[rbldnsd] spam

[gabrielle singleton]

This may work for isolated inbound ips, but won't your users get  
annoyed when you block the mail relays of gmail, comcast, att, yahoo,  
etc? Since it runs every hour you are liable to get many bad message  
overnight and on weekends and holidays, no good mail when people in  
your timezone are not awake/working.  So you would be subject to  
collateral damage.  Allegedly there is an epidemic of compromised  
gmail accounts.  Do you check a full 24h of logs every hour for good  
mail?

Do you maintain a whitelist?

Seems risky, though the idea is intriguing.  With the education  
pricing of spamhaus rising so dramatically this year alternative  
methodologies start to look appealing.

You state that if they send 'any new spam' within the 16 days they  
get extended.  Does this mean you continue the connection through the  
data phase and judge the content?  Wouldn't this defeat the purpose  
of RBL blocking?  Maybe you mean new connection attempts?

gab

On Mar 10, 2008, at 2:46 PM, Graham Pearson wrote:

>  I wrote a script that if
> any mail server sends one of my mail servers 4 messages without  
> sending
> any good mail, then they are blocked for a period of 16 days. At  
> anytime
> this same mail server sends any new spam, then the date of last  
> messagea
> is updated which means that the 16 days starts from the last time a
> message has been received. I have only been utilizing this  
> technique for
> 3 weeks and have over 100K mail servers in my blocklist.
>
> This script scans the mail log database every hour and generates a new
> rbldnsd blocklist to capture the new mail servers. If anyone is  
> running
>