I Hate RBL

Tags:

You know those lists that determine what IPs should be blocked from mail servers ? Well, maybe the idea at one point was interesting (maybe not)... . I realized today that I'm again on a couple of lists, nothing major, I realized this because an email I tried to send was blocked. After investigation it appears that these would be the among the different reasons:

  • Dynamic IP (which is not true of course)
  • Someone on the same netblock sent a "bad" email .... in November !!!
  • A server on my netblock bounced an email
  • I bought a can of SPAM and I'm sure they know about it

Some of those lists are like "Minority Report", like aspews.org who base their list on "preventive" action, meaning you don't have to have done anything wrong to be listed.. It's like when you get stopped and searched just because you're... .. you know. read more about apews and it's origins

But people are allowed to use lists, of course.. . feel free... however you might want to compare, oh because some will require payment for delisting (or a huge amount of time), some don't care.. . so be careful if you do use lists, you can compare them if you want, and/or check if/where your IP is listed

If you are using Spamassassin you may edit "/etc/spamassassin/local.cf" and add:

skip_rbl_checks 1

Yah, basically I just decided that I HATE THOSE LISTS, they are just there because people are to lazy to properly configure their servers, many don't even respect the basics. I noticed that many mail servers, and I'm talking about corporate mail servers don't even know how to properly issue the "HELO" command !!! So I'm currently testing a couple of settings, if you have Postfix you can also try:

# refuse mails from people who don't know how to say helo smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks,reject_unknown_hostname # refuse mails from IPs that don't have a PTR smtpd_client_restrictions = permit_mynetworks, reject_unknown_client

It's amazing how much crapmail is rejected before being sent to any filter or mailbox lookup, and this is just because the proper BASIC configuration hasn't been met..

Another tip from workaround.org (please follow this link for full implementation info):

smtpd_recipient_restrictions = [...] check_policy_service unix:private/tumgreyspf

This feels a lot better, so much cleaner is the postqueue and happy I am. As for the list guys/gals, I'm sure there are plenty of them with very good intentions and such but they can still go screw themselves because they contribute to enabling crappily configured servers to function and disabling legitimate emails from properly configured mail servers... . Of course this does not change the fact that my emails might still be unjustifiably rejected by mail servers using RBL/DNSBL but at least I'm not a part of it..

One MX at a time.