Re: *Slightly OT* DNSBL Opinions.
On Tue, Aug 19, 2008 at 09:27:39PM -0400, Adam C. Mathews wrote: > Presenting using the following blacklists... > > dul.dnsbl.sorbs.net > psbl.surriel.com > zen.spamhaus.org > > > These do a good job for me, but I wanted to look for opinions on a > couple additional ones. Specifically look for false-positive opinions, > adding additional DNS lookups isn't much concern to me. > > The two I am looking at are ... > > hostkarma.junkemailfilter.com > combined.rbl.msrbl.net > The following site gives their own stats for a number of public DNSBL's: http://stats.dnsbl.com/ Might be interesting for comparison. Geert
Re: *Slightly OT* DNSBL Opinions.
* Ralf Hildebrandt <[EMAIL PROTECTED]>: > Exactly. > http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists#Postfix_Examples > this example lacks the usage described further down in "Name Based DNS > Lookup" > >reject_rbl_sender hostkarma.junkemailfilter.com=127.0.0.2 I fixed that now in the aforementioned WIKI -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job What is this "XP pro"? Does this make "XP" unprofessional?
Re: *Slightly OT* DNSBL Opinions.
* Aaron Wolfe <[EMAIL PROTECTED]>: > >> hostkarma.junkemailfilter.com > > Evaluated this one about a year ago. Too many false positives to use > as a block list, Amen, I activated it for 30 Seconds (!) and had 3 FP during that time. That was because I used it incorrectly... > but I do include it as a spamassassin check. Using the list as the > author intends is difficult in postfix without a policy filter, because > the list returns several different values with different meanings. Exactly. http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists#Postfix_Examples this example lacks the usage described further down in "Name Based DNS Lookup" reject_rbl_sender hostkarma.junkemailfilter.com=127.0.0.2 -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job A bus station is where buses stop. A train station is where trains stop. On my desk, there is a workstation...
Re: *Slightly OT* DNSBL Opinions.
Rob McEwen wrote: Stan Hoeppner wrote: That's Rob's list, haha! It's cool to hear folks are using it. He's been plugging it on spam-l for a while. Stan, I really do like you... and I don't want to make an enemy out of you... but there are massive mis-characterizations in that statement above... to a point where I'm offended. (1) Since my original announcement about my lists (about 17 months ago!), I think I've averaged mentioning my lists on SPAM-L about once every two months... all within proper context... and about half of these in response to others bringing it up... and not at all in many, many recent weeks. Seriously, is that "plugging it for a while"? (you make me sound like a slimy used car salesmen and, in the context of what actually happened, I'm a little offended by that!) I'll make this brief as we're way OT for the postfix-users list and then go off list for the rest. I just want my apology to be in public, as it was not at all my intention to portray Rob as a slimy used car salesman! "Plugging" was a very bad word choice. To correct myself: "Rob's list had been mentioned a few times on spam-l in recent months." Again Rob, I'm sorry.
Re: *Slightly OT* DNSBL Opinions.
Aaron Wolfe wrote: I would also take a good look at the 'invaluement antispam rbl', see http://dnsbl.invaluement.com/ This list performs extremely well for us. That's Rob's list, haha! It's cool to hear folks are using it. He's been plugging it on spam-l for a while. I know he's put much hard work into it. He had me test drive his web interface a few weeks ago. He was missing quite a few listings I had so I forwarded him the "usable by others" portion of my block list. I hope he added them as they are all venerable, dedicated, annoying snowshoe spammers. Anyway, glad to hear you're having success with Rob's list.
Re: *Slightly OT* DNSBL Opinions.
On Tue, Aug 19, 2008 at 11:41 PM, Duane Hill <[EMAIL PROTECTED]> wrote: > On Tue, 19 Aug 2008, Adam C. Mathews wrote: > >> Presenting using the following blacklists... >> >> dul.dnsbl.sorbs.net >> psbl.surriel.com >> zen.spamhaus.org >> >> >> These do a good job for me, but I wanted to look for opinions on a >> couple additional ones. Specifically look for false-positive opinions, >> adding additional DNS lookups isn't much concern to me. >> >> The two I am looking at are ... >> >> hostkarma.junkemailfilter.com Evaluated this one about a year ago. Too many false positives to use as a block list, but I do include it as a spamassassin check. Using the list as the author intends is difficult in postfix without a policy filter, because the list returns several different values with different meanings. > > I will give the list developer credit for the fact he/she has done research. > However, the list developer has not provided any evidence as to the results > or validity of using this list (even when asked for). > > Not to mention, I have not found anywhere on the site where it lists any > price for mass-querying or any data feed service for its zone files. We > purchase data feed service for SpamHaus and query an average of close to > four(4) million every 24 hours. > >> combined.rbl.msrbl.net > > Don't know much about this list. Perhaps someone else has feedback. > > -d > I would also take a good look at the 'invaluement antispam rbl', see http://dnsbl.invaluement.com/ This list performs extremely well for us. -Aaron
Re: *Slightly OT* DNSBL Opinions.
* Stan Hoeppner <[EMAIL PROTECTED]>: > Thanks for the pruning tips Ralf. I figured some of those were dead, > just hadn't bothered to do any verification recently. There COULD be something in the logs. It can be dangerous to leave those old entries in, since the DNS servers could return 127.0.0.1 anytime... If the admins are pissed off enough. -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job It is impossible to sharpen a pencil with a blunt axe. It is equally vain to try to do it with ten blunt axes instead. -- E. W. Dijkstra
Re: *Slightly OT* DNSBL Opinions.
Thanks for the pruning tips Ralf. I figured some of those were dead, just hadn't bothered to do any verification recently. Ralf Hildebrandt wrote: * Stan Hoeppner <[EMAIL PROTECTED]>: I highly recommend you sub to spam-l and post your question there also. http://www.claws-and-paws.com/spam-l/spam-l.html FWIW, here's my dnsbl config: reject_rbl_client zen.spamhaus.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client dsn.rfc-ignorant.org, That's wrong. reject_rbl_sender dsn.rfc-ignorant.org reject_rbl_client bl.spamcop.net, reject_rbl_client relays.mail-abuse.org, Dead, Jim reject_rbl_client korea.services.net, reject_rbl_client web.dnsbl.sorbs.net, reject_rbl_client relays.bl.gweep.ca, reject_rbl_client proxy.block.transip.nl, I *think* this one may be dead as well. reject_rbl_client relays.dnsbl.sorbs.net The only 2 that catch anything regularly, for me, are spamhaus and sorbs. The 2nd of these usually only catches stuff when there's a transient lookup failure to zen. The korea one stopped two spam in the last year AFAICT. I may as well remove the others... I have more success today with the standard postfix DNS and hostname checks and an IP block list than with dnsbls. Recent partial pflogsumm output summary: Client host rejected: Access denied (total: 231) cannot find your hostname (total: 97) Helo command rejected: need fully-qualified hostname (total: 37) blocked using zen.spamhaus.org (total: 57) blocked using dul.dnsbl.sorbs.net (total: 4) YMMV. P.S. I'd look into uribl and implementing your own ban list before either of the two dnsbls you mentioned. http://www.uribl.com/ Duane Hill wrote: On Tue, 19 Aug 2008, Adam C. Mathews wrote: Presenting using the following blacklists... dul.dnsbl.sorbs.net psbl.surriel.com zen.spamhaus.org These do a good job for me, but I wanted to look for opinions on a couple additional ones. Specifically look for false-positive opinions, adding additional DNS lookups isn't much concern to me. The two I am looking at are ... hostkarma.junkemailfilter.com I will give the list developer credit for the fact he/she has done research. However, the list developer has not provided any evidence as to the results or validity of using this list (even when asked for). Not to mention, I have not found anywhere on the site where it lists any price for mass-querying or any data feed service for its zone files. We purchase data feed service for SpamHaus and query an average of close to four(4) million every 24 hours. combined.rbl.msrbl.net Don't know much about this list. Perhaps someone else has feedback. -d
Re: *Slightly OT* DNSBL Opinions.
