From owner-freebsd-questions@FreeBSD.ORG  Fri Oct  3 09:34:55 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0288816A4B3
	for <freebsd-questions@freebsd.org>;
	Fri,  3 Oct 2003 09:34:55 -0700 (PDT)
Received: from wonkity.com (wonkity.com [65.173.111.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B8A9943FF3
	for <freebsd-questions@freebsd.org>;
	Fri,  3 Oct 2003 09:34:50 -0700 (PDT)
	(envelope-from wblock@wonkity.com)
Received: from wonkity.com (localhost [127.0.0.1])
	by wonkity.com (8.12.9/8.12.9) with ESMTP id h93GYiSW004839;
	Fri, 3 Oct 2003 10:34:45 -0600 (MDT)
	(envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
	by wonkity.com (8.12.9/8.12.9/Submit) with ESMTP id h93GYiuA004836;
	Fri, 3 Oct 2003 10:34:44 -0600 (MDT)
From: Warren Block <wblock@wonkity.com>
To: Joseph Koenig <joe@jwebmedia.com>
In-Reply-To: <BBA2F131.16806%joe@jwebmedia.com>
Message-ID: <20031003102238.I4801@wonkity.com>
References: <BBA2F131.16806%joe@jwebmedia.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD & SPAM
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
Date: Fri, 03 Oct 2003 16:34:55 -0000
X-Original-Date: Fri, 3 Oct 2003 10:34:44 -0600 (MDT)
X-List-Received-Date: Fri, 03 Oct 2003 16:34:55 -0000

On Fri, 3 Oct 2003, Joseph Koenig wrote:

> I know this is an issue that comes up a lot, but I wanted to get an opinion
> from some people on the list. We, along with everyone else, have TONS of
> SPAM hit our server. Unfortunately, we haven't found any good way to reduce
> it. We're using ORDB and SpamCop, but neither are really doing the job.

These have been very effective for me:

sbl.spamhaus.org
list.dsbl.org
blackholes.easynet.nl
dynablock.easynet.nl
dnsbl.sorbs.net

Naturally, you should check the web pages for each before using them to
make sure you understand their listing policies.

Commercial DNSBL... no experience there.  Some are quite conservative,
and some are toothless.  The free ones seem better to me.

In combination with DNSBL, I have a large /etc/mail/access file of
rejects.  Bad ISPs, rogue providers, and even much of some countries.
Bandwidth-wise, it's hard to beat--mail from known-bad origins is
rejected outright.

The Windows virus-of-the-week attacks have become so common that I've
also written a little script to add those by /24.  I'll manually
"expire" them by removing that section from the access file, whenever it
seems like it's rejecting real mail.  Actually, I haven't seen that yet.

-Warren Block * Rapid City, South Dakota USA