Mailing List SIMS@mail.stalker.com Message #15359
From: Bill Cole <listbill@scconsult.com>
Subject: Re: RBL to Use
Date: Fri, 20 Oct 2006 09:48:37 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
At 9:07 AM -0400 10/20/06, Roger Moffat  imposed structure on a stream of electrons, yielding:
Hi List

Well after 6-7 years of using SIMS without any kind of Spam filtering on incoming messages I've decided I want to try and set this up.

I have a "small" setup - 14 addresses at 1 domain - with less than 10 of them actively used, but the signal to noise ratio is now very very low - in excess of 90% (perhaps even 95%) of the messages are spam.

The SIMS help manual says "Consult with your provider about the best RBL server available".

<PEDANTRY>
RBL is a trademark of Trend Micro, who bought the remnants and intellectual property of the old MAPS operation last year. The RBL (for "Realtime Blackhole List") was the first such list to use DNS for queries from mail servers. The more correct generic term is "DNSBL" which refers to the whole range of hundreds of address lists queriable in the same manner as the old RBL. The RBL itself is still available if you pay Trend Micro for access.
</PEDANTRY>

Is there one or two "best" blacklists I should enter into the appropriate place in SIMS?

The best single list for coverage and lack of collateral damage is the Spamhaus combined SBL+XBL. See http://www.spamhaus.org/sbl/howtouse.html for details. The head of Spamhaus, Steve Linford, has been a SIMS user and was a member of this list for many years and may still be reading here. I doubt that anyone still using SIMS has enough mail flow to make the paid data feed of the SBL+XBL necessary, and you should have no problem using it via DNS queries.

You should note that in order to use any DNSBL you need to have the addresses that it returns (e.g. 127.0.0.2-127.0.0.6 for the SBL+XBL) in your SIMS IP address blacklist.

What are others using for this?

I use the Spamhaus list, a list of Korean ranges documented at http://korea.services.net/ and a list described at http://www.sectoor.de/tor.php that lists TOR  nodes that allow spamming use. I also use a very severe local blacklist implemented as a DNSBL because it is far too large for the SIMS blacklist and because it is helping my glacially slow migration off of SIMS.

What lists you use has to be dependent on your own specific needs. The Korean and TOR lists might not be suitable for you. If you deal with hardcore spammers or people who have zombied machines, even the SBL+XBL list might be problematic, and if you have Windows users submitting outbound mail directly to you, you probably will want to protect them from SBL+XBL checks by having them use authentication or adding their IP's to the client list.



--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster