[wplug-internet] Mailserver DNSBL
Vance Kochenderfer
vkochend at nyx.net
Sun Aug 17 19:50:55 EDT 2008
A couple weeks ago, I enabled the pbl.spamhaus.org DNS blocklist on the
mailserver <http://www.spamhaus.org/pbl/>. It is active in warning mode
which means that messages are not actually rejected, just logged when
a hit against the PBL occurs. Here are statistics since then:
Date Jul29 J30 Aug1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15
Conn 787 701 556 439 464 585 710 887 739 687 393 439 473 878 1122 809 1101
Accept 114 80 34 13 23 33 22 21 66 51 29 22 47 50 35 25 37
PBL 48 40 5 6 7 8 5 4 21 14 9 4 7 6 6 3 7
"Date" is, oddly enough, the date. "Conn" is the number of outside
connections made to the mail server. "Accept" is messages accepted from
outside for delivery (due to the methodology, this may undercount
slightly). "PBL" is the number of hits against the blocklist, and hence
the number of messages that would have been rejected had the blocklist
been in reject mode.
As you can see, putting the blocklist into effect would only cut down on
a few spam messages on the typical day, but some days would have a much
larger effect. As far as I can tell from the logs, none of the PBL hits
were actually non-spam, so I'm satisfied that we aren't going to see
false positives.
Can anyone think of a reason not to put the PBL into reject mode?
Please speak up!
Vance Kochenderfer | "Get me out of these ropes and into a
vkochend at nyx.net | good belt of Scotch" -Nick Danger
More information about the wplug-internet
mailing list