Mailing List SIMS@mail.stalker.com Message #11934
From: Bill Cole <listbill@scconsult.com>
Subject: Re: Hello? Are These RBLs Working?
Date: Sat, 19 Oct 2002 11:58:26 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
At 6:02 PM -1000 10/18/02, Carl Holmberg  imposed structure on a stream of electrons, yielding:
All,

I may have gone overboard with my RBL list with my copy of SIMS 1.8b8. I have ten or so listed (see below) and check the logs almost daily to see how things are going. You'll note that 'bl.spamcom.net' is at the top of the rbl list.

I haven't performed a rigorous grep of the logs yet, but over the last few months I don't recall seeing mention of any rbl but 'spamcop' accompanying the "SPAM?" rejections. Could it really be that Spamcop happens to cover all of the spam attempts such that the other rbl's don't get exercised (presuming there's an if-then-elseif logic thru my rbl list), or are the other lists really that conservative that they've never seen an ip they didn't like?

I can only speak to some of these...


Carl

rbls:
bl.spamcop.net

I avoid it because it has far too high a false-positive level. Has been known to repeatedly list addresses that I personally know to only send strictly confirmed subscription mailing lists. The docs for it say very clearly that is shouldn't be used on a production mail server and that's excellent advice.

However, its extremely hair-trigger, and so will list new spam sources very fast (usually within hours of the spam starting.) Unfortunately, some spammers are  immune to it because the way they send mail results in SpamCop mis-parsing what address to list.

sbl.spamhaus.org

regular hits here.


relays.visi.com

I get a lot of hits with them.


relays.ordb.org

I don't use it, although I know people who swear by it.

opm.blitzed.org

It's a rare day when I don't have a dozen hits on this one.

list.dsbl.org
multihop.dsbl.org

Deeply flawed methodology. I don't know of anyone using them who is willing to vouch for their usefulness, and there's appreciable risk in their manner of automation of major sites being listed.


relays.osirusoft.com

A bit redundant. Includes SpamHaus as well as others. Should catch a bunch, especially because it includes SPEWS.


dialups.relays.osirusoft.com

Very redundant. This list is completely included in the parent list.

formmail.relays.monkeys.com

Consider this carefully, although it is likely to block a noticeable amount of spam AND valid mail. Ron has really lost it with how he is managing this list, and as a result it is now made up of IP addresses that have at some time had insecure formmail scripts.




...and associated blacklisted ips:
127.0.0.2
127.0.0.3
127.0.0.4
127.0.0.6
127.0.0.7
127.0.0.8
127.0.0.9

that should make you use all of relays.osirusoft.com, which may be harsher than you really want.
--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster