Bob Proulx wrote: > > The Spamhaus PBL lists IPs that by policy (policy block list) should > not be sending email such as IPs in dynamic IP address ranges. > > http://www.spamhaus.org/pbl/ > > So both of those lists are listing addresses known to be in a dynamic > address range. Those are often consumer devices that have become > victims of spammer viruses. Viruses that are sending mail from > dynamic addresses. Those can be avoided if one avoids receiving email > from dynamic address ranges through the use of one of those DNSBLs. > They should be required to ring a bell and shout "Stay back. Unclean!" >
Correct. > The PBL is included in XEN. http://www.spamhaus.org/zen/ > Correct > While probably not a strict superset since the data is compiled > independently wouldn't it generally be true that every IP address > listed in the dynamic IP range in dul.dnsbl.sorbs.net for being a > dynamic address would also be listed in the dynamic IP range in > pbl.spamhaus.org for being a dynamic address? Incorrect (SORBS also has a PBL and whilst there is roughly a 70% overlap there is by no means a superset issue) ... of course if you read the wording of the PBL you would correctly be confused into thinking that all dynamics are listed and any statics that by policy should be blocked. As you would thinking that they only 'extras' are dynamic, but reality is it's what Spamhaus think should or should not be sending email (and it does state such.) The SORBS DUHL is just dynamics. The SORBS PBL is just by policy should not be sending email (or have DNS or Webservers on them) The dnsbl.sorbs.net zone includes both of the above (and more.) > They are different > organizations providing a similarly goaled data set. But the goal is > the same so in theory the set of dynamic addresses in each should be > quite similar. No? I realize that the policy additions will be > different between them. > No the PBL is where Spamhaus thinks email should be sent from or not, or have been told email can be sent from or not, nothing more, nothing less... if you want a clearer definition ask Spamhaus, however everyone I know who has just has been pointed at the FAQ as the 'clear' course. > My original point being to use the fewest number of DNS lookups that > gets the task done. Expecially on a busy mail server the load from > DNS can be appreciable. > Understood, but being two orgs and saying one or contains the data of the second is incorrect unless it is stated as such by the org in question... > I would enjoy reading any comments you might have on optimum DNSBL > anti-spam usage. > Postfix (as was by the comments/config) will stop doing DNSBl lookups at the first "reject" hit ... put the most effective first and least effective last. This is how to minimize DNS queries. In the case of SORBS (and others, including Spamhaus) .. if you want multiple zones rather than querying each zone use the aggregate and block on return code (the return codes are cached locally so you can query the same zone for multiple codes without additional DNS loading.) - Note: that is the behavior of Postfix, I do not know about Exim or Sendmail or other mail servers.. Hope this clarifies and helps, Michelle > Bob > -- Michelle Sullivan http://www.mhix.org/
