RE: [Declude.JunkMail] OSRELAY question.

[Colbeck, Andrew]

Until a few days ago, I was using SORBSALL, but on checking out their home
page, I found that it had grown quite a lot since I started using it.

Since JunkMail will only incur the lookup once, I suggest that if you're
using SORBS that you break it up into all the little tests to query the same
rbl, and set your weights accordingly.  I found that a) this is much more
flexible and b) much more effective, very spammy sources are listed under
multiple categories.

Check out the bottom of the page for the description and usage of the
individual tests and return codes, then set your weights and actions as you
see fit:

http://www.dnsbl.sorbs.net/using.html

Andrew 8)


#               This is an automatically maintained list generated by spamtraps whose 
messages
#               are then tested by a community maintained script at 
http://sourceforge.net/projects/sorbs/
#               For the all-in info, see the home page at http://www.dnsbl.sorbs.net/
#SORBSALL       ip4r    dnsbl.sorbs.net                 *               7       0

#open web proxy servers
SORBS-HTTP      ip4r    dnsbl.sorbs.net                 127.0.0.2       7       0

#open socks proxy servers
SORBS-SOCKS     ip4r    dnsbl.sorbs.net                 127.0.0.3       7       0

#open proxies that are neither web nor socks
SORBS-MISC      ip4r    dnsbl.sorbs.net                 127.0.0.4       7       0

#open smtp relay servers
SORBS-SMTP      ip4r    dnsbl.sorbs.net                 127.0.0.5       7       0

#hosts that send spam and netblocks of providers that support spammers
SORBS-SPAM      ip4r    dnsbl.sorbs.net                 127.0.0.6       7       0

#hosts that have spammer abused vulnerabilites, e.g. formmail script
SORBS-WEB       ip4r    dnsbl.sorbs.net                 127.0.0.7       7       0

#hosts that demand that they are never to be scanned by SORBS
SORBS-BLOCK     ip4r    dnsbl.sorbs.net                 127.0.0.8       3       0

#hosts that are in a netblock hijacked from someone else
SORBS-ZOMBIE    ip4r    dnsbl.sorbs.net                 127.0.0.9       7       0

#hosts that are in a dynamic IP range at their ISP
#this one gets us in trouble because our HOP settings usually catch the workstation
#as it sends to its own ISPs mail server, and we can't differentiate between a server
#that sends the mail and the workstation...
#SORBS-DUL      ip4r    dnsbl.sorbs.net                 127.0.0.10      3       0

#hosts that have badly configured DNS, e.g. private IP addresses or broadcasts
SORBS-BADCONF   rhsbl    dnsbl.sorbs.net                127.0.0.11      3       0

#domains where the correct admin has stated that mailfrom should never be from this 
domain
#eg corp.supernews.com and news.supernews.net
SORBS-NOMAIL    rhsbl    dnsbl.sorbs.net                127.0.0.12      1       0