RBL Usage questions
in [Postfix]
|
From: Ralf Hildebrandt on 10 Apr 2010 03:21 * Alex <mysqlstudent(a)gmail.com>: > Hi, > > I'm trying to evaluate the block lists that are available to be used > at SMTP connection time with reject_maps_rbl, reject_maps_rbl is deprecated. Use reject_rbl_client et.al. > Is there a "best practices" document that includes recommendations or > suggestions on which RBLs to use for which purpose? I'd also like to > be able to gather some stats on them, such as how many rejects, > queries, perhaps even the IPs that were rejected, so that I may > collect this information and create some historical data. That doesn't help. Everybody's spam is different AND you forget the false positives! > I'm currently considering multi.uribl.com and multi.surbl.org as the > top two, but even with that I've read that in the past there were > great concerns that they'd get knocked offline and what the > implications would be for the postfix server. I'm using zen.spamhaus.org in postscreen and, reject_rbl_client bl.spamcop.net reject_rbl_client bogons.cymru.com reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_reverse_client dbl.spamhaus.org -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Sean Reifschneider on 10 Apr 2010 05:35 On 04/10/2010 01:09 AM, Alex wrote: > I'm trying to evaluate the block lists that are available to be used I don't like allowing any blacklists to have serious power over blocking e-mail. I prefer using SpamAssassin, which will do lookups on many RBLs, and then use the results to influence the score. So if one RBL says something bad, it doesn't influence it as much as if many of them do. Sean -- Sean Reifschneider, Member of Technical Staff <jafo(a)tummy.com> tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
From: mouss on 10 Apr 2010 09:00 Sean Reifschneider a �crit : > On 04/10/2010 01:09 AM, Alex wrote: >> I'm trying to evaluate the block lists that are available to be used > > I don't like allowing any blacklists to have serious power over blocking > e-mail. I prefer using SpamAssassin, which will do lookups on many RBLs, > and then use the results to influence the score. So if one RBL says > something bad, it doesn't influence it as much as if many of them do. > That works for small sites who can afford to content filter all mail. For other sites, this is no more an option. and besides, I see more false positives with Spamassassin than with zen.spamhaus.org. and the spam folder (or quarantine...) only works if it's not full of junk. Back to OP question: Use zen.spamhaus.org. then for other lists, use them with warn_if_reject during some time and see if they bring value without causing false positives.
From: Ansgar Wiechers on 10 Apr 2010 11:36 On 2010-04-10 mouss wrote: > Sean Reifschneider a �crit : >> I don't like allowing any blacklists to have serious power over >> blocking e-mail. I prefer using SpamAssassin, which will do lookups >> on many RBLs, and then use the results to influence the score. So if >> one RBL says something bad, it doesn't influence it as much as if >> many of them do. > > That works for small sites who can afford to content filter all mail. > For other sites, this is no more an option. policyd-weight does the same without content filtering. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
From: mouss on 10 Apr 2010 16:14
Ansgar Wiechers a �crit : > On 2010-04-10 mouss wrote: >> Sean Reifschneider a �crit : >>> I don't like allowing any blacklists to have serious power over >>> blocking e-mail. I prefer using SpamAssassin, which will do lookups >>> on many RBLs, and then use the results to influence the score. So if >>> one RBL says something bad, it doesn't influence it as much as if >>> many of them do. >> That works for small sites who can afford to content filter all mail. >> For other sites, this is no more an option. > > policyd-weight does the same without content filtering. Indeed. but here, zen is "reliable". so I use it directly. |