Other good RBLs, apart from Zen?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
40 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Other good RBLs, apart from Zen?

Arturo 'Buanzo' Busleiman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi! Any recommendations for RBLs, apart from zen.spamhaus.org (the ONLY one I use)?

- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIGxvKAlpOsGhXcE0RCr1uAJ9lcsOslsV/dt2K98YBzNmNr4vhHgCfZ+xs
AMngFvS2DVFBPX9cah+M9TA=
=+ZH2
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Matthias Schmidt [c]
Am/On Fri, 2 May 2008 10:48:58 -0300 schrieb/wrote Arturo 'Buanzo' Busleiman:

>Hi! Any recommendations for RBLs, apart from zen.spamhaus.org

besides zen.spamhaus.org I use these ones:

cbl.abuseat.org
bl.spamcop.net

Thanks and all the best

Matthias

Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Victor Duchovni
In reply to this post by Arturo 'Buanzo' Busleiman
On Fri, May 02, 2008 at 10:48:58AM -0300, Arturo 'Buanzo' Busleiman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi! Any recommendations for RBLs, apart from zen.spamhaus.org (the ONLY one
> I use)?

After filtering with Zen, there is not much additional value you get from
more IP RBLs (without signficant FP risk). For example, list.dsbl.org is
quite safe, but only adds ~1-2% after Zen.

Some people report good results with bl.spamcop.net, which reputedly has
become safer to use for rejects (not just scoring), but it not really
intended for this use last I checked.

Beyond Zen, your efforts are probably best directed at message content
filtering say SpamAssassin with SURBL lookups to filter spam URLs, ...

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Victor Duchovni
In reply to this post by Matthias Schmidt [c]
On Fri, May 02, 2008 at 11:03:16PM +0900, Matthias Schmidt wrote:

> Am/On Fri, 2 May 2008 10:48:58 -0300 schrieb/wrote Arturo 'Buanzo' Busleiman:
>
> >Hi! Any recommendations for RBLs, apart from zen.spamhaus.org
>
> besides zen.spamhaus.org I use these ones:
>
> cbl.abuseat.org

CBL is included in Zen, so this is somewhat wasteful of both your and
CBL's resources.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

udotirol
In reply to this post by Arturo 'Buanzo' Busleiman
Am Freitag, den 02.05.2008, 10:48 -0300 schrieb Arturo 'Buanzo'
Busleiman:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi! Any recommendations for RBLs, apart from zen.spamhaus.org (the ONLY one I use)?

Focused mainly on German spam, but _very_ effective in that area:

ix.dnsbl.manitu.net => http://www.heise.de/ix/nixspam/dnsbl_en/

--
Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at


signature.asc (204 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Ralf Hildebrandt
In reply to this post by Matthias Schmidt [c]
* Matthias Schmidt <[hidden email]>:
> Am/On Fri, 2 May 2008 10:48:58 -0300 schrieb/wrote Arturo 'Buanzo' Busleiman:
>
> >Hi! Any recommendations for RBLs, apart from zen.spamhaus.org
>
> besides zen.spamhaus.org I use these ones:
>
> cbl.abuseat.org

Included in zen :)

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
Microsoft: A Proven Danger to National Security
http://www.infowarrior.org/articles/msdanger.pdf
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Arturo 'Buanzo' Busleiman
In reply to this post by Victor Duchovni
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Victor Duchovni wrote:
| Beyond Zen, your efforts are probably best directed at message content
| filtering say SpamAssassin with SURBL lookups to filter spam URLs, ...

Thanks everyone for your comments, both on and off-list. I think I'll not be adding an extra RBL
after all. Maybe the German-spam one. I'd really like to find a Russian-spam RBL. I get lots of it.

OTOH, I'm using clamsmtp, zen, greylisting and spf. I don't want to use amavisd-new or any other
"everything included" tools. What do you recommend? Of course, I'm interested in SpamAssassin. My
servers are used 99% for relaying to internal mail servers in other companies (I'm the smarthost and
public MX for them), so something like spamc via xfilter in a maildrop rules file is not good.

