LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Spamhaus Question (https://www.linuxquestions.org/questions/linux-server-73/spamhaus-question-673357/)

carlosinfl 09-30-2008 01:52 PM

Spamhaus Question
 
As a mail admin, I had a question about how zen.spamhaus.org works? I have it listed on my mail server (Postfix) to reject mail as follows:

reject_rbl_client zen.spamhaus.org,

I was wondering how do I submit a spammers IP to them? My entire domain was spammed from 124.83.200.48 & it appears that zen.spamhaus.org is not aware of them. How can I add them to spamhaus database?

How does this work?

Mr. C. 10-01-2008 01:58 AM

Carlos,

Zen = SBL + PBL + XBL.


SBL:

Listing Criteria

The criteria for listing IP addresses in the SBL is:

Spam Sources
Sources of unsolicited bulk email sent to Spamhaus Spamtraps or submitted to Spamhaus by trusted 3rd party intelligence.
...

PBL:

Can I nominate IP addresses or ranges for inclusion?

There is no way for third parties to nominate or add IP addresses to the PBL. Only Spamhaus and authorized PBL ISP Accounts can make changes to PBL database listings. ISPs can only make changes within their authorized network ranges.

XBL:

Can I nominate IP addresses or ranges for inclusion?
No. The XBL is an automatic system whose detectors need to receive email (spam, worms, etc.) directly from the IP address so the connection data can be analysed to determine if it's a proxy or virus-spewer. There is no way for third parties to add IP addresses to the XBL.

carlosinfl 10-01-2008 08:36 AM

So based on that, it appears that there is nothing us mere mortals can do to report spam to zen. Basically just wait for their setup to get spammed and trickle down to us...

Mr. C. 10-01-2008 11:31 AM

There are things you can do to ignore/block/increase scores from email coming from IP ranges. If you are not sure how, ask away.

carlosinfl 10-01-2008 12:47 PM

You mean by creating a blacklist file and referencing that as a check in main.cf?

Mr. C. 10-01-2008 03:01 PM

Either a blacklist, or a score enhancing boost via spamassassin or equivalent. Spam score boosts are safer then outright blacklists in that false positive rejects are reduced.


All times are GMT -5. The time now is 02:28 AM.