I’ve added individual country zones to georbl.info. If you’re only interested in one zone, or are using it with something that doesn’t support TXT lookups (postfix without patching?) you can perform lookups with less hassle.
If anyone has some config examples for other MTA’s, or knows if postfix will support TXT lookups, please let me know. Otherwise, I’ll write something up later myself.
We’ve had a couple of customers who want to be aggressive on spam, *but* don’t want to risk losing any business emails, however broken the mailserver that it originates from.
The oil industry seem to be particularly bad, and having two marketing companies using our service and a chain of casinos also make for fun times when using various filters.
A couple of months ago I implemented some tighter spam controls. Basically, enforcing the RFCs a bit more tightly because we know spammers take short-cuts. Most of these controls are still in place, but I’ve had to exempt several of our customers due to complaints that email wasn’t getting through. It seems it’s not just spammers that take short-cuts - there are a lot of amateur mail admins out there, and we’re not just talking cowboys who’ve thrown an M$ Exchange server in without taking it out of its cellophane. We’re talking BIG companies (lots in the oil industry), technical companies, all sorts.
You’d think being strict with enforcing RFCs would be reasonably safe, but I’ve lost count of the number of mailservers that don’t have a postmaster address set up, that send from invalid addresses, don’t have reverse IP resolution set up etc. etc. etc. These are really good ways to catch out spammers at smtp time, but from time to time it catches a real email and I’m tired of explaining to customers that it’s the other guy’s mailserver that’s broken.
Many email RFCs have been broken, bent and ignored for so long that suddenly enforcing them breaks things.
Rejecting mail at SMTP time is the “right” way to do things. It reduces bandwidth, memory, cpu and disk usage and eliminates backscatter. In a large ISP the two main costs are power and bandwidth, and so there are real cost savings to be made by enforcing RFCs at SMTP time. It’s even good for the environment. By ruthlessly checking for a postmaster address I know that while I sit at my keyboard here, I’m doing my bit for the polar ice caps.
By fortunate coincidence, the most problematic of our clients *only* receive email from UK companies + a couple of known addresses that we can whitelist individually. So, if we could whitelist *everything* from the UK as well, we’d be pretty sure of not missing and valuable emails.
I’ve taken an old script of Dan Shearer’s (thanks Dan) for grabbing the IP ranges from RIPE, APNIC, AFRINIC, ARIN & LACNIC, updated it and hacked it around so it spits out zone files suitable for use with rbldnsd. If anyone else wants to make use of it, feel free. http://georbl.info/