I've read many guides and checked-out the addons page at postfix.org, but for my situation, what
would the group recommend?

- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIGyTQAlpOsGhXcE0RCtgBAJwNHRSUGkDMiRDv6OJuuGHSMwXXQgCeLbxm
7CIZN8bvpS1C+8oAh88OE8E=
=FPCD
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Matthias Schmidt [c]
In reply to this post by Ralf Hildebrandt
Am/On Fri, 2 May 2008 16:18:03 +0200 schrieb/wrote Ralf Hildebrandt:

>* Matthias Schmidt <[hidden email]>:
>> Am/On Fri, 2 May 2008 10:48:58 -0300 schrieb/wrote Arturo 'Buanzo'
>Busleiman:
>>
>> >Hi! Any recommendations for RBLs, apart from zen.spamhaus.org
>>
>> besides zen.spamhaus.org I use these ones:
>>
>> cbl.abuseat.org
>
>Included in zen :)

thanks for the hint :)

Thanks and all the best

Matthias

Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Andrzej Adam Filip-3
In reply to this post by Ralf Hildebrandt
Ralf Hildebrandt <[hidden email]> wrote:

> * Matthias Schmidt <[hidden email]>:
>> Am/On Fri, 2 May 2008 10:48:58 -0300 schrieb/wrote Arturo 'Buanzo' Busleiman:
>>
>> >Hi! Any recommendations for RBLs, apart from zen.spamhaus.org
>>
>> besides zen.spamhaus.org I use these ones:
>>
>> cbl.abuseat.org
>
> Included in zen :)

* spamhaus.org limits number of allowed DNS queries
* cbl.abuseat.org generates most "non DUL" hits in zen.spamhaus.org

--
[pl>en: Andrew] Andrzej Adam Filip : [hidden email] : [hidden email]
"Though a program be but three lines long,
someday it will have to be maintained."
  -- The Tao of Programming
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Joe Laffey
On Fri, 2 May 2008, Andrzej Adam Filip wrote:

> Ralf Hildebrandt <[hidden email]> wrote:
>
>> * Matthias Schmidt <[hidden email]>:
>>> Am/On Fri, 2 May 2008 10:48:58 -0300 schrieb/wrote Arturo 'Buanzo' Busleiman:
>>>
>>>> Hi! Any recommendations for RBLs, apart from zen.spamhaus.org
>>>
>>> besides zen.spamhaus.org I use these ones:
>>>
>>> cbl.abuseat.org
>>
>> Included in zen :)
>
> * spamhaus.org limits number of allowed DNS queries
> * cbl.abuseat.org generates most "non DUL" hits in zen.spamhaus.org


So do you list cbl.abuseat.org first in the checks assuming that any query
that matches will save you a hit on spamhaus? Or how do you set that up to
reduce the traffic to spamhaus?

Thanks,

--
Joe Laffey                |       Visual Effects for Film and Video
LAFFEY Computer Imaging   |     -------------------------------------
St. Louis, MO             |       Show Reel http://LAFFEY.tv/?e10338
USA                       |     -------------------------------------
.                         |        -*- Digital Fusion Plugins -*-
--------------------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Noel Jones-2
In reply to this post by Arturo 'Buanzo' Busleiman
Arturo 'Buanzo' Busleiman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Victor Duchovni wrote:
> | Beyond Zen, your efforts are probably best directed at message content
> | filtering say SpamAssassin with SURBL lookups to filter spam URLs, ...
>
> Thanks everyone for your comments, both on and off-list. I think I'll
> not be adding an extra RBL
> after all. Maybe the German-spam one. I'd really like to find a
> Russian-spam RBL. I get lots of it.
>
> OTOH, I'm using clamsmtp, zen, greylisting and spf. I don't want to use
> amavisd-new or any other
> "everything included" tools. What do you recommend? Of course, I'm
> interested in SpamAssassin. My
> servers are used 99% for relaying to internal mail servers in other
> companies (I'm the smarthost and
> public MX for them), so something like spamc via xfilter in a maildrop
> rules file is not good.
>
> I've read many guides and checked-out the addons page at postfix.org,
> but for my situation, what
> would the group recommend?
>

