RBL Usage questions
in [Postfix]
|
From: Stan Hoeppner on 10 Apr 2010 18:49 Ralf Hildebrandt put forth on 4/10/2010 2:21 AM: > I'm using zen.spamhaus.org in postscreen and, > > reject_rbl_client bl.spamcop.net > reject_rbl_client bogons.cymru.com > reject_rhsbl_sender dbl.spamhaus.org > reject_rhsbl_reverse_client dbl.spamhaus.org Using these dnsbls here: smtpd_recipient_restrictions = ... reject_rbl_client zen.spamhaus.org reject_rhsbl_client dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org ... I reject most spam via other methods, mostly pcre/regex and cidr tables. My dnsbl queries reject less than 1% of my spam load. Plug the following dynamic/generic rdns regex table into your Postfix configuration and see if it catches some spam for you. It does a good job here. Given its size I'd recommend running it (and all your map files) via proxymap. Ask here if you're unsure or need help implementing proxymap. It bit me the first time I tried it. smtpd_recipient_restrictions = ... check_client_access regexp:/etc/postfix/fqrdns.regexp ... /etc/postfix/fqrdns.regexp http://www.hardwarefreak.com/fqrdns.regexp This regex file is free for anyone to use if you wish to. The FP rate should be zero since it matches only dynamic/generic rdns names. -- Stan
From: Reinaldo de Carvalho on 10 Apr 2010 18:56 On Sat, Apr 10, 2010 at 7:49 PM, Stan Hoeppner <stan(a)hardwarefreak.com> wrote: > smtpd_recipient_restrictions = > ... > check_client_access regexp:/etc/postfix/fqrdns.regexp > ... > > /etc/postfix/fqrdns.regexp > http://www.hardwarefreak.com/fqrdns.regexp > > This regex file is free for anyone to use if you wish to. The FP rate > should be zero since it matches only dynamic/generic rdns names. > > -- > Stan > In other words: /([0-9]{1,3}(\.|-)){3}.*\.[a-z]+/ reject generic hostname /(^a?dsl|a?dsl(\.|-)|(\.|-)a?dsl|(\.|-)d(yn|ip|ial)(\.|-)|(\.|-)cable(\.|-)|(\.|-)user(\.|-)|^dynamic|(\.|-)dynamic|dynamic(\.|-)|(\.|-)ppp(oe)?(\.|-|)|^ppp)/ reject generic hostname -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "Don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself)
From: Stan Hoeppner on 10 Apr 2010 19:10 Reinaldo de Carvalho put forth on 4/10/2010 5:56 PM: > In other words: > > /([0-9]{1,3}(\.|-)){3}.*\.[a-z]+/ reject generic hostname > /(^a?dsl|a?dsl(\.|-)|(\.|-)a?dsl|(\.|-)d(yn|ip|ial)(\.|-)|(\.|-)cable(\.|-)|(\.|-)user(\.|-)|^dynamic|(\.|-)dynamic|dynamic(\.|-)|(\.|-)ppp(oe)?(\.|-|)|^ppp)/ > reject generic hostname Except these aren't fully qualified patterns, can generate FPs, and cause other problems. The patterns I shared are fully qualified, so the chance of FPs is zero or near zero. Also note the domain specific reject text in my patterns. Your patterns are what many people start out with. They may work fine for a while on low volume vanity servers for the family and the dog, but they don't work well on real mail streams at decent sized organizations. This was discussed at length on spam-l not too long ago. That's how I ended up with the regexp file I shared here, because I was previously using something generic like that above, and a seasoned OP took pity on me (and others). -- Stan
From: Reinaldo de Carvalho on 10 Apr 2010 19:28 On Sat, Apr 10, 2010 at 8:10 PM, Stan Hoeppner <stan(a)hardwarefreak.com> wrote: > > Except these aren't fully qualified patterns, can generate FPs, and cause > other problems. The patterns I shared are fully qualified, so the chance of > FPs is zero or near zero. Also note the domain specific reject text in my > patterns. > > Your patterns are what many people start out with. They may work fine for a > while on low volume vanity servers for the family and the dog, but they > don't work well on real mail streams at decent sized organizations. Please don't generalize. The organization size isn't the point. > This was discussed at length on spam-l not too long ago. That's how I ended up > with the regexp file I shared here, because I was previously using something > generic like that above, and a seasoned OP took pity on me (and others). > > -- > Stan > Disclose the organization rules to receive emails on main website. Put a URL in reject reason to inform the problem (need a patch for build-in restrictions). -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "Don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself)
From: Michael Orlitzky on 10 Apr 2010 20:27 On 04/10/2010 03:21 AM, Ralf Hildebrandt wrote: > > I'm using zen.spamhaus.org in postscreen and, > > reject_rbl_client bl.spamcop.net > reject_rbl_client bogons.cymru.com > reject_rhsbl_sender dbl.spamhaus.org > reject_rhsbl_reverse_client dbl.spamhaus.org > How much use do you get out of bogons.cymru.com at the SMTP stage? I was considering it once, and talked myself out of it with flowcharts or something.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Patch: support BURL Next: Migrating from postfix to Exim |