When used selectively, blacklists combined with spamd
are powerful, precise, and efficient spam-fighting tools. The load on the spamd
machine is minimal. On the other hand, spamd
will never perform better than its weakest data source, which means you will need to monitor your logs and use whitelisting when necessary.
It is also feasible to run spamd
in a pure greylisting mode, with no blacklists. In fact, some users report that a purely greylisting spamd
configuration is about as effective a spam-fighting tool as configurations with blacklists, and sometimes significantly more effective than content filtering. One such report that was posted to openbsd-misc (accessible among other places via http://marc.info/; search for the subject “Followup - spamd greylisting results”) claimed that a pure greylisting configuration immediately rid the company of approximately 95 percent of its spam load.
I recommend two very good blacklists. One is Bob Beck’s “ghosts of usenet postings past”-based traplist, generated automatically by computers running spamd
at the University of Alberta. Bob’s setup is a regular spamd
system that removes trapped addresses automatically after 24 hours, which means that you get an extremely low number of false positives. The number of hosts varies widely and has been as high as 670,000. While still officially in testing, the list was made public in January 2006. The list is available from http://www.openbsd.org/spamd/traplist.gz. It is part of recent sample spamd.conf files as the uatraps
blacklist.
The other list I recommend is heise.de’s nixspam
, which has a 12-hour automatic expiry and extremely good accuracy. It’s also in the sample spamd.conf file. Detailed information about this list is available from http://www.heise.de/ix/nixspam/dnsbl_en/.
Once you’re happy with your setup, try introducing local greytrapping. This is likely to catch a few more undesirables, and it’s good, clean fun. Some limited experiments, carried out while writing this chapter (chronicled at http://bsdly.blogspot.com/, entries starting with http://bsdly.blogspot.com/2007/07/hey-spammer-heres-list-for-you.html ), even suggest that harvesting the invalid addresses spammers use from your mail server logs, from spamd
logs, or directly from your greylist to put in your traplist is extremely efficient. Publishing the list on a moderately visible web page appears to ensure that the addresses you put there will be recorded over and over again by address-harvesting robots, and will provide you with even better greytrapping material, since they are then more likely to be kept on the spammers’ list of known good addresses.
3.138.37.191