Milter-greylist

At the moment the DNSRBL syntax is something like:

   dnsrbl "BLAH" dnsbl.blah.blah 127.0.0.2

It would be useful to extend the syntax to allow zero or more dotted 
quad addresses.

e.g. To greylist any IP address which has a corresponding "A" record in 
an RBL:

   dnsrbl "ALL BLAH" combined.blah.blah

Also useful would be repeating dotted quad addresses to match (implicit 
"or"):

   dnsrbl "SOME BLAH" combined.blah.blah 127.0.0.2 127.0.0.5 127.0.0.10

This would come in useful for greylisting countries by (for example) 
querying zz.countries.nerd.dk and listing the returned addresses you 
wish to match.

Cheers,

Phil

What DNSRBL settings do you recommend ? (What servers are most trustable).

Regards,
Blizbor

Phil Randal wrote:

> At the moment the DNSRBL syntax is something like:
>
>    dnsrbl "BLAH" dnsbl.blah.blah 127.0.0.2
>
>

Tomasz Baranowski wrote:
> 
> 
> What DNSRBL settings do you recommend ? (What servers are most trustable).
> 
> Regards,
> Blizbor

The most reliable dnsrbl I've seen is zen.spamhaus.org (
http://www.spamhaus.org/zen/index.lasso ).  Very few apparent false
positives (I've checked this against over 220,000 emails).  It's good
enough to be used to block at the MTA level.

But, for greylisting, it doesn't matter that much if there are a few
"bad" entries, the only effect is for emails to be delayed by 15 minutes
(if you set short greylist periods).

Others I'm happy to greylist with are:

dul.dnsbl.sorbs.net - Dynamic IP Address ranges (NOT a Dial Up list!)

bl.spamcop.net

combined.njabl.org (127.0.0.3)

psbl.surriel.com

None of these lists had more than 350 false positive emails in my sample 
of 220,000.


Cheers,

Phil

Tomasz Baranowski wrote:
> 
> 
> What DNSRBL settings do you recommend ? (What servers are most trustable).
> 
> Regards,
> Blizbor

The most reliable dnsrbl I've seen is zen.spamhaus.org ( 
http://www.spamhaus.org/zen/index.lasso ).  Very few apparent false 
positives (I've checked this against over 220,000 emails).  It's good 
enough to be used to block at the MTA level.  zen.spamhaus.org includes 
cbl.abuseat.org, which is also good enough to use at MTA level.

But, for greylisting, it doesn't matter that much if there are a few 
"bad" entries, the only effect is for emails to be delayed by 15 minutes 
(if you set short greylist periods).

Others I'm happy to greylist with are:

dul.dnsbl.sorbs.net - Dynamic IP Address ranges (NOT a Dial Up list!)

bl.spamcop.net

psbl.surriel.com

combined.njabl.org (127.0.0.3)

Country-specific greylisting by using the lists from countries.nerd.dk 
might also be worthwhile.  99.99% (or more) of the emails we receive 
which originate in China are spam, for example.

Cheers,

Phil

Tere.
>
> Others I'm happy to greylist with are:
>
> dul.dnsbl.sorbs.net - Dynamic IP Address ranges (NOT a Dial Up list!)
>
> bl.spamcop.net
>
> psbl.surriel.com
>
> combined.njabl.org (127.0.0.3)
>
> Country-specific greylisting by using the lists from countries.nerd.dk 
> might also be worthwhile.  99.99% (or more) of the emails we receive 
> which originate in China are spam, for example.
>
>   
I use also no-more-funn.moensted.dk and sbl-xbl.spamhaus.org but only in 
sendmail, not with greylist, as this keeps channel more free and 
greylist can deal only with these, who pass the RBL check.


-- 
Mart

Mart Pirita wrote:
> 
> 
> Tere.
>  >
>  > Others I'm happy to greylist with are:
>  >
>  > dul.dnsbl.sorbs.net - Dynamic IP Address ranges (NOT a Dial Up list!)
>  >
>  > bl.spamcop.net
>  >
>  > psbl.surriel.com
>  >
>  > combined.njabl.org (127.0.0.3)
>  >
>  > Country-specific greylisting by using the lists from countries.nerd.dk
>  > might also be worthwhile. 99.99% (or more) of the emails we receive
>  > which originate in China are spam, for example.
>  >
>  >
> I use also no-more-funn.moensted.dk and sbl-xbl.spamhaus.org but only in
> sendmail, not with greylist, as this keeps channel more free and
> greylist can deal only with these, who pass the RBL check.
> 
> -- 
> Mart

sbl-xbl is being superceded by zen.spamhaus.org 
(http://www.spamhaus.org/zen/index.lasso).  In my experience it is 
accurate enough to be used at the MTA level (as is cbl.abuseat.org, 
which is incorporated in xbl and zen).  And the muliplicity of returned 
"A" records underlines the reason for my original enhancement request.

How accurate is no-more-funn?

Phil

Tere.
>
> sbl-xbl is being superceded by zen.spamhaus.org 
> (http://www.spamhaus.org/zen/index.lasso).  In my experience it is 
> accurate enough to be used at the MTA level (as is cbl.abuseat.org, 
> which is incorporated in xbl and zen).  And the muliplicity of returned 
> "A" records underlines the reason for my original enhancement request.
>
> How accurate is no-more-funn?
>
>   
Hmm, to define the meaning of RBL -s accurate?

-- 
Mart