potential blacklist stats

Peter Peters P.G.M.Peters at utwente.nl
Tue Jul 13 08:09:01 IST 2004


On Mon, 12 Jul 2004 15:12:58 -0700, you wrote:

>I put one IP blacklist in place (postfix) and it is blocking about 20% of
>incoming mail attempts.  A good start.  Now I want to find the next most
>effective (and well documented, low false positive rate, etc)
>blacklist.  Is there a way for MailScanner to do a check against several
>blacklists such as XBL, CBL, SORBS, etc. and report how many connections
>come from an IP address on each list?  Then pick the best one and block
>that in postfix.  Repeat cycle as feasible.

We have a number of blacklists for tagging in MS. You could check the
logs and see whether a message that has a hit on one or more BL's also
has some other spam characteristics (from SA) and choose the one (or
two) BL's that give the best result in your case.

We can't use BL's at the MTA because we have a lot of students from
"suspicious" countries. I have done a test last year and at that time
50% of the messages from those countries were not spam. Even if it turns
out that the ammount of spam has increased tenfold it still results in
too much false positives. BYMMV

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list