DNS Blacklist

hcl-bot · June 4, 2003, 7:12pm

Do any of you have the DNS Blacklist enabled in to block Spam mail? If so what host or website do you recommend to use.

Thanks,

Brian Gould

hcl-bot · June 5, 2003, 1:35am

Subject: DNS Blacklist

Here’s mine

bl.spamcop.net; relays.osirusoft.com; block.blars.org

Seems to be a good balance… but its all VERY personal…

Good luck

hcl-bot · June 5, 2003, 4:34am

Subject: DNS Blacklist

Firstly, I do agree with Stephen. A quick search of this forum will give you plenty of answers to that question.

However, now you have my attention, check out my stats for blocking here during May 2003:

DNSBL: Abuse is almost all list.dsbl.org - a very powerful resource listing open mail relays, various flavours of abusable proxies and abusable formmail.pl scripts (and possibly others). I recommend it strongly.

DNSBL: Spamhausen is mainly sbl.spamhaus.org with some hits from SPEWS and one or two others. sbl.spamhaus.org is very safe to use and I also recommend it strongly.

DNSBL: Spamcop is (of course) bl.spamcop.net. Slightly more risky and you do get some collateral damage though not much and it is quite good at keeping certain types of spam (Nigerian 419 spam comes to mind) at bay. Use at your own discretion.

hcl-bot · June 16, 2003, 4:47pm

Subject: RE: DNS Blacklist

How did you generate that chart? That’s great!

hcl-bot · June 17, 2003, 4:24am

Subject: How I generated that chart

Kind of long-winded, but I have it sufficiently automated now that it takes only a few minutes.

In server monitoring configuration, monitor these three events and log to a database based on the statistics reporting template:

Any event where event message contains the text “found in DNS blacklist at”

Any event where event message contains the text “rejected for policy reasons”

Built in event “SMTP Server: disconnected. message[s] received”

Each month, export this database as tabular text and then count lines in the resulting text file containing e.g. name of blacklist, “recipient not found in Domino Directory” and so on. I use the DOS command find with the /c switch. Send the output to text files. Automate the whole thing with a batch file.

You now have a load of text files containing the count of various events during the month. E.g:

Total SMTP sessions (“message[s] received”) - call it A

SMTP sessions where no messages were received (“0 message[s] received”) - call it B

Hence SMTP sessions resulting in the delivery of one or more messages (A - B)

… and so on

Then plug the figures into Excel and chart them.

Like I said, the whole process takes maybe 2 minutes now that I have the event logging, export routine, batch file and Excel template.

HTH

Full description of the various slices of the pie may be found in my blog (link below).

Chris Linfoot

hcl-bot · December 9, 2003, 5:38pm

Subject: RE: How I generated that chart

Hi Chris,

I’m not able to create the necessary document in events4.nsf db to log the stuff you are talking about. (Found in DNS Black List, Rejected for policy Reasons and the built in events).

I tried, but nothing is logged in statrep.nsf

Could you explain us how to create this configuration step by step ?

Do I need any other tools like Log Analyzer or Mail Analysis to perform this work ?

Thank!

hcl-bot · December 11, 2003, 5:18am

Subject: RE: How I generated that chart

See

hcl-bot · June 21, 2005, 11:41pm

Subject: RE: How I generated that chart

Hi Christopher,

Thanks for your sharing.

With your concise instructions, I’ve generated the chart without any big problems.

But what I’ve found strange was that the records would be deleted “automatically” and “periodically” from the nsf. I couldn’t catch the pattern of deletion but it made me impossible to get the whole month data (it usually kept 3 weeks data at most).

I set no quota on the nsf and found no special agent to remove records.

Any ideas ?

Tx

hcl-bot · January 26, 2006, 6:35am

Subject: “Missing” documents

Manli, just seen your post - you may need to check the purge interval on the database, to see if they’re being removed

hcl-bot · June 6, 2003, 9:26am

Subject: RE: DNS Blacklist

Great response Christopher! Really codifies what is usually somewhat subjective.

Stephen Lister

hcl-bot · June 5, 2003, 10:40am

Subject: DNS Blacklist

This question has been asked (and discussed to death) so many times that even the most cursory search would have found it. Please try searching before posting - it will save you and us time and aggravation.

Stephen Lister

hcl-bot · June 5, 2003, 5:35am

Subject: DNS Blacklist

Hi,hope the following will be of some use to u;

relays.ordb.org,

dialups.mail-abuse.org,

rbl.maps.vix.com

Regards,

Hopkins.

hcl-bot · December 1, 2003, 10:27am

Subject: do not use Relays.osirusoft.com

Yes its late, but hopefully will prevent new R6 folks from adding it to their lists. Yes its black listing the world:

8/26/03 - Osirusoft, distributer of the SPEWS and open relay blocklists, among others, is no longer operational. Servers using these lists (including the FTC) are currently rejecting ALL email. This shutdown is in response to be in response to the previous several-week-long DDoS attack on Osirusoft, SPEWS and others, resulting in both sites being down.