Spam question

Bryan Laurila blaurila at
Tue Aug 18 15:51:23 UTC 2015

 <!--#yiv4654706866 .yiv4654706866EmailQuote {margin-left:1pt;padding-left:4pt;border-left:#800000 2px solid;}-->I haven’t given “current RBLs” much thought in a long time so this discussion sparked my interest especially since we have been seeing an increase in Spam messages getting past MailScanner in recent months.   Below is an excerpt from my MailScanner.conf file showing my “Spam List =” line as well as my “Spam Domain List = “ line (yes, I know it’s blank).  Below that is my current spam.lists.conf file which hasn’t been updated in a longtime (anyone have an updated version?).   Although this configuration has worked well for me in the past, I’m thinking I could do better. What are other people are using for their configurations for “Spam List =” and “Spam Domain List=”? Thanks!    Bryan   ====================================================================# This is the list of spam blacklists (RBLs) which you are using.# See the "Spam List Definitions" file for more information about what# you can put here.# This can also be the filename of a ruleset.#Spam List = # spamhaus-ZEN # You can un-comment this to enable themSpam List = spamhaus-ZEN SORBS-NEW SORBS-RECENT SORBS-DNSBL # This is the list of spam domain blacklists which you are using# (such as the "rfc-ignorant" domains). See the "Spam List Definitions"# file for more information about what you can put here.# This can also be the filename of a ruleset.Spam Domain List = ====================================================================== This is my current spam.lists.conf file which hasn’t been updated in a long time. 

# This file translates the names of the spam lists and spam domains lists# into the real DNS domains to search. # There is a far more comprehensive list of these at# and you can easily search them all # If you want to search other DNSBL's you will need to define them here first,# before referring to them by name in mailscanner.conf (or a rules file).                                                                                    # ORDB has been shut down.#ORDB-RBL              #Infinite-Monkeys              These two lists are now dead and must not be used. # MAPS now charge for their services, so you'll have to buy a contract before# attempting to use the next 3 lines. MAPS-RBL                                           # This next line works for JANET UK Academic sites only MAPS-RBL+              # And build a similar list for the RBL domains that work on the name# of the domain rather than the IP address of the exact machine that# is listed. This way the RBL controllers can blacklist entire# domains very quickly and easily.# These aren't used by default, as they slow down MailScanner quite a bit. RFC-IGNORANT-DSN                   # Easynet are closing down, so don't use these any moreEasynet-DNSBL                      # This list is now dead and must not be used.#OSIRUSOFT-SPEWS               # These folks are still going strongSORBS-DNSBL                                                                                                                                 Added by BSL on 20131125                        # These next 2 are "Spam Domain List" entries and not "Spam List"sSORBS-BADCONF                    # Some other good lists CBL                    JKF 30 Oct 2008 Gone: DSBL                  

 From: MailScanner [mailto:mailscanner-bounces at] On Behalf Of Jerry Benton
Sent: Thursday, August 06, 2015 1:04 PM
To: MailScanner Discussion
Subject: Re: Spam question reject_rbl_client,reject_rbl_client,reject_rbl_client,reject_rbl_client,reject_rbl_client,reject_rbl_client,reject_rbl_client,
-Jerry   On Aug 6, 2015, at 1:55 PM, Tiago Meireles <tmeireles at> wrote: Any RBLs that you recommend? From: MailScanner [mailto:mailscanner-bounces at] On Behalf Of JerryBenton
Sent: Thursday, August 06, 2015 1:50 PM
To: MailScanner Discussion
Subject: Re: Spam question - Use RBLs at the MTA level- Use greylisting
-Jerry   On Aug 6, 2015, at 1:49 PM, Sean M. Schipper <sean.m.schipper at> wrote: Since last November I’ve been getting inundated with spam (yesterday just under 7,000 just in the am) from coming from 3 or 4 IP addresses on the same subnet in the morning starting like clockwork just after 9am.  Then sometimes I’ll get a similar rushof spam in the afternoon coming from a separate IP range.  Countries of origin include US and Bulgaria mostly but also have come from Brasil, Romania and S. Africa. I’ve been able to train MailScanner to correctly identify these as spam since the content is very similar -- tons of links to websites with .php extensions.  Examples of subject lines:  Situations for 2015 that forgive your Student-Loan, 12 month MBA programs,accelerated... To cut down on the processing/traffic on my server I’ve been just blacklisting these IP subnets at smtp with a deny bounce message.  Does anyone have any other suggestions on actions I can take to rid myself of this annoying daily routine?  Does anyoneelse have similar battle stories like this? Thanks for any suggestions on this.   Sean

MailScanner mailing list
mailscanner at 

MailScanner mailing list
mailscanner at  
 Untitled Page Confidentiality Notice:  
  This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above.  If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited.  As required by federal and state laws, you need to hold this information as privileged and confidential. 
This message may contain Protected Health Information (PHI).  PHI is personal and sensitive information related to a person's health care.  It is being emailed to you after appropriate authorization from the patient or under circumstances that do not require patient authorization.  You, the recipient, are obligated to maintain it in a safe, secure and confidential manner.  Re-disclosure without additional patient consent or as permitted by law is prohibited.  Unauthorized re-disclosure or failure to maintain confidentiality could subject you to penalties described in federal and state law. 
If you are not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying or distribution of this information is Strictly Prohibited.  If you have received this communication in error, please notify the sender and destroy all copies of this communication and any attachments. 
 Dickinson County Healthcare System, 1721 S. Stephenson Ave. Iron Mountain, MI 49801,  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list