[Mimedefang] [OT] SBL
dimon at intellinetinc.com
dimon at intellinetinc.com
Wed Feb 25 11:33:27 EST 2004
Quoting Josh Kelley <josh at jbc.edu>:
> I realize this is a bit OT, but I've seen SBL recommended here before,
> and I'm not sure where else to ask...
>
> I'm trying to reconfigure our mail server to start blocking spam instead
> of tagging it with SpamAssassin and trusting our users to set up their
> own filters based on SpamAssassin. Blocking messages based on the SBL
> seemed like a good first step. In the week or so since I've started
> using the SBL, it's caught about half of the incoming mail to our
> campus, but it's also caused 4-5 false positives (a spammer's company
> that happens to put out a good newsletter, legitimate mailing lists
> hosted by spammers, a legitimate company that uses a spam-friendly ISP
> as their hosting provider). This surprised me, since I was under the
> impression that the SBL was probably the most trusted and most
> conservative of the blacklists.
>
> Should I give up on blocking via the SBL? Or should I just accept that
> if I'm going to block mail, I'm going to block a few legitimate ones by
> mistake? I know that others on this list use the SBL - have you had any
> similar problems?
>
Hi Josh,
I use DNSBLs like this:
I have a list of 15 most popular DNSBLs and check relay IP address to ALL of
them, then I reject a message if that IP address is listed in 2 (or 3, or 5,
it's up to you to decide) or more of them.
I think that will decarease FPs to almost 0%. But will not catch those ones
that are listed in lass than 2 (or 3, or 5, etc.) DNSBLs.
It works pretty good for me.
I hope that will help you.
Dmitry
More information about the MIMEDefang
mailing list