advice on black lists use

Hello All,

Below is a list ob black lists I'm using with main.cf
config.

smtpd_recipient_restrictions =
.
.
.
            reject_rbl_client zombie.dnsbl.sorbs.net,
            reject_rbl_client relays.ordb.org,
            reject_rbl_client safe.dnsbl.sorbs.net,
            reject_rbl_client list.dsbl.org,
            reject_rbl_client sbl.spamhaus.org,
.
.
.

In the weekly logs I can see that the safe.dnsbl.sorbs.net
is the hitter of
the week (or may be it's just logically right cause it's
before 2 latter): 
blocked using safe.dnsbl.sorbs.net (total: 9051)   
blocked using list.dsbl.org (total: 131)
blocked using sbl.spamhaus.org (total: 18)

No entries for zombie.dnsbl.sorbs.net and relays.ordb.org at
all.


I need an advice from powerusers on what bl's are better to
use and in what
order.



Best Regards,
Leon Kolchinsky





------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys -
and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

Leon Kolchinsky wrote:
> No entries for zombie.dnsbl.sorbs.net and
relays.ordb.org at all.
>   
FYI:

http://www.ordb.org/n
ews/?id=38

ORDB.org is shutting down

2006-12-18 11:34
We regret to inform you that ORDB.org, at the ripe age of
five and a
half, is shutting down. It's been a case of a long goodbye
as very
little work has gone into maintaining ORDB for a while. Our
volunteer
staff has been pre-occupied with other aspects of their
lives. In
addition, the general consensus within the team is that open
relay RBLs
are no longer the most effective way of preventing spam from
entering
your network as spammers have changed tactics in recent
years, as have
the anti-spam community.

We encourage system owners to remove ORDB checks from their
mailers
immediately and start investigating alternative methods of
spam
filtering. We recommend a combination involving greylisting
and
content-based analysis (such as the dspam project, bmf or
Spam Assassin).

DNS and the mailing lists will vanish today, December 18,
2006.

This website will vanish by December 31, 2006.



------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys -
and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

On Sat, Dec 23, 2006 at 06:10:12PM +0200, Leon Kolchinsky
wrote:
> Hello All,
> 
> Below is a list ob black lists I'm using with main.cf
config.
> 
> smtpd_recipient_restrictions =
> .
> .
> .
>             reject_rbl_client zombie.dnsbl.sorbs.net,
>             reject_rbl_client relays.ordb.org,
>             reject_rbl_client safe.dnsbl.sorbs.net,
>             reject_rbl_client list.dsbl.org,
>             reject_rbl_client sbl.spamhaus.org,
> 
> In the weekly logs I can see that the
safe.dnsbl.sorbs.net is the hitter of
> the week (or may be it's just logically right cause
it's before 2 latter): 
> blocked using safe.dnsbl.sorbs.net (total: 9051)   
> blocked using list.dsbl.org (total: 131)
> blocked using sbl.spamhaus.org (total: 18)
> 
> No entries for zombie.dnsbl.sorbs.net and
relays.ordb.org at all.

  ORDB has just shut down in the last week (and was little
active
before that.)  See their web page for more info:
  http://www.ordb.org/n
ews/?id=38

  Anyone using ORDB would do well to remove the references
ASAP.

  I have unfortunately found SORBS to be often inaccurate,
with little
interest in correcting wrong listings in any of their
categories. 
(E.g. I've seen cases of dedicated UNIX mailservers
mislisted as
Windows zombies, static IP space with mailservers mislisted
as dynamic,
etc.) There's good intent behind it, but it's understaffed
and it seems
as though some of the volunteers have a bad attitude about
correcting
mistakes.  If you still want to use it, be prepare to do
some
whitelisting on occasion.

  The Spamhaus SBL is a good choice.  The CBL (read the web
page at
http://cbl.abuseat.org/)
and NJABL (see page at http://www.njabl.org/)
are also excellent choices.  I believe the maintainers of
all these to
be extremely conscientious.  You can query all of these
together (one
config line, one DNS lookup!) via the Spamhaus SBL-XBL zone,
queried as
sbl-xbl.spamhaus.org.  More info on this combined list at
http://www.sp
amhaus.org/xbl/index.lasso

  NJABL also has a dynamic IP space list (DUL) via
dynablock.njabl.org.
I don't have a good feel for how accurate that is.
 
> I need an advice from powerusers on what bl's are
better to use and in what
> order.

  Order isn't really so important, in that for good mail
you'll end up
having to query all of them.  I'd try querying the SBL-XBL
zone first,
then others.  I have not put any time lately into checking
which order
is best.

  -- Clifton

-- 
    Clifton Royston  --  cliftonriandicomputing.com /
cliftonrlava.net
       President  - I and I Computing * http://www.iandicomput
ing.com/
 Custom programming, network design, systems and network
consulting services

------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys -
and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

On Sat, Dec 23, 2006 at 06:10:12PM +0200, Leon Kolchinsky
wrote:
> Hello All,
> 
> Below is a list ob black lists I'm using with main.cf
config.
> 
> smtpd_recipient_restrictions =
>             reject_rbl_client zombie.dnsbl.sorbs.net,
>             reject_rbl_client relays.ordb.org,
>             reject_rbl_client safe.dnsbl.sorbs.net,
>             reject_rbl_client list.dsbl.org,
>             reject_rbl_client sbl.spamhaus.org,
>
> In the weekly logs I can see that the
safe.dnsbl.sorbs.net is the hitter of
> the week (or may be it's just logically right cause
it's before 2 latter): 
> blocked using safe.dnsbl.sorbs.net (total: 9051)   
> blocked using list.dsbl.org (total: 131)
> blocked using sbl.spamhaus.org (total: 18)
> 
> No entries for zombie.dnsbl.sorbs.net and
relays.ordb.org at all.
> 
> 
> I need an advice from powerusers on what bl's are
better to use and in what
> order.

