I've been using the following for some time, and while they're very effective I'm just wondering what others are using?

Currently I use (in this order in Postfix):

cbl.abuseat.org
b.barracudacentral.org
zen.spamhaus.org
dnsbl-1.uceprotect.net

Zen.spamhaus.org includes xbl.spamhaus.org which, in turn, includes cbl.abuseat.org. So you should be able to drop cbl.abuseat.org from your checks without any loss in coverage.

I've found good luck with combining spamhaus and barracuda. The Zen list from Spamhaus is quite effective by itself (though I never recommend using only 1). In some corporate situations you may want to use only a subset of the spamhaus lists. One semi-broken internet-exposed M$ Exchange server I have to look after (I need the job ), I use only the SBL for connection filtering, instead of Zen. The PBL list (and sometimes the XBL) can sometimes cause problems on outbound SMTP AUTH servers. Not nice to block your own users.

UCEProtect has also been good. I used to use SORBS, but were a pain to deal with at times, so I haven't used them for a while. Other peoples mileage may vary

_________________
Matt Nordhoff (aka Peng on IRC)

YMMV, but I was having decent spam blocking with just greylisting. Granted, I do use mail aliases and deactivate old ones regularly, but there you go.

Sorry, my own inside joke. I was referring to http://uceprotect.org/. I really should wake up before posting... I didn't think uceprotect.net was even around anymore!

Didn't know that, I'll try it out thanks!

I take a look at this site every now and then to see some stats on the various lists. http://www.intra2net.com/en/support/antispam/index.php_sort=accuracy_order=desc.html

Of the dnslists I use in Exim, zen.spamhaus.org picks up the most for me by far - 97% - of the mail rejected. Barracuda picks up about 2% although I get timeouts on occasion. psbl.surriel.com accounts for the other 1%. I've tried bl.spamcop.net, bl.mailspike.net and some others. Spamcop caught very few. Mailspike was interesting. It would catch a lot then stop and then catch a lot again. Guess it has to do with the nature of it. I did get a few false positives so I removed it. Removing spamcop and mailspike didn't seem to make any difference ultimately. I get very few (less than 3 a day) that are spam. I could tighten up my rules a bit but I've got one client who must subscribe to every legitimate department store that sends horrendous html e-mails. They trigger all kinds of spamassassin rules. I am in the process of whitelisting those now so we'll see what I can do with SA.

Terry