[SLL] Best list of RBLs?

[Ken Meyer]

Well, I use Comcast for broadband speed, much as I loath the company.  But I
maintain a mail account at Blarg, which has saved me the grief of
transitions from @home to ATTBI to Comcast.

However, some folks block Comcast addresses.  I think that is overkill,
given that so many people are pretty much forced to use Comcast to get any
bandwidth at all (I get 1.3 Mbps consistently, even though they boast 3, or
is it 4 now), and it seems to me that there are less draconian, brute force
means of reducing your spam incoming.

Be that as it may, I do relay through Blarg on the outbound, in order to
avoid the black lists.  I only check the box saying to use the same
authentication as is required for the POP/IMAP access.  I would be very
unhappy if Blarg just flat prohibited that sort of use as there are folks
that I just might not be able to contact.

I do use outbound filtering.

While I'm at it, I will rant a bit about list servers that will shut you
down if they see more than 4 or 6 or so CC's on a mail.  When I'm sending
out meeting notices for GSLUG or some other group, that is highly
annoying -- and also totally ineffective.  With extra effort, I can send the
mail one address at a time, and certainly the spammers can automate that
process as well.  In fact, I have talked to the Webmistress for the Seattle
Community College District, and that is what they do when sending a mass
e-mailing to students.

Ken Meyer


-----Original Message-----

From: linux-list-bounces at ssc.com [mailto:linux-list-bounces at ssc.com]On
Behalf Of Glenn Stone
Sent: Friday, May 13, 2005 4:53 PM
To: linux-list at ssc.com

Subject: Re: [SLL] Best list of RBLs?

On Fri, May 13, 2005 at 04:28:06PM -0700, John W. Baxter wrote:
>On 5/13/05 2:51 PM, "Chuck Wolber" <chuckw at quantumlinux.com> wrote:
>
>>> I need to update the RBL list at a local ISP. In looking around the web,
>>> I find that there are something on the order of 200 such lists. It seems
>>> unreasonable to check them all, so which are the most common RBLs in
>>> use? Pointers to where to look are fine.
>>
>> We use the Spamhaus RBL and have only had good things happen with it.
>
>Well, the time they listed the class C which includes the Northwest
>Realtors' organization's machine was a little annoying here.  We keep a
>MySQL database of exemptions (to both Spamhaus and our local block
>database).
>
>Sober N (or whatever your favorite anti-virus entity calls it) beefed up
our
>local block list by a factor of four.  :-(

I don't tend to block virus IP's longterm, because eventually the Windows
user in question will either clean up his act or get blown off the net.
OTOH, if I get consistent virus-based spam from a given ISP's CIDR range,
I'll block the whole thing by DNS lookup and reject with "550 Use your ISP's
email server".  (This is one of those places where realtime egress
firewalling makes sense... and I'm with Bill on this one.  ISP policy should
be no port 25 outbound *unless the user asks*, and swears on pain of instant
termination with prejudice that he's not going to spam.  Besides, even I
smart-host my home machines... it just so happens that the smart-host is one
I own, else-net. :)

Given Bayesian filtering and such like, I'm far more likely to block on
statistics rather than a single occurrence of spam...

-- Glenn