[Dshield] DOS by Sorbs?

David Cary Hart DShield at TQMcube.com
Thu Dec 22 16:51:25 GMT 2005


On Thu, 22 Dec 2005 16:23:59 +0000
Craig Webster <craig at xeriom.net> opined:
> On 22 Dec 2005, at 15:56, David Cary Hart wrote:
> > That's probably incorrect. Most admins check multiple RBLs but  
> > reject on the
> > first one that returns positive.
> 
> We tend to check against 3 fairly lenient RBLs -- no false positives,  
> only confirmed open relays -- before the mail is accepted for  
> processing. If a mail hits one of these then it's rejected straight  
> away. During processing we use weighted tests (Spam Assassin), some  
> of which are slightly more aggressive RBLs - if a mail hits one of  
> these then it's more likely to be spam but because the RBLs may list  
> some false positives the mail isn't rejected unless the new score  
> brings it above a configured spam cut-off level. Combined with all  
> the other SA tests, it seems to work out quite nicely.
> 
I loathe SA. Roll your own RBL http://tqmcube.com/rbldnsd.htm
-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php
              GeoGraphics: http://www.TQMcube.com/origins.php


More information about the list mailing list