If you're already using clamav, I would highly recommend the
add-on signatures from Sanesecurity, which are targeted at
phish and scam mail.  I have found these signatures to be safe
and very effective.  Adding these signatures add virtually no
extra time to clamd scanning.
You will need a script run from cron to get updates a couple
times a day; there are some very good user-contributed scripts
available on the Sanesecurity web site.
http://www.sanesecurity.com/clamav/usage.htm

MSRBL also has some add-on signatures for clamav. These appear
to also be safe, but mostly ineffective here - I suspect most
of the spam they would stop is already rejected here by smtpd
restrictions.  Others have reported better results, so YMMV.
http://www.msrbl.com/msrbl-spam
http://www.msrbl.com/msrbl-images

If you're interested in using SpamAssassin, running it under
the control of amavisd-new as a post-queue content_filter is a
good choice.  Note that SpamAssassin adds quite a bit of
overhead in terms of CPU, RAM, and time.

There are a number of milters that use SpamAssassin that
should work with postfix.  However, doing that kind of
resource-intensive content inspection pre-queue will severely
limit the number of smtpd processes that can be safely run.
If you go this route, you will likely need to add more MX
boxes to spread the load out.

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Andrzej Adam Filip-3
In reply to this post by Joe Laffey
Joe Laffey <[hidden email]> wrote:

> On Fri, 2 May 2008, Andrzej Adam Filip wrote:
>
>> Ralf Hildebrandt <[hidden email]> wrote:
>>
>>> * Matthias Schmidt <[hidden email]>:
>>>> Am/On Fri, 2 May 2008 10:48:58 -0300 schrieb/wrote Arturo 'Buanzo' Busleiman:
>>>>
>>>>> Hi! Any recommendations for RBLs, apart from zen.spamhaus.org
>>>>
>>>> besides zen.spamhaus.org I use these ones:
>>>>
>>>> cbl.abuseat.org
>>>
>>> Included in zen :)
>>
>> * spamhaus.org limits number of allowed DNS queries
>> * cbl.abuseat.org generates most "non DUL" hits in zen.spamhaus.org
>
>
> So do you list cbl.abuseat.org first in the checks assuming that any
> query that matches will save you a hit on spamhaus? Or how do you set
> that up to reduce the traffic to spamhaus?

You may use the combination below to reduce number of
spamhaus.org queries:
a) some list with DUL [e.g. sorbs]
b) cbl.abuseat.org
c) zen.spamhaus.org

--
[pl>en: Andrew] Andrzej Adam Filip : [hidden email] : [hidden email]
You know that feeling when you're leaning back on a stool and it starts to tip
over?  Well, that's how I feel all the time.
  -- Steven Wright
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Joe Laffey
On Fri, 2 May 2008, Andrzej Adam Filip wrote:

> Joe Laffey <[hidden email]> wrote:
>
>> On Fri, 2 May 2008, Andrzej Adam Filip wrote:
>>
>>> Ralf Hildebrandt <[hidden email]> wrote:
>>>
>>>> * Matthias Schmidt <[hidden email]>:
>>>>> Am/On Fri, 2 May 2008 10:48:58 -0300 schrieb/wrote Arturo 'Buanzo' Busleiman:
>>>>>
>>>>>> Hi! Any recommendations for RBLs, apart from zen.spamhaus.org
>>>>>
>>>>> besides zen.spamhaus.org I use these ones:
>>>>>
>>>>> cbl.abuseat.org
>>>>
>>>> Included in zen :)
>>>
>>> * spamhaus.org limits number of allowed DNS queries
>>> * cbl.abuseat.org generates most "non DUL" hits in zen.spamhaus.org
>>
>>
>> So do you list cbl.abuseat.org first in the checks assuming that any
>> query that matches will save you a hit on spamhaus? Or how do you set
>> that up to reduce the traffic to spamhaus?
>
> You may use the combination below to reduce number of
> spamhaus.org queries:
> a) some list with DUL [e.g. sorbs]
> b) cbl.abuseat.org
> c) zen.spamhaus.org


Correct me if I am wrong, but any mail that is not rejected by the first
two would still query spamhaus, right?

