[RELEASE] SpamBlocker Version 2 released

[philmcdonnell]

RBL's are so yesterday. Granted, a very select few, one or two would yeild results, The combination of MS + SURBL lookups at SMTP TIME, SA + PYZOR + DCC would kill 94% of your spam while keeping your users happy and bitch free. We have been using this combo for over 2yrs. In the past 2 yrs we have had less than 10 clients who have complained about blocked mail. Using the above list exclusively would be a huge mistake.

Could you explain how to set this up? I am currently using SpamBlocker and have been getting alot of spam and also users complaining about being blocked.

Thanks,
Phil

 

[pucky]

Could you explain how to set this up? I am currently using SpamBlocker and have been getting alot of spam and also users complaining about being blocked.

Thanks,
Phil

Thats because of the RBL list being used. Writing a complete howto for this would be impossible. There is just so much that goes into setting this up but it can be done, full implamention in about 3hrs then comes the testing and tweaking. Once it down and set its magic. There are a few people doing this type of installation who i will not mention here for the sake of advertising.

 

[Chrysalis]

I agree on the RBL lists, I am seeing the ones picked arent the best choice and spamcop is a big no no so many false positives.

 

[philmcdonnell]

I agree on the RBL lists, I am seeing the ones picked arent the best choice and spamcop is a big no no so many false positives.

So what is everyone doing? Can you give me a list of what RBL's you recommend? If no RBL's than what do you recommend?

Regards,
Phil

 

[clintox]

I'm sorry, but anyone who knows anything about mail and keeping their users from bitching due to blocked emails from receipients would never including the list;

SPAMHAUS

ORDB

SORBS SMTP LIST

SORBS IP LISTS

SORBS NAME-BASED LIST

SPAMCOP

NJABL

CBL

RBL's are so yesterday. There are better way to kill spam that will lower the false positives dramatically. There are only one or two RBLS that actually work to the point of not triggering false positives and neither of those two are listed above. The combination of MS + SURBL lookups at SMTP TIME, SA + PYZOR + DCC + TOP 200 SPAMCOP DOWNLOADS, RULES DU JOUR, would kill 94% - 96% of all your spam while keeping your users happy and bitch free. We have been using this combo for over 2yrs. In the past 2 yrs we have had less than 10 clients who have complained about blocked mail. Using the above list exclusively would be a huge mistake.

.... I find it amusing that so many are installing SA at the user level, including SPAMD/C. First of all, SPAMD/C are huge system resource hogs. If you have installed SPAMD/C on your server and its running high in resrouces you'd better check SPAMD. Not to mention what would happen if all of a sudden the box was spam bombed, brute force attacked or dictionary style attacked, SPAMD would we whirrling out of control at about 99% cpu cycles which would surely bring your box to a grinding hault. Second, why would anyone want to scan mail twice? If you are implementing a decent combo, like we are using above, SA at the user level becomes a useless installation. Why? Because mail would be scanned, not only at the server level, but then once again at the user level. What for? Why push your servers resources to the absolute limit? I mean, if you can't catch your spam the first time, without relying on SPAMD to score it, you shouldn't be running spam filters.

I just dont get this thinking. Its very possible, that most people just dont get it or don't know any better and thinking they should be offering their users just one more feature called SpamAssassin controllable from the user control panel, is just another great feature to include. I beg to differ, trust me, i should know. I am the author of countless documents, howtos and other article on the subject posted in various forums. Good luck with this.

For someone who is so knowledgable in the field of spam blocking and an author of countless documents and howto's it would be very helpful to at least link to one instead of just bagging on RBL's.

You're right, most people don't "get it", but your post doesn't seem to do much to change this.

 

[jep]

Hi Guys,

I've installed the spamblocker config a while ago. For a long time things went fine , but I'm pretty sure that online spamlists are not used.

How can I check if the config uses them actively? I don't see anything in the log and tcpdumping the ip's from the blacklists does not show any traffic at all.

Thanksm

 

[GXX]

tail /var/log/exim/rejectlog ?

 

[sullise]

or you can do a 'tail -f' and watch it as it updates live.

 

[sullise]

Lasman, you have an updated exim.conf yet to remove ORDB? Since they are defunct, be nice to get them out of it.

I'd do it myself, but rather have the master do it to be sure I don't screw it up..lol.

Or is there anything other then removing this that needs to be done?

# deny using ordb
deny message = Email blocked by ORDB - to unblock see http://www.capitalwebhost.net/blocked.html
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
dnslists = relays.ordb.org

 

[BigWil]

The quick and easy is to just comment out the ordb lines. Search for ordb and comment like so.

# deny using ordb
# deny message = Email blocked by ORDB - some message
# #only for domains that do want to be tested against RBLs
# domains = +use_rbl_domains
# dnslists = relays.ordb.org

And if you have another section for fuzzy lists do the same to that one. Then restart Exim.

Big Wil

 

[nobaloney]

Or of course move to SpamBlocker3 .

Jeff

 

[hostpc.com]

We just removed the ORDB ACL and it worked fine... thanks Jeff.

 

[BigWil]

Jeff,

Well that is a good option too. I guess I missed a few posts. Do you have a changelog for 2->3?

Big Wil

 

[nobaloney]

Nope.

But ...

I cleaned up some code.

Added (optional) ClamAV support.

Added (optional) Dovecot support.

Removed references to the ORDB blocklist.

Added a new blocklist: dsbl.org.

Modified how I use the SORBS blocklist; we removed individual blocklists and replaced them with safe.dnsbl.sorbs.net.

Added the DA fix for multiple emails through pipes.

We'll probably add optional greylisting before the end of the weekend. I'm still not sure about adding anti-dictionary-attack code, so be sure to vote in the poll .

Note that by the end of New Years day SpamBlocker3 shall most likely come out of beta, and at that time DA staff may very well decide to include it as their exim.conf file. So you may eventually get it on all new servers .

Jeff

Jeff

 

[Chrysalis]

Great work Jeff, will try out the new spamblocker on my new server.