RBL & greylisting on Ubuntu.com smtp

Scott Dier dieman at ringworld.org
Sat Jun 17 22:10:11 BST 2006 

Jan Claeys wrote:
> Op za, 17-06-2006 te 14:00 +0200, schreef Lionel Dricot:
>> Hello Jan,
>>
>>> All those blacklists can easily be abused (and _are_ abused), and when
>>> that happens, or when an error occurs, a lot of innocent people will be
>>> affected.  Blacklists are evil when you use them to block mail.  (You
>>> can probably use the better ones to add some amount in a spam scoring
>>> system though.)
>> Perhaps not the best way. But at least mail are not lost because the
>> sender is notified with "you are in the XXX blacklist.
> 
> The mail is still "lost" and people have to go through all sorts of
> silly loopholes (often involving not really interested third-parties) to
> be able to contact you.

Still, I know SBL+XBL (spamhaus calls cbl as xbl) are considered to be 
the best lists out there.  I know the university I work for will block 
first-time connectors who are listed on these lists.  (they have an 
exceptions system driven by user input and previous history)  The 
deparment mailserver and personal mailservers all run sbl/xbl 
(sbl-xbl.spamhaus.org), dsbl (list.dsbl.org), and the open proxy list 
(opm.blitzed.org).  All are exceptionally well run and blackmarking the 
cbl people for a small error is shortsighted.

The mail is not lost.  Losing mail is 'silent drops'.  If you think 
nobody should control who can contact who based on abuse and worm 
activity (cbl is such a list) then I personally don't mind blocking your 
machine from time to time either. (ie: if you were promulgating such 
activity via your mailservers)  Ill-configured mailservers and sites 
that consistently abuse other servers are a valid target for non-connection.

dspam is configured at both sites I maintain to catch the rest of the 
mail.  I also filter on URL's using the uribl lists (spamvertised 
sites).  I find I receive far less spam than most people and don't have 
anyone I personally know contact me saying they can't email me.

Greylisting is useless though -- I think its not a great way to do 
anything but slow down mail.  Combine greylisting with sites that 
require address verification (I do require address verification, as in, 
you must have an address my mailer can verify that a 'mail to:' does 
*not* come back with an error -- this is not the same as requiring that 
you click on some stupid link or email someplace to get access to 
sending me mail)  I've seen mails be delayed by 12 hours or more due to 
greylisting and address verification combined with lamely configured 
mail MX clusters. (if you don't share the greylist between a setup of 5 
MX servers, you shall configure it, now. really.)

bogofilter isn't a great solution for most people because it doesn't 
pass the 'can my mom use this' test.  I can get office staff who are not 
hugely computer proficient to use dspam through the web interface.  It 
requires no changes to their client.

Thanks,

-- 
Scott Dier <dieman at ringworld.org>

More information about the sounder mailing list