Config is double checking blacklists

Nigel Kendrick support-lists at
Tue Aug 22 13:01:03 IST 2006

Hi Folks,

I noticed we were suddenly getting a lot of our own outbound mail marked as
spam. The root cause was we'd ended up in CBL due to a mis-configured server
name, but in sorting this out, I noticed the following info at Spamhaus..


Exploits Block List

The Spamhaus Exploits Block List (XBL) is a realtime database of IP
addresses of illegal 3rd party exploits, including open proxies (HTTP,
socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and
other types of trojan-horse exploits.

Incorporates CBL data and NJABL proxy data

The XBL wholly incorporates data from two highly-trusted DNSBL sources, with
tweaks by Spamhaus to maximise the data efficiency and lower False
Positives. The main components are:
- the CBL (Composite Block List) from
- the NJABL Open Proxy IPs list from

Mail servers already using should NOT also use or you will be making 'double' queries to basically the
same data source and only one DNSBL will appear to work (the other(s) will
appear to not catch anything). Mail servers already using
are advised to continue doing so, as is itself a composite
list and contains more than the open proxy IPs list part now incorporated in


The only reason I point this out is that my installation of MailScanner et.
Al was originally done using Johnny Hughes' excellent howto and by default,
the spam checking rules used list both SBL+XBL and CBL, which according to
the above means we are effectively double-checking and any 'hit' will count
as 2 towards 'spam lists to be spam'.

If my assumption is correct, will I be OK to remove SBL+XBL and replace it
with in order to not check both XBL and CBL?


More information about the MailScanner mailing list