[wplug-internet] Mailserver DNSBL

Sun Aug 17 19:50:55 EDT 2008

A couple weeks ago, I enabled the pbl.spamhaus.org DNS blocklist on the
mailserver <http://www.spamhaus.org/pbl/>.  It is active in warning mode
which means that messages are not actually rejected, just logged when
a hit against the PBL occurs.  Here are statistics since then:

Date  Jul29 J30 Aug1  A2  A3  A4  A5  A6  A7  A8  A9 A10 A11 A12  A13 A14  A15
Conn    787 701  556 439 464 585 710 887 739 687 393 439 473 878 1122 809 1101
Accept  114  80   34  13  23  33  22  21  66  51  29  22  47  50   35  25   37
PBL      48  40    5   6   7   8   5   4  21  14   9   4   7   6    6   3    7

"Date" is, oddly enough, the date.  "Conn" is the number of outside
connections made to the mail server.  "Accept" is messages accepted from
outside for delivery (due to the methodology, this may undercount
slightly).  "PBL" is the number of hits against the blocklist, and hence
the number of messages that would have been rejected had the blocklist
been in reject mode.

As you can see, putting the blocklist into effect would only cut down on
a few spam messages on the typical day, but some days would have a much
larger effect.  As far as I can tell from the logs, none of the PBL hits
were actually non-spam, so I'm satisfied that we aren't going to see
false positives.

Can anyone think of a reason not to put the PBL into reject mode?
Please speak up!

Vance Kochenderfer        |  "Get me out of these ropes and into a
vkochend at nyx.net          |   good belt of Scotch"    -Nick Danger