MikeL's FreeBSD howto - Blocklist

03/26/14
I no longer recommend using blocklists in sendmail. I do use blocklists, but only via spamassassin. As discussed below, using a blocklist in sendmail cedes control of your email to someone else. Whereas via spamassassin, you set your own "trust" level via scoring, thus can use that external blocklist solely as a recommendation.
BLOCKLISTing is the politically correct term for a database of known SPAM sources. (The politically incorrect term is blacklist.) You can configure your mail server to outright reject email from the listed sources.

I use sendmail and M4 for mailserver configuration. If you're not a sendmail expert, don't even consider doing it the old way -- upgrade to M4 -- you'll never look back.

Warning!
It is extremely important that you realize the following: When are using a DNSRBL, you are giving complete control of your email system to somebody else. I want to scare you by saying this.

As an example, in my sample below, you'll see that I utilized an osirusoft DNSRBL. The guy who ran it got slammed by the spammers (DOS attack), and (rightfully) got digusted. However, he took out his anger by setting his RBL to indicate that everybody was listed, thus blocking all email for many hours. Details: boston.com article (about 2/3 way down, read about Joe Jared). Millions of innocent people aound the world got their mail returned as spam from this. Putting it lightly, I got a lot of customer complaints from Joe's action. (I thought my end was having a problem until I read about it some weeks later.)

Also bear in mind that if a DNSRBL is slow to respond to queries it will severely slow down your servers ability to process mail. A few seconds here and there doesn't sound like much, but if your server were to wait to 10 seconds for each of 3 blocklists, each email will take 30 seconds to accept. Remember that outgoing email is checked too, thus a a single majordomo/mailman email to 500 users will be bogged down and take over 4 hours to deliver all.

There are a lot of DNSRBL's out there. Some are unabashedly extreme (e.g. blocklisting all of China and Korea too), others extremely careful, and everything in between. Be sure you read their policy statement before utilizing any. If you are not willing/able to accept a bunch of "false positives" (AKA incidental rejections), don't hook up to even a good sounding list. I would strongly recommend that you only use a paid professional service as you then have a gaurantee of responsiblity/answerability. I use MAPS and would recommend it to anyone; at US$200/year it's worth every penny.

First time only

First time and any other time Brief discussion/Hints
My recommendation for the best starting point on finding effective blocklists is: http://www.openrbl.org/ .
This page lists piles of other blocklists, and, best yet, allows you to test an address against a whole bunch of blocklists with a single form.

When you get a piece of spam email, look through the received headers, and find the IP address of the creep that gave it to your server. Cut-n-paste that address into the form at the URL above. The sites it lists that have that address blocked are obviously good candidates.

Warning, warning, warning! Be sure to visit their policies page before adding them to your list of blocklists (see "blackholes.five-ten.sg.com" in my table below).

Another comparison tool is my Vintners.net mail handling statistics page. Click on "add detail to report" and it will show a breakdown of percentage of blocked email by blocklist for that day.

Note that I have used the following, blocklists but have discontinued them:
bl.spamcop.net I very much approve of their automated and unbiased methods, and they are very effective, however...
Their lookups take forever -- sending an email in your client via smtp takes more than a minute. I bring them back in occasionally, at last check they are back out.
multihop.dsbl.org I approve of their unbiased methods, but, they've blocked ATTBI.COM. I have no quibbles with the correctness of this action, it's simply that I've got paying customers on ATT cable modems.
blackholes.five-ten-sg.com These guys are extremely effective -- using them will pretty much eliminate spam, however...
Their methods are unrepentantly heavy-handed. They have the gall to just blocklist China -- all of China. And all of Chile and Korea too. I have a customer (I kid you not) who visited Chile this year and he was unable to email via his home domain due to this guy.
rbl-plus.mail-abuse.org This is a paid subscription service. For my tiny operation (hosting a couple dozen domains) MAPS costs US$200/year. It's worth it.


Copyright © 1995-2017 Mike Lempriere