SpamHaus DROP list
Alex Broens
ms-list at alexb.ch
Wed Oct 17 12:28:12 IST 2007
On 10/17/2007 1:00 PM, Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kai Schaetzl wrote:
>> Michael Mansour wrote on Tue, 16 Oct 2007 07:57:46 +1000 (EST):
>>
>>> I've never had complaints from anyone from getting blocked from those IP's, since
>> they are IP's which have been hijacked.
>>
>> Rather in complaints I'd be interested if it is worth it. Do you (=anyone reading
>> this thread) have any idea how many of your Zen hits (assuming you use Zen) are in
>> this subset?
>
> I put my filter in front of other blacklists. And I did notice some hits
> since I started this. Like:
>
> Oct 17 00:16:21 balin postfix/smtpd[16000]: NOQUEUE: reject: RCPT from
> host105.200-117-38.telecom.net.ar[200.117.38.105]: 554 5.7.1 Service
> unavailable; Client host [200.117.38.105] blocked using
> zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=200.117.38.105;
> from=<augu at bmm.com.my> to=<haasje at vanderkooij.org> proto=ESMTP
> helo=<kayzerzo-75400e>
> Oct 17 01:16:34 balin postfix/smtpd[29159]: NOQUEUE: reject: RCPT from
> unknown[196.204.154.39]: 554 5.7.1 Service unavailable; Client host
> [196.204.154.39] blocked using zen.spamhaus.org;
> http://www.spamhaus.org/query/bl?ip=196.204.154.39;
> from=<deanhostager at affiliates.x10.com> to=<hvdkooij at vanderkooij.org>
> proto=SMTP helo=<clum>
>
> I guess they would propably be shot on ERS (Trend Micro RBL) or on ZEN.
>
I wonder why you don't use
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_non_fqdn_hostname,
SMTP helo=<clum> and similar would have been blocked by
"reject_non_fqdn_hostname"
before RBL checks - less load on RBLs, faster processing.
Alex
More information about the MailScanner
mailing list