rbl clients.

Please see below my smtpd_recipient_restrictions. On my rbl client list I
have multiple entries, but not sure how many of them actually maintained. Is
there one single place where I can find such a list. Any help is greatly

smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname,
reject_invalid_hostname, permit
smtpd_recipient_limit = 300
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, reject_unauth_pipelining,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_rbl_client, reject_rbl_client, reject_rbl_client,
reject_rbl_client, reject_rbl_client,
reject_rbl_client, reject_rbl_client,
reject_rbl_client, permit



Re: rbl clients.

By Res at 03/18/2009 - 22:40

As others have mentioned, some of these have been dead for a long time,
and with others, you are doing twice the work, since some RBL's interact
with each other.

We find the following work great, some recommend using spamhaus first, on
my private mail server I use it last, to keep under their 'hits per day',
I don't use spamhaus on employers because of the 'hits per day', and I
cant justify the rates they want, I find even at home I only get one or
two hits in a blue moon from spamhaus because SORBS and spamcop end up
stopping pretty much all of it.

Privately I use:
reject_rbl_client (you need to register, but its free)

commercially we use:

and along with things like


we also use sendmails milter-regex with all these combined, its rare
spam gets through to MailScanner to deal with.

(milter regex rules used: <a href="" title=""></a>)

Re: rbl clients.

By Linux Addict at 03/18/2009 - 22:40

Thank you everyone!! Lot of information.

Re: rbl clients.

By Peter Blair at 03/18/2009 - 22:39

<a href="" title=""></a>

As victor said, ZEN is usually enough for most people, but it's always
good to know why you're not using the rest.

Re: rbl clients.

By Victor Duchovni at 03/18/2009 - 22:39

Replace all of them with just:


If this still leaves you with way too much junk to filter with a content
filter, and you can afford to be more aggressive, add just


avoid all the rest, especially the ones long dead.

Make sure your DNS cache is not using an ISP upstream forwarder.

If your traffic is high enough, buy a SpamHaus data feed.

Re: rbl clients.

By =?UTF-8?B?UGF3Z... at 03/18/2009 - 22:39

Victor Duchovni pisze:

On my server I get following results in logs (last 4 days):
$ ~/dnsblcount /var/log/mail.1 3438 98 28 17 3
Total DNSBL rejections: 3584

$ ~/dnsblcount /var/log/mail.2 6938 115 67 33 13 3 2
Total DNSBL rejections: 7171

$ ~/dnsblcount /var/log/mail.3 10810 164 80 24 7 4 2
Total DNSBL rejections: 11091

$ ~/dnsblcount /var/log/mail.4 10875 98 25 10 2 1
Total DNSBL rejections: 11011

As you can see which is included in
gives some more results than zen (actually it's simple - update takes
some time).
backscatterer and spamcannibal are used only for <> and postmaster senders. gave me only false positives so it's turned off now.
I'm also using and (this one I've got
right after zen.spamhaus) - no results in last 4 days, but still testing.
I have a total of ~5-20k SMTP sessions per day which get to rbl tests.
So after testing it's about 1 to 10k tests left to be
done. And while I have local dns server it's even smaller number of DNS
checks with BLs). I think that most of people here will say that it's
(at least) stupid to have only ~0.1% more spams filtered with one more
rbl check (with that low SMTP traffic).

Anyways before rejecting mails with any BL (besides those really "well
known", like the two Victor gave), check if those won't give you too
many false positives.

I'd also recommend to lower smtpd_recipient_limit from 300 to some
reasonable amount, unless you really use that "large" bulk mailings.


Re: rbl clients.

By Rik at 03/18/2009 - 22:39

Currently this is free too:

It's used in the Barracuda Spam Firewalls as the default 'reputation'
filter. I find it kills more than zen myself, and they have a UK based
support operation that deals with false positives that you can *call* on
the phone and get a sensible answer from.

However, respect none the less to Spamhaus for what they have do.

Ironically the growth of the Barracuda List has largely come from
Spamhaus shooting themselves in the foot trying to charge Barracuda
owners for a feed. My guess, however, is Barracuda will eventually
charge too - but at this time it is completely free. They do ask for
registration but the truth is it works find without it.

Test it before deployment like this (from a recent spammer at;


Presence of the answer section in the typical 127.0.0.X indicates
positive - just like the other RBL's.

Re: rbl clients.

By mouss at 03/18/2009 - 22:39

Rik a écrit :

this hits legitimate sites. I use this in SA, but not in postfix except
for suspicious mail. They will have to learn that spam forwarded to a
consenting user should not result in banning the forwarder IP.
otherwise, they can start by listing all spam filtering services that
tag and forward...

note that you need to subscribe to use the zone name above. if you don't
want to subscribe, add a leading 'b':