Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » What internet blacklists are you using?
  •  
mrralan

Messages: 151
Karma: 3
Send a private message to this user
We are using...

MAPS DUL
MAPS RBL
MAPS RSS
SORBS RHSBL
SpamCop
SpamHaus SBL-XBL
WPBL - Weighted Private Block List

I probably want to remove some to increase performance so I'm interested in what others are using. I see SpamCop and SpamHaus catch a lot.

[Updated on: Tue, 01 November 2011 15:58]

  •  
BudDurland

Messages: 348

Karma: 10
Send a private message to this user
Barracuda, SpamHaus ZEN, CBL, SpamCop. We also use an older server running Win2033 & IIS/SMTP with VamSoft's Open Relay Filter (www.vamsoft.com/orf) as our primary and relay MX.

Good is better than evil because it's nicer
--Mammy Yokum
  •  
mrralan

Messages: 151
Karma: 3
Send a private message to this user
My error, we are using SpamHaus ZEN, not SBL-XBL.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
BudDurland wrote on Tue, 01 November 2011 17:40
Barracuda, SpamHaus ZEN, CBL, SpamCop.

CBL is included in Spamhaus ZEN, by way of Spamhaus XBL.

We use Spamhaus ZEN, SpamCop and PSBL, but they rarely trigger since we do a series of "free" checks (HELO, FQDN, reverse DNS, SPF, faked MXs etc.) on the gateway before handing it to Kerio Connect. Over 95% of our blocks are done before the DNSBLs and SpamAssassin enters the fray.

We did this partly because we don't know the logic behind Kerio's DNSBL lookups, thus we don't know how expensive (in terms of CPU and bandwidth) they are.
  •  
mrralan

Messages: 151
Karma: 3
Send a private message to this user
We also stop 90% of the SPAM with our WatchGuard Firewall before it gets to Kerio. I never see any SPAM being stopped in the security log by these...

MAPS DUL
MAPS RBL
MAPS RSS
SORBS RHSBL

I wonder if they are doing anything or if I should disable them.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
MAPS is owned by Trend Micro nowadays, and it's a subscription-only DNSBL. If you're not a subscriber, you'll always get a false negative as response (i.e. the IP is never listed). The nicest thing I can say about SORBS is that it has somewhat dubious listing criteria and has been the subject of controversy in the past. And I'm not talking about butthurt spammers.

I would probably use SORBS if my life depended on it, but only then.
  •  
mrralan

Messages: 151
Karma: 3
Send a private message to this user
I thought Kerio provided free subscriptions to the three MAPS. Are those the ones that are included with Kerio??? What is the domain name to query for PSBL?

[Updated on: Wed, 02 November 2011 16:26]

  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
I've never heard or seen anywhere that a MAPS subscription is included, but I guess a support ticket will clarify that.

PSBL is queried by using the zone psbl.surriel.com. It's 100% automated and a very useful companion to the Spamhaus lists. More here: http://www.dnsbl.com/2007/10/psbl-easy-on-easy-off.html
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
mrralan wrote on Wed, 02 November 2011 16:18
I thought Kerio provided free subscriptions to the three MAPS. Are those the ones that are included with Kerio??? What is the domain name to query for PSBL?


MAPS DNS blacklists are not in default Kerio Connect installation. They have been removed few years ago. Kerio has never provided subscription for these paid services - it is up to you to get own subscription from the DNS blacklist maintainer.
  •  
rigo

Messages: 123
Karma: -3
Send a private message to this user
NONE, just wait until an IP gets listed on one of those services and see what happens to your email.

Postini is amazing at dealing with spam and so much more--way before it hits the server.
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
We are using these ones for years and are very happy with it:

zen.spamhaus.org ==> Block
bl.spamcop.net ==> Block
db.wpbl.info ==> +3
ix.dnsbl.manitu.net ==> +3
dnsbl-1.uceprotect.net ==> +3
dnsbl-2.uceprotect.net ==> +2
dnsbl.sorbs.net ==> +2
b.barracudacentral.org ==> +2

Your mileage may very depending on where you are in the world, what business you are in etc. So the above is just a config the works for *us*, but probably not for you.

For Barracuda, you have to register (free). The others, you can just access. I would not use a blacklist that charges to be removed, that's bad policy. Spamhaus definitely catches the most for me.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
j.a.duke

Messages: 356
Karma: 14
Send a private message to this user
freakinvibe wrote on Thu, 03 November 2011 06:36
We are using these ones for years and are very happy with it:

zen.spamhaus.org ==> Block
bl.spamcop.net ==> Block
db.wpbl.info ==> +3
ix.dnsbl.manitu.net ==> +3
dnsbl-1.uceprotect.net ==> +3
dnsbl-2.uceprotect.net ==> +2
dnsbl.sorbs.net ==> +2
b.barracudacentral.org ==> +2

Your mileage may very depending on where you are in the world, what business you are in etc. So the above is just a config the works for *us*, but probably not for you.

For Barracuda, you have to register (free). The others, you can just access. I would not use a blacklist that charges to be removed, that's bad policy. Spamhaus definitely catches the most for me.


At what score are you tagging? Blocking?

Thanks.

Cheers,
Jon
  •  
vomsupport

Messages: 136
Karma: 2
Send a private message to this user
We also use http://www.gbudb.com/

It's free and seems to catch some that others are missing..
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
Quote:
At what score are you tagging? Blocking?

Tagging = 5.0
Blocking = 9.9

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
jason-mac

Messages: 15
Karma: 0
Send a private message to this user
"Tagging = 5.0
Blocking = 9.9"

Really? We're tagging at 3 and blocking at 4 and users are still complaining about receiving too much spam.
Previous Topic: Where can we find the email if it exceed the quota
Next Topic: not all evvents sync to GMail calender
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 03:29:51 CET 2017

Total time taken to generate the page: 0.00655 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.