Config is double checking blacklists
Nigel Kendrick
support-lists at petdoctors.co.uk
Tue Aug 22 13:01:03 IST 2006
Hi Folks,
I noticed we were suddenly getting a lot of our own outbound mail marked as
spam. The root cause was we'd ended up in CBL due to a mis-configured server
name, but in sorting this out, I noticed the following info at Spamhaus..
===
Exploits Block List
The Spamhaus Exploits Block List (XBL) is a realtime database of IP
addresses of illegal 3rd party exploits, including open proxies (HTTP,
socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and
other types of trojan-horse exploits.
Incorporates CBL data and NJABL proxy data
The XBL wholly incorporates data from two highly-trusted DNSBL sources, with
tweaks by Spamhaus to maximise the data efficiency and lower False
Positives. The main components are:
- the CBL (Composite Block List) from cbl.abuseat.org
- the NJABL Open Proxy IPs list from www.njabl.org.
Mail servers already using cbl.abuseat.org should NOT also use
xbl.spamhaus.org or you will be making 'double' queries to basically the
same data source and only one DNSBL will appear to work (the other(s) will
appear to not catch anything). Mail servers already using dnsbl.njabl.org
are advised to continue doing so, as dnsbl.njabl.org is itself a composite
list and contains more than the open proxy IPs list part now incorporated in
XBL.
===
The only reason I point this out is that my installation of MailScanner et.
Al was originally done using Johnny Hughes' excellent howto and by default,
the spam checking rules used list both SBL+XBL and CBL, which according to
the above means we are effectively double-checking and any 'hit' will count
as 2 towards 'spam lists to be spam'.
If my assumption is correct, will I be OK to remove SBL+XBL and replace it
with spamhaus.org in order to not check both XBL and CBL?
Thanks
More information about the MailScanner
mailing list