SpamHaus DROP list

Alex Broens ms-list at alexb.ch
Wed Oct 17 12:28:12 IST 2007


On 10/17/2007 1:00 PM, Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Kai Schaetzl wrote:
>> Michael Mansour wrote on Tue, 16 Oct 2007 07:57:46 +1000 (EST):
>>
>>> I've never had complaints from anyone from getting blocked from those IP's, since 
>> they are IP's which have been hijacked.
>>
>> Rather in complaints I'd be interested if it is worth it. Do you (=anyone reading 
>> this thread) have any idea how many of your Zen hits (assuming you use Zen) are in 
>> this subset?
> 
> I put my filter in front of other blacklists. And I did notice some hits
> since I started this. Like:
> 
> Oct 17 00:16:21 balin postfix/smtpd[16000]: NOQUEUE: reject: RCPT from
> host105.200-117-38.telecom.net.ar[200.117.38.105]: 554 5.7.1 Service
> unavailable; Client host [200.117.38.105] blocked using
> zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=200.117.38.105;
> from=<augu at bmm.com.my> to=<haasje at vanderkooij.org> proto=ESMTP
> helo=<kayzerzo-75400e>
> Oct 17 01:16:34 balin postfix/smtpd[29159]: NOQUEUE: reject: RCPT from
> unknown[196.204.154.39]: 554 5.7.1 Service unavailable; Client host
> [196.204.154.39] blocked using zen.spamhaus.org;
> http://www.spamhaus.org/query/bl?ip=196.204.154.39;
> from=<deanhostager at affiliates.x10.com> to=<hvdkooij at vanderkooij.org>
> proto=SMTP helo=<clum>
> 
> I guess they would propably be shot on ERS (Trend Micro RBL) or on ZEN.
> 

I wonder why you don't use
                             reject_non_fqdn_recipient,
                             reject_non_fqdn_sender,
                             reject_non_fqdn_hostname,

SMTP helo=<clum> and similar would have been blocked by 
"reject_non_fqdn_hostname"

before RBL checks - less load on RBLs, faster processing.

Alex



More information about the MailScanner mailing list