As usual, I would recommend using policyd-weight. You don't
depend on some
single lists decision then.

Cheers,
Henrik

------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys -
and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

> -----Original Message-----
> From: Clifton Royston [mailto:cliftonrlava.net]
> Sent: Saturday, December 23, 2006 9:08 PM
> To: Leon Kolchinsky
> Cc: amavis-userlists.sourceforge.net
> Subject: Re: [AMaViS-user] advice on black lists use
> 
> On Sat, Dec 23, 2006 at 06:10:12PM +0200, Leon
Kolchinsky wrote:
> > Hello All,
> >
> > Below is a list ob black lists I'm using with
main.cf config.
> >
> > smtpd_recipient_restrictions =
> > .
> > .
> > .
> >             reject_rbl_client
zombie.dnsbl.sorbs.net,
> >             reject_rbl_client relays.ordb.org,
> >             reject_rbl_client
safe.dnsbl.sorbs.net,
> >             reject_rbl_client list.dsbl.org,
> >             reject_rbl_client sbl.spamhaus.org,
> >
> > In the weekly logs I can see that the
safe.dnsbl.sorbs.net is the hitter
> of
> > the week (or may be it's just logically right
cause it's before 2
> latter):
> > blocked using safe.dnsbl.sorbs.net (total: 9051)
> > blocked using list.dsbl.org (total: 131)
> > blocked using sbl.spamhaus.org (total: 18)
> >
> > No entries for zombie.dnsbl.sorbs.net and
relays.ordb.org at all.
> 
>   ORDB has just shut down in the last week (and was
little active
> before that.)  See their web page for more info:
>   http://www.ordb.org/n
ews/?id=38
> 
>   Anyone using ORDB would do well to remove the
references ASAP.
> 
>   I have unfortunately found SORBS to be often
inaccurate, with little
> interest in correcting wrong listings in any of their
categories.
> (E.g. I've seen cases of dedicated UNIX mailservers
mislisted as
> Windows zombies, static IP space with mailservers
mislisted as dynamic,
> etc.) There's good intent behind it, but it's
understaffed and it seems
> as though some of the volunteers have a bad attitude
about correcting
> mistakes.  If you still want to use it, be prepare to
do some
> whitelisting on occasion.
> 
>   The Spamhaus SBL is a good choice.  The CBL (read the
web page at
> http://cbl.abuseat.org/)
and NJABL (see page at http://www.njabl.org/)
> are also excellent choices.  I believe the maintainers
of all these to
> be extremely conscientious.  You can query all of these
together (one
> config line, one DNS lookup!) via the Spamhaus SBL-XBL
zone, queried as
> sbl-xbl.spamhaus.org.  More info on this combined list
at
> http://www.sp
amhaus.org/xbl/index.lasso
> 
>   NJABL also has a dynamic IP space list (DUL) via
dynablock.njabl.org.
> I don't have a good feel for how accurate that is.
> 
> > I need an advice from powerusers on what bl's are
better to use and in
> what
> > order.
> 
>   Order isn't really so important, in that for good
mail you'll end up
> having to query all of them.  I'd try querying the
SBL-XBL zone first,
> then others.  I have not put any time lately into
checking which order
> is best.
> 

OK.
Thanks for the info.
I've also googled a little and found that:

Here the lists I've read about and some explanations on
"why should I use
them". 
The following bl's would be recommended that doesn’t enlist
half of the
Internet (for instance all dialups in the world) in one
overnight - 

1) sbl-xbl.spamhaus.org
2) safe.dnsbl.sorbs.net
3) list.dsbl.org
4) cbl.abuseat.org - 
XBL has some delay until updates are propagated from CBL, so
querying XBL
first and then CBL gives you two advantages:
* You profit from the high reliability and low response
times of Spamhaus'
DNS setup
* After SBL-XBL filtered out the bulk, CBL can kick in to
"catch the rest",
ie those not yet propagated from CBL to XBL.
5) dnsbl.njabl.org - 
as stated here " http://
www.spamhaus.org/xbl/index.lasso" Mail servers
already using dnsbl.njabl.org are advised to continue doing
so, as
dnsbl.njabl.org is itself a composite list and contains more
than the open
proxy IPs list part now incorporated in XBL

What about those 4 lists? Anyone have any experience with
them?:
        blackholes.easynet.nl 
        will-spam-for-food.eu.org
	  zen.spamhaus.org
	  zombie.dnsbl.sorbs.net




P.S.:
Policyd-weight indeed sounds very interesting, as Henrik
stated.
Any usage experience?
Configuration tips?




>   -- Clifton
> 
> --
>     Clifton Royston  --  cliftonriandicomputing.com /
cliftonrlava.net
>        President  - I and I Computing * http://www.iandicomput
ing.com/
>  Custom programming, network design, systems and
network consulting
> services


Regards,
Leon



------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys -
and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

I'd also like information on lists I can use - however, in
my case
they can be less than perfectly 'safe' lists, as rather than
outright
reject a message because it's listed, I use maRBL to
greylist anything
that gets a hit on an RBL. If they are mislisted, they will
come back
and be let in, but if they are a spammer, they usually don't
come
back.

With that in mind, what other RBLs are out there that I
might use? Is
there a compilation somewhere? Currently, I use:

    rbls => [
            'sbl-xbl.spamhaus.org',
            'list.dsbl.org',
            'spamsources.fabel.dk',
            'dnsbl.ahbl.org',
            'dnsbl.njabl.org',
            'dul.dnsbl.sorbs.net'
        ],

-ste

------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys -
and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/