rbl sites

Prev: smtpd_reject_unlisted_sender
Next: How to manage local blacklist on my postfix relay?

From: Ralf Hildebrandt on 19 Feb 2010 13:35

---

* mouss <mouss(a)ml.netoyen.net>:

> > Your DNS lookups are broken:
....
> or spamhaus blocks his DNS server.

Yes, but that's within my interpretation of "Your DNS lookups are
broken" :)))

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt(a)charite.de | http://www.charite.de

From: Stan Hoeppner on 19 Feb 2010 14:02

---

Ralf Hildebrandt put forth on 2/19/2010 12:35 PM:
> * mouss <mouss(a)ml.netoyen.net>:
>
>>> Your DNS lookups are broken:
> ...
>> or spamhaus blocks his DNS server.
>
> Yes, but that's within my interpretation of "Your DNS lookups are
> broken" :)))

Recall my recent thread about this. I had switched my resolvers to Google
public DNS and it broke zen, silently in my case.

Once the fine folks here helped me figure out the problem, and upon resulting
recommendations, I installed pdns_recursor on my postfix MX and all is good with
the dns/rbl world once again. ;)

pdns_recursor is tiny and miserly on resources. Set its cache to like 8192 and
forget you installed it. Works great.

--
Stan

From: brian moore on 19 Feb 2010 14:51

---

On Fri, 19 Feb 2010 14:56:49 +0800
"Jon L Miller" <jlmiller(a)mmtnetworks.com.au> wrote:

> Is there a preferred list of rbl sites one can use in postfix. I keep
> getting the following on the following:

Since others answered your error message, I'll answer the first question:

smtpd_restriction_classes = class_barracuda

class_barracuda = reject_rbl_client b.barracudacentral.org

smtpd_recipient_restrictions = <..>
class_barracuda,


See http://barracudacentral.org/rbl

This is a very effective filter run by a commercial entity (ie, Barracuda,
the people who make and sell spam filtering appliances), so they have a
name and reputation to protect. (Ie, it's not just some pissed off admin
that blocks all of 12.0.0.0/8 because AT&T sucks...)

The only false positives I've seen in the last year or so is because of
fun mail forwards to our support staff who decided to report all their
spam to barracuda and forgot to list our mail server as a trusted relay
to theirs. (The barracuda people were very helpful in this case, offering
a threeway call to their appliance customer to explain the 'trusted relay'
setting and why they should use it if mail was .forwarded to them.)

And, yes, the barracudacentral.org list is free.

From: Ralf Hildebrandt on 19 Feb 2010 15:19

---

* brian moore <bem(a)rom.org>:
> On Fri, 19 Feb 2010 14:56:49 +0800
> "Jon L Miller" <jlmiller(a)mmtnetworks.com.au> wrote:
>
> > Is there a preferred list of rbl sites one can use in postfix. I keep
> > getting the following on the following:
>
> Since others answered your error message, I'll answer the first question:
>
> smtpd_restriction_classes = class_barracuda
>
> class_barracuda = reject_rbl_client b.barracudacentral.org
>
> smtpd_recipient_restrictions = <..>
> class_barracuda,

Why this extra complexity?

smtpd_recipient_restrictions = <..>
reject_rbl_client b.barracudacentral.org

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt(a)charite.de | http://www.charite.de

From: brian moore on 19 Feb 2010 16:06

---

On Fri, 19 Feb 2010 21:19:31 +0100
Ralf Hildebrandt <Ralf.Hildebrandt(a)charite.de> wrote:

> Why this extra complexity?
>
> smtpd_recipient_restrictions = <..>
> reject_rbl_client b.barracudacentral.org

Because in my case it's actually a bit different: users can optin/out
of filter sets.

(using code derived from your ancient stuff to allow per-user
restrictions...)

So I have to define a class so the class can be invoked. I was
mostly lazy in my cut/paste, but slightly simplified it from
the check_recipient_access I actually have in place.

(Some users get upset if -any- filters are in place.)

But that's neither here nor there.

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: smtpd_reject_unlisted_sender
Next: How to manage local blacklist on my postfix relay?