# RBL checking on incoming SMTP



## obsigna (May 5, 2014)

I am considering to configure my Postfix on FreeBSD 9.2 installation for doing RBL checks on incoming SMTP.


What RBLs are suitable nowadays?
Spamhaus is telling us, that as of today its blocklists are protecting 2,196,990,000 users mailboxes. Shall I add my handful of mailboxes to that count (2,196,990,005)?
Is it 100 % sure that Spamhaus is not driven by the GCHQ? (if I would be GCHQ, I would operate Spamhaus.)
Are there any other effective and 100 % safe alternatives available?


----------



## kpa (May 5, 2014)

Start with greylisting (mail/postgrey or mail/milter-greylist ) and if that doesn't cut down the spam enough then consider using the Spamhaus ZEN list in addition to greylisting.


----------



## drhowarddrfine (May 5, 2014)

Gray listing is enough at first? I had not heard that but I'm new to running my own mail server and thought using Spamhaus would be the first thing to try. I can see where you might say that senders will receive that "try again later" response and, effectively, blacklist themselves. Is that it?


----------



## kpa (May 5, 2014)

Greylisting is very effective against spambots running on infected windows machines that try to send spam email to random addresses, they rarely have a queue of their own and can not deal with a situation where the destination server tells them to come back again later. Of course it's possible that the malware has gotten smarter and they now have a queue and that's why you might need additional protection in form on RBLs.


----------



## wblock@ (May 5, 2014)

No single type of protection is enough.  Likewise, a single RBL will not catch all spam.  zen.spamhaus.org is pretty good, but I use three others after it.  Also greylisting, greet_pause, and mail/bogofilter to filter the ones that get through.  That's on top of a long, long list of domains and IP addresses in /etc/mail/access.


----------



## drhowarddrfine (May 6, 2014)

greet_pause?

EDIT: nvm. Part of sendmail.


----------



## Edsel (May 8, 2014)

Consider trying postscreens pregreet test which quickly makes a is-it-a-zombie decision. If this is not enough you can try enabling postscreens test after the greeting which does a couple of deep protocol tests. The nice thing about postscreen is that the bots connect only to postscreen and not the real SMTP. It can also handle black- and whitelists and you can give them a weight. 

For RBL's, Barracuda Reputation Block List (BRBL) seem to be very effective nowadays. At least for me it has been working very well in combination with postscreens pregreet test. Nice to know about the pregreet test is that the mail does not get delayed as is with real greylisting.


----------

