-PROXY" delay 1h ################ # Spamhaus lists ################ dnsrbl "SPAMHAUS SBL" sbl-xbl.spamhaus.org 127.0.0.2 acl greylist dnsrbl "SPAMHAUS SBL" delay 1h dnsrbl "SPAMHAUS XBL CBL" sbl-xbl.spamhaus.org 127.0.0.4 acl greylist dnsrbl "SPAMHAUS XBL CBL" delay 1h dnsrbl "SPAMHAUS XBL NJABL" sbl-xbl.spamhaus.org 127.0.0.5 acl greylist dnsrbl "SPAMHAUS XBL NJABL" delay 1h #note: code 6 seems unused now, but I'm including for completeness dnsrbl "SPAMHAUS XBL OTHER" sbl-xbl.spamhaus.org 127.0.0.6 acl greylist dnsrbl "SPAMHAUS XBL OTHER" delay 1h ################ # Sorbs lists ################ #open http proxy dnsrbl "SORBS-HTTP" dnsbl.sorbs.net 127.0.0.2 acl greylist dnsrbl "SORBS-HTTP" delay 1h #open socks proxy dnsrbl "SORBS-SOCKS" dnsbl.sorbs.net 127.0.0.3 acl greylist dnsrbl "SORBS-SOCKS" delay 1h #open misc other proxy dnsrbl "SORBS-MISC" dnsbl.sorbs.net 127.0.0.4 acl greylist dnsrbl "SORBS-MISC" delay 1h #open relays dnsrbl "SORBS-SMTP" dnsbl.sorbs.net 127.0.0.5 acl greylist dnsrbl "SORBS-SMTP" delay 1h # spam source dnsrbl "SORBS-SPAM" dnsbl.sorbs.net 127.0.0.6 acl greylist dnsrbl "SORBS-SPAM" delay 1h dnsrbl "SORBS-WEB" dnsbl.sorbs.net 127.0.0.7 acl greylist dnsrbl "SORBS-WEB" delay 1h #sites which have requested SORBs not test their servers dnsrbl "SORBS-BLOCK" dnsbl.sorbs.net 127.0.0.8 acl greylist dnsrbl "SORBS-BLOCK" delay 1h #hijacked network dnsrbl "SORBS-ZOMBIE" dnsbl.sorbs.net 127.0.0.9 acl greylist dnsrbl "SORBS-ZOMBIE" delay 1h #dialup dnsrbl "SORBS-DUL" dnsbl.sorbs.net 127.0.0.10 acl greylist dnsrbl "SORBS-DUL" delay 1h