Just want to be sure I undertsand what you mean.

--
Joe Laffey                |       Visual Effects for Film and Video
LAFFEY Computer Imaging   |     -------------------------------------
St. Louis, MO             |       Show Reel http://LAFFEY.tv/?e10344
USA                       |     -------------------------------------
.                         |        -*- Digital Fusion Plugins -*-
--------------------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Gary-116
In reply to this post by Arturo 'Buanzo' Busleiman
Not one I use, but if anyone has experience with Lashback,
http://www.lashback.com/support/UBLLookup.aspx I'd be interested to here
how well they operate.

Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Andrzej Adam Filip-3
In reply to this post by Joe Laffey
Joe Laffey <[hidden email]> wrote:

> On Fri, 2 May 2008, Andrzej Adam Filip wrote:
>
>> Joe Laffey <[hidden email]> wrote:
>>
>>> On Fri, 2 May 2008, Andrzej Adam Filip wrote:
>>>
>>>> Ralf Hildebrandt <[hidden email]> wrote:
>>>>
>>>>> * Matthias Schmidt <[hidden email]>:
>>>>>> Am/On Fri, 2 May 2008 10:48:58 -0300 schrieb/wrote Arturo 'Buanzo' Busleiman:
>>>>>>
>>>>>>> Hi! Any recommendations for RBLs, apart from zen.spamhaus.org
>>>>>>
>>>>>> besides zen.spamhaus.org I use these ones:
>>>>>>
>>>>>> cbl.abuseat.org
>>>>>
>>>>> Included in zen :)
>>>>
>>>> * spamhaus.org limits number of allowed DNS queries
>>>> * cbl.abuseat.org generates most "non DUL" hits in zen.spamhaus.org
>>>
>>>
>>> So do you list cbl.abuseat.org first in the checks assuming that any
>>> query that matches will save you a hit on spamhaus? Or how do you set
>>> that up to reduce the traffic to spamhaus?
>>
>> You may use the combination below to reduce number of
>> spamhaus.org queries:
>> a) some list with DUL [e.g. sorbs]
>> b) cbl.abuseat.org
>> c) zen.spamhaus.org
>
>
> Correct me if I am wrong, but any mail that is not rejected by the
> first two would still query spamhaus, right?

Yes.
Most spam will be rejected before hitting zen.spamhaus.org query.

> Just want to be sure I undertsand what you mean.

--
[pl>en: Andrew] Andrzej Adam Filip : [hidden email] : [hidden email]
When a float occurs on the same page as the start of a supertabular
you can expect unexpected results.
  -- Documentation of supertabular.sty
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

/dev/rob0
In reply to this post by Arturo 'Buanzo' Busleiman
On Fri May 2 2008 09:27:28 Arturo 'Buanzo' Busleiman wrote:
> Victor Duchovni wrote:
> | Beyond Zen, your efforts are probably best directed at message
> | content filtering say SpamAssassin with SURBL lookups to filter
> | spam URLs, ...
snip
> OTOH, I'm using clamsmtp, zen, greylisting and spf. I don't want to
> use amavisd-new or any other "everything included" tools. What do you
> recommend? Of course, I'm interested in SpamAssassin. My servers are

That's too bad, because amavisd-new is probably the best post-queue
filtering solution choice. You no longer need clamsmtp and you get
SpamAssassin invoked as perl modules, part of the same running perl
process. I would recommend that you reconsider amavisd-new.

I didn't see mention here [yet] of HELO checks. Among the cheapest and
safest spam blocks are reject_invalid_helo_hostname and
reject_non_fqdn_helo_hostname. Plus, you will see a lot of spam HELOs
containing your IP address. It's also reasonable to block HELOs with
your own domains (after whitelisting hosts that might legitimately use
such names as HELO), but I don't think you'll block a lot of spam with
those checks.
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Aaron Wolfe
In reply to this post by Arturo 'Buanzo' Busleiman
Here are stats on the last 90 million messages I've processed:

Relative effectiveness of spam filtering techniques:

