Spam question

Bryan Laurila blaurila at sbcglobal.net
Tue Aug 18 15:51:23 UTC 2015 

 <!--#yiv4654706866 .yiv4654706866EmailQuote {margin-left:1pt;padding-left:4pt;border-left:#800000 2px solid;}-->I haven’t given “current RBLs” much thought in a long time so this discussion sparked my interest especially since we have been seeing an increase in Spam messages getting past MailScanner in recent months.   Below is an excerpt from my MailScanner.conf file showing my “Spam List =” line as well as my “Spam Domain List = “ line (yes, I know it’s blank).  Below that is my current spam.lists.conf file which hasn’t been updated in a longtime (anyone have an updated version?).   Although this configuration has worked well for me in the past, I’m thinking I could do better. What are other people are using for their configurations for “Spam List =” and “Spam Domain List=”? Thanks!    Bryan   ====================================================================# This is the list of spam blacklists (RBLs) which you are using.# See the "Spam List Definitions" file for more information about what# you can put here.# This can also be the filename of a ruleset.#Spam List = # spamhaus-ZEN # You can un-comment this to enable themSpam List = spamhaus-ZEN spamcop.net SORBS-NEW SORBS-RECENT SORBS-DNSBL # This is the list of spam domain blacklists which you are using# (such as the "rfc-ignorant" domains). See the "Spam List Definitions"# file for more information about what you can put here.# This can also be the filename of a ruleset.Spam Domain List = ====================================================================== This is my current spam.lists.conf file which hasn’t been updated in a long time. 
=======================================================================================


# This file translates the names of the spam lists and spam domains lists# into the real DNS domains to search. # There is a far more comprehensive list of these at#http://www.declude.com/JunkMail/Support/ip4r.htm# and you can easily search them all atwww.DNSstuff.com. # If you want to search other DNSBL's you will need to define them here first,# before referring to them by name in mailscanner.conf (or a rules file). spamhaus.org                    sbl.spamhaus.org.spamhaus-XBL                    xbl.spamhaus.org.spamhaus-PBL                    pbl.spamhaus.org.spamhaus-ZEN                    zen.spamhaus.org.SBL+XBL                         sbl-xbl.spamhaus.org.spamcop.net                     bl.spamcop.net.NJABL                           dnsbl.njabl.org. # ORDB has been shut down.#ORDB-RBL                       relays.ordb.org. #Infinite-Monkeys               proxies.relays.monkeys.com.#osirusoft.com                  relays.osirusoft.com.# These two lists are now dead and must not be used. # MAPS now charge for their services, so you'll have to buy a contract before# attempting to use the next 3 lines. MAPS-RBL                        blackholes.mail-abuse.org.MAPS-DUL                        dialups.mail-abuse.org.MAPS-RSS                        relays.mail-abuse.org. # This next line works for JANET UK Academic sites only MAPS-RBL+                       rbl-plus.mail-abuse.ja.net. # And build a similar list for the RBL domains that work on the name# of the domain rather than the IP address of the exact machine that# is listed. This way the RBL controllers can blacklist entire# domains very quickly and easily.# These aren't used by default, as they slow down MailScanner quite a bit. RFC-IGNORANT-DSN                dsn.rfc-ignorant.org.RFC-IGNORANT-POSTMASTER         postmaster.rfc-ignorant.org.RFC-IGNORANT-ABUSE              abuse.rfc-ignorant.org.RFC-IGNORANT-WHOIS              whois.rfc-ignorant.org.RFC-IGNORANT-IPWHOIS            ipwhois.rfc-ignorant.org.RFC-IGNORANT-BOGUSMX            bogusmx.rfc-ignorant.org. # Easynet are closing down, so don't use these any moreEasynet-DNSBL                   blackholes.easynet.nl.Easynet-Proxies                 proxies.blackholes.easynet.nl.Easynet-Dynablock               dynablock.easynet.nl. # This list is now dead and must not be used.#OSIRUSOFT-SPEWS                        spews.relays.osirusoft.com. # These folks are still going strongSORBS-DNSBL                     dnsbl.sorbs.net.SORBS-HTTP                      http.dnsbl.sorbs.net.SORBS-SOCKS                     socks.dnsbl.sorbs.net.SORBS-MISC                      misc.dnsbl.sorbs.net.SORBS-SMTP                      smtp.dnsbl.sorbs.net.SORBS-WEB                       web.dnsbl.sorbs.net.SORBS-SPAM                      spam.dnsbl.sorbs.net.SORBS-BLOCK                     block.dnsbl.sorbs.net.SORBS-ZOMBIE                    zombie.dnsbl.sorbs.net.SORBS-DUL                       dul.dnsbl.sorbs.net.SORBS-RHSBL                     rhsbl.sorbs.net.## Added by BSL on 20131125 fromwww.sorbs.net/genera/using.shtmlSORBS-NEW                       new.spam.dnsbl.sorbs.net.SORBS-RECENT                    recent.spam.dnsbl.sorbs.net. # These next 2 are "Spam Domain List" entries and not "Spam List"sSORBS-BADCONF                   badconf.rhsbl.sorbs.net.SORBS-NOMAIL                    nomail.rhsbl.sorbs.net. # Some other good lists CBL                             cbl.abuseat.org.# JKF 30 Oct 2008 Gone: DSBL                            list.dsbl.org.=================================================================

