Automating the spamlist.org Blacklist

Hal Pomeranz

As I become increasingly frustrated with the amount of spam I receive via the Deer Run mail servers, I start reaching for ever more draconian tools for blocking spam. One of the more useful blacklists that I've found on the Internet is the one at www.spamlist.org. However, the maintainers of the list (probably in an effort not to get sued by the spammers) go out of their way not to provide the list in a form that can be automatically incorporated into your mail server configuration. So, in this article, I will share a few simple tools I've created for automatically using this list on my own personal mail servers.

It should be noted that the spamlist.org blacklist is a very dangerous list. Using it blindly will result in a huge number of false positives, because the spamlist.org list blocks entire countries (China, Korea, Brazil, Greece, and others) that are known spam-havens. Before implementing the automated solution presented here, install the list manually and watch your mail server logs carefully to make sure that you are not rejecting email you legitimately wish to receive. In my case, I also maintain an extensive "white list" of people from whom I do want to receive email, despite the spamlist.org list and other blacklists to which I subscribe. However, this may not be reasonable for a large enterprise, so please approach the spamlist.org list with extreme caution.

Sendmail Configuration

The easiest way to use the spamlist.org list is via Sendmail's access_db feature. While this feature is described more fully in the O'Reilly & Associates Sendmail book, the simplest way to enable this feature is to add the following macro to the file you use to generate your sendmail.c