public blacklists

[Scot L. Harris]

On Thu, 2004-12-09 at 06:10, Ow Mun Heng wrote:

> 
> I was just asking that question. Thanks for clearing that up. So,
> effectively, it's just another form of greylisting then.
> 
> 

Actually no.  Greylisting is much different from SURBL or RBLs. 
Greylisting uses the SMTP RFC standards in a some what unique way.  When
an SMTP server connects to your server to deliver a message your server
checks a database for a tuple that matches (IP address, sender,
recipient).  It has not been seen before and it is not in the whitelist
a temporary failure code is returned to the sending SMTP server.  Normal
SMTP servers when they receive a temporary failure code will queue the
message and retry it later.  Zombie spam servers won't retry the message
later.  As a result your system does not accept the contents of the
message and does not have to do any further processing to reject the
spam messages.  I have seen this block better than 95% of spam being
sent to a system.

So greylisting does not rely on any outside block lists of any type.  I
expect that it is much more efficient and more accurate than any block
list as well.

> > One suggestion, set things up to run spamassassin only on non mailing
> > list messages.  That will improve the speed of email processing on your
> > system.  I have seen very little spam in the mailing lists so this seems
> > to be a reasonable process.
> 
> That depends actually, Most mailing lists runs some sort of spam checks.
> But some don't. eg: ACPI-Devel. Now, that one does not, it even has
> viruses coming in.
> 
That is bad!  The list owners need to do a little work then.  :)

-- 
Scot L. Harris
webid at cfl.rr.com

Q:	What's the difference between Bell Labs and the Boy Scouts of America?
A:	The Boy Scouts have adult supervision.