* Stan Hoeppner <[EMAIL PROTECTED]>: > I highly recommend you sub to spam-l and post your question there also. > http://www.claws-and-paws.com/spam-l/spam-l.html > > FWIW, here's my dnsbl config: > >reject_rbl_client zen.spamhaus.org, > reject_rbl_client dul.dnsbl.sorbs.net, > reject_rbl_client dsn.rfc-ignorant.org, That's wrong. reject_rbl_sender dsn.rfc-ignorant.org > reject_rbl_client bl.spamcop.net, > reject_rbl_client relays.mail-abuse.org, Dead, Jim > reject_rbl_client korea.services.net, > reject_rbl_client web.dnsbl.sorbs.net, > reject_rbl_client relays.bl.gweep.ca, > reject_rbl_client proxy.block.transip.nl, I *think* this one may be dead as well. > reject_rbl_client relays.dnsbl.sorbs.net > > The only 2 that catch anything regularly, for me, are spamhaus and > sorbs. The 2nd of these usually only catches stuff when there's a > transient lookup failure to zen. The korea one stopped two spam in the > last year AFAICT. I may as well remove the others... > > I have more success today with the standard postfix DNS and hostname > checks and an IP block list than with dnsbls. Recent partial pflogsumm > output summary: > > Client host rejected: Access denied (total: 231) > cannot find your hostname (total: 97) > Helo command rejected: need fully-qualified hostname (total: 37) > blocked using zen.spamhaus.org (total: 57) > blocked using dul.dnsbl.sorbs.net (total: 4) > > YMMV. > > > P.S. I'd look into uribl and implementing your own ban list before > either of the two dnsbls you mentioned. > http://www.uribl.com/ > > > > > > Duane Hill wrote: >> On Tue, 19 Aug 2008, Adam C. Mathews wrote: >> >>> Presenting using the following blacklists... >>> >>> dul.dnsbl.sorbs.net >>> psbl.surriel.com >>> zen.spamhaus.org >>> >>> >>> These do a good job for me, but I wanted to look for opinions on a >>> couple additional ones. Specifically look for false-positive opinions, >>> adding additional DNS lookups isn't much concern to me. >>> >>> The two I am looking at are ... >>> >>> hostkarma.junkemailfilter.com >> >> I will give the list developer credit for the fact he/she has done >> research. However, the list developer has not provided any evidence as >> to the results or validity of using this list (even when asked for). >> >> Not to mention, I have not found anywhere on the site where it lists any >> price for mass-querying or any data feed service for its zone files. We >> purchase data feed service for SpamHaus and query an average of close to >> four(4) million every 24 hours. >> >>> combined.rbl.msrbl.net >> >> Don't know much about this list. Perhaps someone else has feedback. >> >> -d -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job He may look like an idiot and talk like an idiot but don't let that fool you. He really is an idiot. - Groucho Marx
Re: *Slightly OT* DNSBL Opinions.
I highly recommend you sub to spam-l and post your question there also. http://www.claws-and-paws.com/spam-l/spam-l.html FWIW, here's my dnsbl config: reject_rbl_client zen.spamhaus.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client bl.spamcop.net, reject_rbl_client relays.mail-abuse.org, reject_rbl_client korea.services.net, reject_rbl_client web.dnsbl.sorbs.net, reject_rbl_client relays.bl.gweep.ca, reject_rbl_client proxy.block.transip.nl, reject_rbl_client relays.dnsbl.sorbs.net The only 2 that catch anything regularly, for me, are spamhaus and sorbs. The 2nd of these usually only catches stuff when there's a transient lookup failure to zen. The korea one stopped two spam in the last year AFAICT. I may as well remove the others... I have more success today with the standard postfix DNS and hostname checks and an IP block list than with dnsbls. Recent partial pflogsumm output summary: Client host rejected: Access denied (total: 231) cannot find your hostname (total: 97) Helo command rejected: need fully-qualified hostname (total: 37) blocked using zen.spamhaus.org (total: 57) blocked using dul.dnsbl.sorbs.net (total: 4) YMMV. P.S. I'd look into uribl and implementing your own ban list before either of the two dnsbls you mentioned. http://www.uribl.com/ Duane Hill wrote: On Tue, 19 Aug 2008, Adam C. Mathews wrote: Presenting using the following blacklists... dul.dnsbl.sorbs.net psbl.surriel.com zen.spamhaus.org These do a good job for me, but I wanted to look for opinions on a couple additional ones. Specifically look for false-positive opinions, adding additional DNS lookups isn't much concern to me. The two I am looking at are ... hostkarma.junkemailfilter.com I will give the list developer credit for the fact he/she has done research. However, the list developer has not provided any evidence as to the results or validity of using this list (even when asked for). Not to mention, I have not found anywhere on the site where it lists any price for mass-querying or any data feed service for its zone files. We purchase data feed service for SpamHaus and query an average of close to four(4) million every 24 hours. combined.rbl.msrbl.net Don't know much about this list. Perhaps someone else has feedback. -d
Re: *Slightly OT* DNSBL Opinions.
On Tue, 19 Aug 2008, Adam C. Mathews wrote: Presenting using the following blacklists... dul.dnsbl.sorbs.net psbl.surriel.com zen.spamhaus.org These do a good job for me, but I wanted to look for opinions on a couple additional ones. Specifically look for false-positive opinions, adding additional DNS lookups isn't much concern to me. The two I am looking at are ... hostkarma.junkemailfilter.com I will give the list developer credit for the fact he/she has done research. However, the list developer has not provided any evidence as to the results or validity of using this list (even when asked for). Not to mention, I have not found anywhere on the site where it lists any price for mass-querying or any data feed service for its zone files. We purchase data feed service for SpamHaus and query an average of close to four(4) million every 24 hours. combined.rbl.msrbl.net Don't know much about this list. Perhaps someone else has feedback. -d