 From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: Thursday, August 06, 2015 1:04 PM
To: MailScanner Discussion
Subject: Re: Spam question reject_rbl_client b.barracudacentral.org,reject_rbl_client zen.spamhaus.org,reject_rbl_client ix.dnsbl.manitu.net,reject_rbl_client rbl.megarbl.net,reject_rbl_client dnsbl.inps.de,reject_rbl_client bl.spamcop.net,reject_rbl_client cbl.abuseat.org,
-Jerry Bentonwww.mailborder.com   On Aug 6, 2015, at 1:55 PM, Tiago Meireles <tmeireles at electroind.com> wrote: Any RBLs that you recommend? From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of JerryBenton
Sent: Thursday, August 06, 2015 1:50 PM
To: MailScanner Discussion
Subject: Re: Spam question - Use RBLs at the MTA level- Use greylisting
-Jerry Bentonwww.mailborder.com   On Aug 6, 2015, at 1:49 PM, Sean M. Schipper <sean.m.schipper at lawrence.edu> wrote: Since last November I’ve been getting inundated with spam (yesterday just under 7,000 just in the am) from coming from 3 or 4 IP addresses on the same subnet in the morning starting like clockwork just after 9am.  Then sometimes I’ll get a similar rushof spam in the afternoon coming from a separate IP range.  Countries of origin include US and Bulgaria mostly but also have come from Brasil, Romania and S. Africa. I’ve been able to train MailScanner to correctly identify these as spam since the content is very similar -- tons of links to websites with .php extensions.  Examples of subject lines:  Situations for 2015 that forgive your Student-Loan, 12 month MBA programs,accelerated... To cut down on the processing/traffic on my server I’ve been just blacklisting these IP subnets at smtp with a deny bounce message.  Does anyone have any other suggestions on actions I can take to rid myself of this annoying daily routine?  Does anyoneelse have similar battle stories like this? Thanks for any suggestions on this.   Sean

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner 

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner  
 Untitled Page Confidentiality Notice:  
 
  This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above.  If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited.  As required by federal and state laws, you need to hold this information as privileged and confidential. 
 
This message may contain Protected Health Information (PHI).  PHI is personal and sensitive information related to a person's health care.  It is being emailed to you after appropriate authorization from the patient or under circumstances that do not require patient authorization.  You, the recipient, are obligated to maintain it in a safe, secure and confidential manner.  Re-disclosure without additional patient consent or as permitted by law is prohibited.  Unauthorized re-disclosure or failure to maintain confidentiality could subject you to penalties described in federal and state law. 
 
If you are not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying or distribution of this information is Strictly Prohibited.  If you have received this communication in error, please notify the sender and destroy all copies of this communication and any attachments. 
 
 Dickinson County Healthcare System, 1721 S. Stephenson Ave. Iron Mountain, MI 49801, www.dchs.org  

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150818/839712fa/attachment.html>

More information about the MailScanner mailing list