Summing up, selectively used, blacklists combined with spamd are powerful, precise and efficient spam fighting tools. The load on the spamd machine is minimal. On the other hand, spamd will never perform better than its weakest data source, which means you will need to monitor your logs and use whitelisting when neccessary.
It is also perfectly feasible to run spamd in a pure greylisting mode, with no blacklists. In fact some users report that a purely greylisting spamd configuration is not significantly less effective than blacklising configurations as spam fighting tools[1].
For our main blacklist, we ended up using Bob Beck's traplist[2], which is generated using "the ghosts of USENET postings past", that is, the spamd's greytrapping feature and addresses which are not expected to receive legitimate mail. What makes this list stand out is that Bob set up the system to remove addresses automatically after 24 hours. This means that you get an extremely low number of false positives.
Once you're happy with your setup, you could try introducing local greytrapping. This is likely to catch a few more undesirables, and of course it's good clean fun.[3]
| [1] | One such report is Steve Williams' October 20th, 2006 message to the OpenBSD-misc mailing list, where he reports that a pure greylisting configuration immediately rid the company he worked for of approximately 95% of their spam load. |
| [2] | The list is hosted at http://www.openbsd.org/spamd/traplist.gz. |
| [3] | You can find my field notes from a recent greytrapping experiment in my blog at bsdly.blogspot.com, starting with the entry dated July 9, 2007. |