                            Unknown user 31.71% (31.71%)            28536221
                              Greylisted 32.03% (21.87%)            19684139
                               Throttled 20.08% (9.32%)              8389567
                     Relay access denied 0.02%  (0.01%)                 5783
                   Bogus DNS (Broadcast) 0.02%  (0.01%)                 5575
              Bogus DNS (RFC 1918 space) 0.14%  (0.05%)                48385
                         Spoofed Address 0.58%  (0.21%)               192243
                      Unclassified Event 1.88%  (0.69%)               622037
                 Temporary Local Problem 0.00%  (0.00%)                 1384
             Require FQDN sender address 0.01%  (0.00%)                 4136    reject_non_fqdn_sender
          Require FQDN for HELO hostname 14.14% (5.11%)              4598287    reject_non_fqdn_helo_hostname
         Require DNS for sender's domain 1.26%  (0.39%)               352926    reject_unknown_sender_domain
                     Require Reverse DNS 2.71%  (0.83%)               747785    reject_unknown_reverse_client_hostname
           Require DNS for HELO hostname 0.12%  (0.04%)                33230    reject_unknown_helo_hostname
                 The Spamhaus Block List 33.77% (10.05%)             9044310    reject_rbl_client zen.dnsbl
                  The SpamCop Block List 2.85%  (0.56%)               505419    reject_rbl_client bl.spamcop.net
                         PSBL Block List 0.08%  (0.01%)                13323    reject_rbl_client psbl.surriel.com
          The Invaluement SIP Block List 32.74% (6.26%)              5635764    reject_rbl_client sip.invaluement.com
     SORBS Dynamic IP Address Block List 1.54%  (0.20%)               178267    reject_rbl_client dul.dnsbl.sorbs.net
              SpamRats No PTR Block List 0.87%  (0.11%)                98869    reject_rbl_client noptr.spamrats.com
          SpamRats Dynamic IP Block List 1.03%  (0.13%)               116433    reject_rbl_client dyna.spamrats.com
                SpamRats SPAM Block List 0.00%  (0.00%)                   38    reject_rbl_client spam.spamrats.com
                     Lashback Block List 0.09%  (0.01%)                 9892    reject_rbl_client ubl.unsubscore.com
           UCEPROTECT Level 1 Block List 0.03%  (0.00%)                 2795    reject_rbl_client dnsbl-1.uceprotect.net
                The HostKarma Block List 0.08%  (0.01%)                 8913    reject_rbl_client blacklist.junkemailfilter.com

Total messages: 90000978
Total blocked: 78835721 87.59%

These are the checks I do with Postfix before SA, in the order I do them.  The first percentage is the amount of mail block out of what is "left" by the time the message gets to that check, the second is the percentage of total mail blocked.  Sorry if the formatting is strange.  Not all of my clients use all of the RBL checks, so some RBLs appear less effective than they really would be if everyone here used them.  All clients do use zen, spamcop, sorbs and Rob McEwen's Invaluement SIP RBL (which is clearly an awesome list to add behind zen, blocking over 32% of mail that zen misses).  Especially note that the psbl, HostKarma and UCE lists are used only in a few testing domains so their apparently poor performance is not accurate.  Please do not think I am saying any particular RBL works poorly, this is just a real world dump of whats happening here.

Hope thats useful to someone :)  I could get more specific results from domains that use specific sets of RBLs if anyone would like.

