RBLs can be used for outright blocking of email or for scoring as part of SpamAssassin configuration.
In my case I use RBL’s in the Exim config on cPanel servers for outright blocking, this is to minimise how much email needs to be processed by SpamAssassin, reducing server load.
Whitelists
Because I choose to reject email outright based on RBL blacklists, I use some RBL whitelists to first verify if email should be blocked and help minimise false positives and collatoral damage :-) They run sequentially with first match = email accepted and passed on to SpamAssassin for processing.
I currently use the JMF No Blacklist as first check, I’ve alternated between this one and DNSWL as first in the processing. JMF have several whitelist categories, recently I tried adding the JMF yellowlisted hosts to whitelisting and it created quite a few false positives so I changed back to just the whitelist/nobl lists.
From the JMF site:
127.0.0.1 = whitelisted - accept as good
127.0.0.5 = nobl listed - not a spam source - do not blacklist - maybe whitelist
Config: nobl.junkemailfilter.com=127.0.0.1,127.0.0.5
MailSpike are a multi score / category RBL, I originally used their single hostname whitelist wl.mailspike.net that contains anything in their 4 best categories H2-H5. However I found there were some false positives in being so broad so I’ve ended up specifying to use just their highest 3 categories.
Config: rep.mailspike.net=127.0.0.18,127.0.0.19,127.0.0.20
DNSWL are a multi score / category RBL, they categorise the sender IP as well give a trustworthiness score. In the past I’ve run config that only whitelisted any IP with a score of medium/high, however at present I’m experimenting with whitelisting any IP that’s in the whitelist.
Config: list.dnswl.org
Blacklists
I use a number of RBL blacklists and I specify them in my Exim configuration in order of their efficiency, the one that blocks the highest percentage of spam received goes first. I do this to save unneccesary DNS lookups against the RBL services while processing email. From time to time I move them around in order for a few weeks at a time to check their effectiveness.
These are processed sequentially by Exim with first match = email rejected and a message logged.
Excellent blacklist which is a combination list of several RBLs, no false positives and catches the most spam for the mail profile that I handle.
Config: zen.spamhaus.org
Excellent blacklist with no false positives, number 2 in my list of most efficient RBLs.
Config: hostkarma.junkemailfilter.com=127.0.0.2
These guys have several blocklists, the one I use is only single IP addresses where as some others include whole subnets.
I have seen the occasional false positives in the past where large ISP mailservers get listed, I mitigate these by using the whitelist RBLs to err on the side of caution.
Config: dnsbl-1.uceprotect.net
Efficient block list.
Config: truncate.gbudb.net
Barrucuda used to be a decent performer catching spam that other lists don’t, however it’s efficiency has dropped so I’ve moved it down the list.
Config: b.barracudacentral.org
One of the original Blacklists, this far down in the priority order it doesn’t catch a lot of spam however it’s another zero false positive list so you can block with confidence.
Config: bl.spamcop.net
Given it’s the last in my list it doesn’t catch a lot of spam, however it’s a good backstop list with zero false positives.
Config: db.wpbl.info