RBL for zombie farm spam?

Vernon Schryver vjs@calcite.rhyolite.com
Mon Nov 27 17:22:30 UTC 2006


> From: Gary Mills 

> > Should mail mentioning evil URLs to your postmaster or abuse@ mailboxes
> > be rejected?
> > 
> > Do any users of your systems report spam or trade information about
> > spammers and so mention evil URLs?
>
> Yes, but I have them whitelisted by recipient address.  Will that
> continue to work if I add a DNS blacklist to the dccm options?

Yes, DCC whitelisting affects `dccm -B`.
sendmail whitelisting can affect dccm filtering by sendmail.cf macros,
such as by the misc/hackmc script in the DCC source.

I do not know whether the sendmail "spamfriend" access_DB entries affect
sendmail DNSBL filtering.

If you do try `dccm -B`, it might be prudent to omit the /var/dcc/whiteclnt
"option dnsbl-on" line for a few days and instead use an
"option log-all" line and watching the /var/dcc/log files to see
what would have been rejected.

Note that `dccm -B` also checks the IP addresses of MX servers for body
URLs and envelope names in the DNS blacklist.  I've found that effective.

I use this setting in /var/dcc/dcc_conf:
DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 mail %s from %s rejected; see http://www.spamhaus.org/xbl/' -Bsbl-xbl.spamhaus.org,any"


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.