RBLs

[Scott Silva]

Mikael Syska spake the following on 9/13/2007 1:17 PM:
> Hi,
> 
> Just wondering ... is this a busy system or private home server ? What 
> are the mail flow ?
> 
> // ouT
> 
> Scott Silva wrote:
>> Gareth spake the following on 9/12/2007 6:33 AM:
>>> Has anyone configured spamassassin to use additional RBLs other than
>>> what comes in the default configuration?
>>>
>>> I use Spamhaus and Spamcop in postfix but there are lots of alternatives
>>> available and the best way to test them would be to configure them in
>>> spamassassin and use the mailwatch report to see the % of ham and spam
>>> it matches.
>>>
>> I have a few.
>>
>> ---snip----
>>
>>
>> header   RCVD_IN_PSBL          eval:check_rbl('psbl', 
>> 'psbl.surriel.com.')
>> describe RCVD_IN_PSBL          Received via a relay in PSBL
>> tflags   RCVD_IN_PSBL          net
>> score    RCVD_IN_PSBL          0 1.50 0 1.50
>>
>> header   RCVD_IN_UCE_PFSM_1          eval:check_rbl('UCE_PFSM_1', 
>> 'dnsbl-1.uceprotect.net')
>> describe RCVD_IN_UCE_PFSM_1          Received via a relay in UCE_PFSM_1
>> tflags   RCVD_IN_UCE_PFSM_1          net
>> score    RCVD_IN_UCE_PFSM_1          0 1.50 0 1.50
>>
>> header   RCVD_IN_UCE_PFSM_2          eval:check_rbl('UCE_PFSM_2', 
>> 'dnsbl-2.uceprotect.net')
>> describe RCVD_IN_UCE_PFSM_2          Received via a relay in UCE_PFSM_2
>> tflags   RCVD_IN_UCE_PFSM_2          net
>> score    RCVD_IN_UCE_PFSM_2          0 1.50 0 1.50
>>
>> header   RCVD_IN_UCE_PFSM_3          eval:check_rbl('UCE_PFSM_3', 
>> 'dnsbl-3.uceprotect.net')
>> describe RCVD_IN_UCE_PFSM_3          Received via a relay in UCE_PFSM_3
>> tflags   RCVD_IN_UCE_PFSM_3          net
>> score    RCVD_IN_UCE_PFSM_3          0 1.50 0 1.50
>>
>>
>> header   DNS_FROM_MPBULK_RHSBL    eval:check_rbl_from_host('mprhs', 
>> 'bulk.rhs.mailpolice.com.')
>> describe DNS_FROM_MPBULK_RHSBL    From: sender listed in 
>> bulk.rhs.mailpolice.com
>> tflags   DNS_FROM_MPBULK_RHSBL    net
>> score    DNS_FROM_MPBULK_RHSBL    2.0
>>
>>
>> urirhsbl  URIBL_BULK_MPRHS  bulk.rhs.mailpolice.com.   A
>> body      URIBL_BULK_MPRHS  eval:check_uridnsbl('URIBL_BULK_MPRHS')
>> describe  URIBL_BULK_MPRHS  Contains a URL listed in the MailPolice 
>> bulk senders list
>> tflags    URIBL_BULK_MPRHS  net
>> score     URIBL_BULK_MPRHS  2.0
>>
>>
>> urirhsbl  URIBL_PORN_MPRHS  porn.rhs.mailpolice.com.   A
>> body      URIBL_PORN_MPRHS  eval:check_uridnsbl('URIBL_PORN_MPRHS')
>> describe  URIBL_PORN_MPRHS  Contains a URL listed in the MailPolice 
>> porn domains list
>> tflags    URIBL_PORN_MPRHS  net
>> score     URIBL_PORN_MPRHS  2.0
>>
>>
>> urirhsbl  URIBL_FRAUD_MPRHS  fraud.rhs.mailpolice.com.   A
>> body      URIBL_FRAUD_MPRHS  eval:check_uridnsbl('URIBL_FRAUD_MPRHS')
>> describe  URIBL_FRAUD_MPRHS  Contains a URL listed in the MailPolice 
>> fraud domains list
>> tflags    URIBL_FRAUD_MPRHS  net
>> score     URIBL_FRAUD_MPRHS  2.0
>>
>> header   RCVD_IN_SPAMCANNIBAL          eval:check_rbl('spamcannibal', 
>> 'bl.spamcannibal.org.')
>> describe RCVD_IN_SPAMCANNIBAL          Received via a relay in 
>> SpamCannibal
>> tflags   RCVD_IN_SPAMCANNIBAL          net
>> score    RCVD_IN_SPAMCANNIBAL          0 1.50 0 1.50
>>
>> header   RCVD_IN_MSRBL          eval:check_rbl('msrbl', 
>> 'combined.rbl.msrbl.net.')
>> describe RCVD_IN_MSRBL          Received via a relay in MSRBL
>> tflags   RCVD_IN_MSRBL          net
>> score    RCVD_IN_MSRBL          0 1.50 0 1.50
>>
>> ---snip---
>>
>>
>> Some are better than others, as I haven't had time to evaluate them 
>> for a while.
>>
> 
Corporate mailservers serving about 100 users each in California, US.
We are a public utility serving about 80,000 plus consumers in parts of 6 
cities.  Mail is usually around 10,000 to 15,000 per day before filtering. 
Usually 1000 or less legitimate mails, some are rather large word documents 
going back and forth with attorneys.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!