Increased Volumes Of Spam

Denis Beauchemin Denis.Beauchemin at USherbrooke.ca
Wed Jan 17 20:14:01 CET 2007 

Scott Silva a écrit :
> Denis Beauchemin spake the following on 1/17/2007 6:00 AM:
>   
>> Randal, Phil a écrit :
>>     
>>> Scott Silva wrote:
>>>  
>>>       
>>>> cbl.abuseat.org is part of zen.spamhaus.org, via the included
>>>> lookup against the xbl list, so using both just increases your
>>>> dns lookups without any extra benefit.
>>>> Greetpause does help a lot, as I probably drop 10 to 20% of
>>>> the spam with it alone. Five seconds is a good starting point,
>>>> but probably not over 30 seconds.
>>>>     
>>>>         
>>> The only problem with zen.spamhaus.org is this statement, found on
>>> http://www.spamhaus.org/zen/index.lasso :
>>>
>>> "ZEN Usage
>>>
>>> Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
>>> is free for low-traffic mail servers serving less than 100 users. Use of
>>> the Spamhaus DNSBLs by commercial users, including corporate networks,
>>> ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
>>>
>>>   
>>>       
>> Since I've seen this statement I tried to cut down on their RBL.  After
>> some reshuffling I get the following usage (today's stats so far):
>>    cbl.abuseat.org :  31957 (34.29%)
>>      list.dsbl.org :   1040 ( 1.12%)
>> safe.dnsbl.sorbs.net :  57967 (62.20%)
>>   zen.spamhaus.org :   2238 ( 2.40%)
>>
>> On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
>> following stats:
>>    safe.dnsbl.sorbs.net :  63222 (29.63%)
>>        zen.spamhaus.org : 150167 (70.37%)
>>
>> I check the RBLs in this order in my sendmail.mc:
>> FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
>> " found in safe.dnsbl.sorbs.net"')dnl
>> FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
>> found in cbl.abuseat.org"')dnl
>> FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found
>> in list.dsbl.org"')dnl
>> FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
>> found in zen.spamhaus.org"')dnl
>>
>> Denis
>>
>>     
> Since there will be some duplication in any list, the order that you call them
> will have an effect on their hits. If you put cbl after zen, you will show no
> hits on cbl. You could try and move list.dsbl.org after zen and see how it
> fares also. Zen is a very good list IMHO.
>
>   
I know about the duplication.  I try to check the most complete list 
first and then the others to minimize the number of DNS lookups.

I agree that Zen is a good list but at 4800$US/year (for 10,000 users), 
it's a bit expensive for our University...  Calling CBL before Zen I can 
see that Zen does not provide much more than CBL.  It reduces my Zen DNS 
lookups to "low-traffic" so I should be fine.  And CBL is free...

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070117/74d4044b/smime.bin

More information about the MailScanner mailing list