From: GrayHat <gr...@gm...> - 2008-08-07 08:52:22
|
> my defaults are: > > zen.spamhaus.org > bl.spamcop.net > dul.dnsbl.sorbs.net > combined.njabl.org > > with RBLmaxits set to 1 I think you may add ix.dnsbl.manitu.net bhnc.njabl.org the second one won't add so much, but having it won't hurt; the first one (manitu) is often useful, especially for fresh spamruns flowing out of compromised machines whose IP addresses aren't already listed on the other DNSBLs Also, speaking of spamruns... lately I saw a lot of spam coming out of *valid* servers (e.g. gmail ones); the spammers use stolen mail credentials to connect to the servers and pump-out their trash; now; on one hand, you can't "block" (or blacklist) those servers or you'll loose "good" emails; on the other hand, delaying won't help here, since the sending server is a "regular" one, so it will retry; now ... An idea to filter such kind of spam, may be parsing the "received" headers lines and checking if an IP along the chain is blacklisted; I know, it's a "risky business" since you'll risk to intercept a dynamic IP used to send a legitimate message through a valid server; and I also know it will impose more load on ASSP; but I think that it may still be an idea worth a thought |