[SLL] Best list of RBLs?
Glenn Stone
technoshaman at liawol.org
Fri May 13 16:52:53 PDT 2005
On Fri, May 13, 2005 at 04:28:06PM -0700, John W. Baxter wrote:
>On 5/13/05 2:51 PM, "Chuck Wolber" <chuckw at quantumlinux.com> wrote:
>
>>> I need to update the RBL list at a local ISP. In looking around the web,
>>> I find that there are something on the order of 200 such lists. It seems
>>> unreasonable to check them all, so which are the most common RBLs in
>>> use? Pointers to where to look are fine.
>>
>> We use the Spamhaus RBL and have only had good things happen with it.
>
>Well, the time they listed the class C which includes the Northwest
>Realtors' organization's machine was a little annoying here. We keep a
>MySQL database of exemptions (to both Spamhaus and our local block
>database).
>
>Sober N (or whatever your favorite anti-virus entity calls it) beefed up our
>local block list by a factor of four. :-(
I don't tend to block virus IP's longterm, because eventually the Windows
user in question will either clean up his act or get blown off the net.
OTOH, if I get consistent virus-based spam from a given ISP's CIDR range,
I'll block the whole thing by DNS lookup and reject with "550 Use your ISP's
email server". (This is one of those places where realtime egress
firewalling makes sense... and I'm with Bill on this one. ISP policy should
be no port 25 outbound *unless the user asks*, and swears on pain of instant
termination with prejudice that he's not going to spam. Besides, even I
smart-host my home machines... it just so happens that the smart-host is one
I own, else-net. :)
Given Bayesian filtering and such like, I'm far more likely to block on
statistics rather than a single occurrence of spam...
-- Glenn
More information about the linux-list
mailing list