Last week, I turned on the DNSBL feature of Sendmail and have seen amazing results. I personally have been receiving over 300 spam emails per day, as well as taking in all the spam that each of the other email accounts on my server receives. I had looked at such tools as SpamAssassin and Bogofilter, but these still have the downfall of accepting the email and analizing it. Granted, my pipe to the internet is big enough that accepting the email is not a big deal now, but it very quickly could become an issue. I wanted a product that would allow me to actually reject the emails and not bog down my connection or CPU analizing the message.
In comes the DNSBL feature of Sendmail along with the repository at Spamhaus.org. Since implementing this feature less than a week ago, I have rejected over 3000 emails!
In the future, I may turn either SpamAssassin or Bogofilter on to handle the ones that get through, but I can handle 20-30 spams per day.
Posted by doug at February 1, 2005 09:04 AM | TrackBacki've abandoned these blackhole lists, because they'd block things i didn't want blocked. if something gets blocked, it's hard for you to work around it. maybe an access_db entry could override it, but it's still problematic.
they end up blocking anything from a dynamic domain, like my server on the cablemodem. due to filters like this, i have to send all my mail through my isp's finnicky smtp server.
i filter only on content with bogofilter on a per-user basis. i doubt your poor little xeon will have too much trouble analyzing content. :)
Posted by: john at February 1, 2005 09:47 AMThis may be something that I just leave on for a while until I see the volume go down. Hopefully, they start to remove me from lists as they get the emails bounced, but I doubt that will happen. As for blocking dynamic domains, I'm not sure of that. They block known open relays and known spam operations. You could always just try to send me an email and see what happens.
Posted by: doug at February 1, 2005 09:56 AMSpamhaus is awesome. We recently turned that on for the entire campus and our spam has greatly been reduced. And spamhaus isn't like other open relay databases where there are often false positives. They list KNOWN spam operations. So I wouldn't write off spamhaus quite yet, John. :)
I'm still spam-free since I switched domain names, btw. :)
Posted by: stacey at February 1, 2005 10:18 AMOh yeah, and you should still use spamassassin in combination with my best friend, procmail, so that you can filter away all your spam to another folder. Then you never have to look at it.
Posted by: stacey at February 1, 2005 10:19 AMis a cablemodem network full of zombie windows spambots (aka the home computer) considered a "known spammer" and hence blocked?
looking at their stats and lists, i did see a few whole class c comcast networks blocked.
Posted by: john at February 2, 2005 09:28 AMi admit, i'm intrigued now. it looks like sbl will be the more conservative list of known spammers, and xbl is the list of spam zombies and open proxies.
Posted by: john at February 2, 2005 09:52 AMI am using both, at the recommendation of spamhaus.org, but if I start to hear about issues or see them, I may consider dropping back to just the SBL.
Posted by: doug at February 2, 2005 10:15 AM