RBL problem?
in [Postfix]
|
From: listserv.traffic on 26 Feb 2010 11:45 Recently, I've noticed a lot more spam. In checking the logs I find that zen.spamhaus.org has really lost ground in terms of rejections. I use zen and bl.spamcop.net. In the past, zen had >10 times the number of hits that bl.spamcop.net did. zen doesn't seem to have blocked me, because I can hand-query them, and I'm still getting some rejections with zen. But either something's broken - which I can't find, or zen isn't nearly as effective as it once was. For example: Over a few days, I get 15025 zen rejects 26558 bl.spamcop.net rejects (Like I said, in the past, zen would be way higher than bl.spamcop.net. Plus it's first in the reject list, so I think bl only gets hits if zen doesn't.) --- Here's how I have my RBL's configured. smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit --- Oh, and I'm running Poxfix 2.3.3 So, any ideas why things have changed? (Or am I imagining things...) -Greg
From: d.hill on 26 Feb 2010 15:10 Quoting listserv.traffic(a)sloop.net: > Recently, I've noticed a lot more spam. In checking the logs I find > that zen.spamhaus.org has really lost ground in terms of rejections. > > I use zen and bl.spamcop.net. In the past, zen had >10 times the > number of hits that bl.spamcop.net did. > > zen doesn't seem to have blocked me, because I can hand-query them, > and I'm still getting some rejections with zen. > > But either something's broken - which I can't find, or zen isn't > nearly as effective as it once was. > > For example: > Over a few days, I get > > 15025 zen rejects > 26558 bl.spamcop.net rejects > > (Like I said, in the past, zen would be way higher than > bl.spamcop.net. Plus it's first in the reject list, so I think bl > only gets hits if zen doesn't.) > > --- > Here's how I have my RBL's configured. > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_unauth_destination, > check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, > check_helo_access hash:/etc/postfix/helo_checks, > check_sender_access hash:/etc/postfix/sender_checks, > check_client_access hash:/etc/postfix/client_checks, > check_client_access pcre:/etc/postfix/client_checks.pcre, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client bl.spamcop.net, > permit > > --- > > Oh, and I'm running Poxfix 2.3.3 > > So, any ideas why things have changed? (Or am I imagining things...) So far today zen.spamhaus 94,752 and bl.spamcop 1,132. %postconf -d mail_version mail_version = 2.6.5 I have spamhaus listed before spamcop.
From: David Schraeder on 26 Feb 2010 15:13 How are you guys getting those stats on the blocks?
From: Wietse Venema on 26 Feb 2010 16:09 David Schraeder: > How are you guys getting those stats on the blocks? awk ' /blocked using [^;]+;/ { stats[$20]++ } END { for (name in stats) print name, " ", stats[name] } ' /var/log/maillog Wietse
From: Stan Hoeppner on 26 Feb 2010 21:44
David Schraeder put forth on 2/26/2010 2:13 PM: > How are you guys getting those stats on the blocks? Alternatively, try pflogsumm: http://jimsun.linxnet.com/postfix_contrib.html If you use Debian you can install pflogsumm via aptitude. -- Stan |