RBL Examples

Quoted from a post on the mailing list by Matt Kettler:

I compiled a quick list of MANY RBL acls that folks might find useful.

I don't really think anyone will, or should, use all of these, but I wanted to
be fairly comprehensive. I made these as adaptations from several of the RBL
rules included in SpamAssassin.

I make no suggestions about the relative accuracy or usability of these rules,
but there here for folks to use. As such, I used 1hr delay, without regard for
how good or bad I personally think the list is. Do your own research.

It should also be noted that milter-greylist will make one query per ACL. If
you're using a local caching DNS (highly recommended for any mailserver), the
subsequent lookups should be cached and only the first one will do an expensive
network lookup.

If you're locally hosting any of these RBLs, then those queries should be all as
fast as a cached query.

Regardless, the more you use, the more overhead you'll have. If you're not
hosting locally, but do have at least a caching DNS it's much cheaper to add
more queries from the same list than to add ones from other lists.

Choose carefully, and don't just use them all to start with.

And here is the list:

################
# nlabl lists -- DO NOT USE -- njabl.org was shutdown in 2013
################

################
# Spamhaus lists
################

dnsrbl "SPAMHAUS SBL" sbl-xbl.spamhaus.org 127.0.0.2
acl greylist dnsrbl "SPAMHAUS SBL" delay 1h

dnsrbl "SPAMHAUS XBL CBL" sbl-xbl.spamhaus.org 127.0.0.4
acl greylist dnsrbl "SPAMHAUS XBL CBL" delay 1h

dnsrbl "SPAMHAUS XBL NJABL" sbl-xbl.spamhaus.org 127.0.0.5
acl greylist dnsrbl "SPAMHAUS XBL NJABL" delay 1h

#note: code 6 seems unused now, but I'm including for completeness
dnsrbl "SPAMHAUS XBL OTHER" sbl-xbl.spamhaus.org 127.0.0.6
acl greylist dnsrbl "SPAMHAUS XBL OTHER" delay 1h

################
# Sorbs lists
################

#open http proxy
dnsrbl "SORBS-HTTP" dnsbl.sorbs.net 127.0.0.2
acl greylist dnsrbl "SORBS-HTTP" delay 1h

#open socks proxy
dnsrbl "SORBS-SOCKS" dnsbl.sorbs.net 127.0.0.3
acl greylist dnsrbl "SORBS-SOCKS" delay 1h

#open misc other proxy
dnsrbl "SORBS-MISC" dnsbl.sorbs.net 127.0.0.4
acl greylist dnsrbl "SORBS-MISC" delay 1h

#open relays
dnsrbl "SORBS-SMTP" dnsbl.sorbs.net 127.0.0.5
acl greylist dnsrbl "SORBS-SMTP" delay 1h

# spam source
dnsrbl "SORBS-SPAM" dnsbl.sorbs.net 127.0.0.6
acl greylist dnsrbl "SORBS-SPAM" delay 1h

dnsrbl "SORBS-WEB" dnsbl.sorbs.net 127.0.0.7
acl greylist dnsrbl "SORBS-WEB" delay 1h

#sites which have requested SORBs not test their servers
dnsrbl "SORBS-BLOCK" dnsbl.sorbs.net 127.0.0.8
acl greylist dnsrbl "SORBS-BLOCK" delay 1h

#hijacked network
dnsrbl "SORBS-ZOMBIE" dnsbl.sorbs.net 127.0.0.9
acl greylist dnsrbl "SORBS-ZOMBIE" delay 1h

#dialup
dnsrbl "SORBS-DUL" dnsbl.sorbs.net 127.0.0.10
acl greylist dnsrbl "SORBS-DUL" delay 1h

See this page for a more complex weighted solution

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License