[Esd-l] Spam Filtering

Bill Larson blarson at compu.net
Wed Jul 31 03:28:01 PDT 2002


If it wasn't working I wouldn't use it. If it was adversely affecting the
mta I wouldn't use it. Make sure your server can handle what you want it to
do and you won't have any problems with it.  Now Let me give you a glimpse

Jul 31 05:21:12 ns1 sendmail[14417]: g6VAL7W14417: ruleset=check_relay,
arg1=na-22-36.na.avantel.net.mx, arg2=148.245.22.36,
relay=na-22-36.na.avantel.net.mx [148.245.22.36] (may be forged), reject=550
5.7.1 Mail from 148.245.22.36 refused by blackhole site bl.spamcop.net
Jul 31 05:21:13 ns1 sendmail[14421]: g6VALBW14421: ruleset=check_relay,
arg1=xsrv-251.financialhost.com, arg2=67.104.83.251,
relay=xsrv-251.financialhost.com [67.104.83.251] (may be forged), reject=550
5.7.1 Mail from 67.104.83.251 refused by blackhole site bl.spamcop.net
Jul 31 05:21:16 ns1 sendmail[14431]: g6VALFW14431: ruleset=check_relay,
arg1=mail3051.flowgo.com, arg2=12.129.205.51, relay=mail3051.flowgo.com
[12.129.205.51], reject=550 5.7.1 Mail from 12.129.205.51 refused by
blackhole site flowgoaway.com
Jul 31 05:21:28 ns1 sendmail[14435]: g6VALSW14435: ruleset=check_relay,
arg1=h90-210-243-236.seed.net.tw, arg2=210.243.236.90,
relay=h90-210-243-236.seed.net.tw [210.243.236.90] (may be forged),
reject=553 5.3.0 dnsrbl refused - Dialup address use your local mailserver
Jul 31 05:21:29 ns1 sendmail[14437]: g6VALTW14437: ruleset=check_relay,
arg1=shockwave.systems.pipex.net, arg2=62.241.160.9,
relay=shockwave.systems.pipex.net [62.241.160.9], reject=550 5.7.1 Mail from
62.241.160.9 refused by blackhole site blackhole.compu.net
Jul 31 05:21:32 ns1 sendmail[14439]: g6VALVW14439: ruleset=check_relay,
arg1=customer.iplannetworks.net, arg2=200.69.220.141,
relay=customer.iplannetworks.net [200.69.220.141] (may be forged),
reject=550 5.7.1 Mail from 200.69.220.141 refused by blackhole site
bl.spamcop.net
Jul 31 05:21:36 ns1 sendmail[14440]: g6VALaW14440: ruleset=check_relay,
arg1=Schilberg-Metals.cust.snet.net, arg2=204.60.228.112,
relay=Schilberg-Metals.cust.snet.net [204.60.228.112], reject=550 5.7.1 Mail
from 204.60.228.112 refused by blackhole site list.dsbl.org
Jul 31 05:21:40 ns1 sendmail[14441]: g6VALcW14441: ruleset=check_relay,
arg1=[200.41.100.3], arg2=200.41.100.3, relay=IDENT:squid@[200.41.100.3],
reject=550 5.7.1 Mail from 200.41.100.3 refused by blackhole site
opm.blitzed.org
Jul 31 05:21:45 ns1 sendmail[14445]: g6VALjW14445: ruleset=check_relay,
arg1=[200.255.138.198], arg2=200.255.138.198, relay=[200.255.138.198],
reject=550 5.7.1 Mail from 200.255.138.198 refused by blackhole site
opm.blitzed.org
Jul 31 05:21:52 ns1 sendmail[14446]: g6VALoW14446: ruleset=check_relay,
arg1=200-34-237-162.erikagzz.com.mx, arg2=200.34.237.162,
relay=nobody at 200-34-237-162.erikagzz.com.mx [200.34.237.162] (may be
forged), reject=550 5.7.1 Mail from 200.34.237.162 refused by blackhole site
opm.blitzed.org

I went though and tested each and every one of the blackhole lists I use. I
also went and watched the log rejects for each one when it was added. The
number of spam and dictionary attacks blocked by using the dnsrbl's make it
more than worth the server's added  overhead. The bandwidth usage savings
pay for themselves.

Bill Larson
Network Administrator
Compu-Net Enterprises
----- Original Message -----
From: "Howard Lowndes" <lannet at lannet.com.au>
To: "Bill Larson" <blarson at compu.net>
Cc: "Peter Hanecak" <hanecak at megaloman.com>; <Esd-l at spconnect.com>
Sent: Wednesday, July 31, 2002 5:17 AM
Subject: Re: [Esd-l] Spam Filtering


> On Wed, 31 Jul 2002, Bill Larson wrote:
>
> > Simple spam control with few very few false positives.
>
> Except that each line involved a DNS lookup for each source address in the
> email header, and that does nothing for the performance of your MTA.
>
> Add to that the aggressiveness of RBLs such as SPEWS where you can get
> malicious false positives, and I question the usefullness of so many RBLs.
>

About spews if I received multiple customer complaints their mail was being
blocked by any rbl I would stop using it. As this isn't happening it must
not be that aggressive.



More information about the esd-l mailing list