-Aaron





On Fri, May 2, 2008 at 10:27 AM, Arturo 'Buanzo' Busleiman <[hidden email]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA512
>  
>  Victor Duchovni wrote:
>  | Beyond Zen, your efforts are probably best directed at message content
>  | filtering say SpamAssassin with SURBL lookups to filter spam URLs, ...
>  
>  Thanks everyone for your comments, both on and off-list. I think I'll not
> be adding an extra RBL
>  after all. Maybe the German-spam one. I'd really like to find a
> Russian-spam RBL. I get lots of it.
>  
>  OTOH, I'm using clamsmtp, zen, greylisting and spf. I don't want to use
> amavisd-new or any other
>  "everything included" tools. What do you recommend? Of course, I'm
> interested in SpamAssassin. My
>  servers are used 99% for relaying to internal mail servers in other
> companies (I'm the smarthost and
>  public MX for them), so something like spamc via xfilter in a maildrop
> rules file is not good.
>  
>  I've read many guides and checked-out the addons page at postfix.org, but
> for my situation, what
>  would the group recommend?
>
>  
>  - --
>  Arturo "Buanzo" Busleiman
>  Reliable inter-continental Mail Relay Service - Ask me!
>  Independent Security Consultant - SANS - OISSG
>  http://www.buanzo.com.ar/pro/
>  -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v1.4.6 (GNU/Linux)
>  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>  
>  iD8DBQFIGyTQAlpOsGhXcE0RCtgBAJwNHRSUGkDMiRDv6OJuuGHSMwXXQgCeLbxm
>  7CIZN8bvpS1C+8oAh88OE8E=
>  =FPCD
>  -----END PGP SIGNATURE-----
>  

Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Arturo 'Buanzo' Busleiman
In reply to this post by /dev/rob0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

/dev/rob0 wrote:
| I would recommend that you reconsider amavisd-new.

OK, OK, I will reconsider it. Thanks for insisting. Anything you can say about a spamassassin-only
tool would be appreciated, too, anyway.

| I didn't see mention here [yet] of HELO checks. Among the cheapest and

This is my smtpd_recipient_restrictions line:

smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient,reject_unknown_sender_domain,
reject_unknown_recipient_domain,reject_unauth_pipelining, permit_mynetworks,
reject_unauth_destination,check_client_access cidr:/etc/postfix/postfix-dnswl-permit,
check_client_access hash:/etc/postfix/maps/whitelist, reject_rbl_client zen.spamhaus.org,
check_policy_service unix:private/postgrey, check_policy_service unix:private/policyd-spf, permit

- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIG1cgAlpOsGhXcE0RCrW7AJ9XOAzAIF5fsTkIR6j+qtwkbOYeBgCdGuS3
bA9rw7B1pxeZeZZDthNMIos=
=fvKy
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

Charles Marcus
On 5/2/2008, Arturo 'Buanzo' Busleiman ([hidden email]) wrote:
> This is my smtpd_recipient_restrictions line:
>
> smtpd_recipient_restrictions = reject_non_fqdn_sender,
> reject_non_fqdn_recipient,reject_unknown_sender_domain,
> reject_unknown_recipient_domain,reject_unauth_pipelining,
> permit_mynetworks,
> reject_unauth_destination,

Move permit_mynetworks to first position, followed by
reject_unauth_destination, then other checks...

Also, remove reject_unauth_pipelining from here, it does nothing -
consider using it under smtpd_data_restrictions

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|

Re: Other good RBLs, apart from Zen?

/dev/rob0
On Fri May 2 2008 14:02:09 Charles Marcus wrote:

> On 5/2/2008, Arturo 'Buanzo' Busleiman ([hidden email]) wrote:
> > This is my smtpd_recipient_restrictions line:
> >
> > smtpd_recipient_restrictions = reject_non_fqdn_sender,
> > reject_non_fqdn_recipient,reject_unknown_sender_domain,
> > reject_unknown_recipient_domain,reject_unauth_pipelining,
> > permit_mynetworks,
> > reject_unauth_destination,
>
> Move permit_mynetworks to first position, followed by
> reject_unauth_destination, then other checks...

That's not always the right thing to do IMO. Your own users should  
still pass all those checks, and if they don't, you can't deliver it
anyway. Might as well tell them NOW as to wait and let them get the
bounce after $maximal_queue_lifetime passes.

Some would rightly argue against the reject_unknown_*_domain checks.
That's a policy matter for me. Sure, if the DNS is down, you might
reject mail to the MUA that ultimately could have been delivered. My
userbase is small enough that I can handle getting phone calls about
this. But indeed, a large service should put those after
reject_unauth_destination.

> Also, remove reject_unauth_pipelining from here, it does nothing -
> consider using it under smtpd_data_restrictions

Yes. It's not real effective, but it sure doesn't hurt.
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
12