John Almberg wrote:
2008-01-14 09:30:37.074087500 rblsmtpd: 123.20.89.67 pid 72121: 451
http://www.spamhaus.org/query/bl?ip=123.20.89.67
Just one comment, in my installation of SpamAssassin, it reports in
syslog as spamd, not at rblsmtpd. This looks like logs from the
rblsmtpd program that is not SpamAssasin.
As some one mentionned, one way to prevent false positive and too
agressive black lists is to use them through SpamAssassin only, where
the black list score is only part of the spaminess. The draw back is
that it puts more load the server and SpamAssassin that has to
scrutinize every email, while dropping at the SMTP level is fast and
uses very low resources.
Ah... I see. Yes, you are correct. It is rblsmtpd that is doing the
filtering.
One of my goals with this mail server set up (primarily pf, qmail,
spamassassin, maildrop, courier) was to minimize processing, since my
last set up got totally bogged down handling my, and my client's
email, frequently running with a load of 8 or more with several spam
per second. A real drag.
This set up runs at a much lower load, and seems to do a better job
filtering spam.
Since you're already using PF, why not use OpenBSD spamd (not
spamassassin) as well? You don't need rblsmtpd then, and OpenBSD spamd
operates together with PF. Maybe rblsmtpd does as well, I don't know - I
never tried it. Also in combination with relaydb to create your own
blacklists it can be pretty interesting. Check out
http://www.openbsd.org/spamd/ for additional info.
Anyway, to go a little more on the background about blacklists; we were
troubled by a lot of "false positive" entries in the blacklists (we use
uatraps and nixspam, and spamassassin checks on blacklists like spamhaus
since they only allow DNS queries if you don't want to pay). We had big
ISPs blacklisted, and seeing at the amount of mailservers they have you
don't want to check all of that by hand. And I'm sure somebody else
noticed Gmail's awkward way of handling outgoing e-mail. They apparently
have one global mail queue or something and try another mail server (of
the hundereds they have) when the delivery fails once - a horrible
situation for greylisting.
So what we did is create a Perl script that checks every blacklisted
entry for a PTR record and tried to give an SMTP HELO command. We filter
the PTR record on several keywords (like dsl, dynamic, cable, ip
address, stuff like that). If a valid PTR record or a valid SMTP HELO
reply has been recieved we remove that entry automatically from the
blacklist. So you still blacklist the zillions of DSL connection and
filter out the big ISPs or other customers. Naturally you will filter
some spammers out using this method, but we still have SpamAssassin as a
second layer doing a fine job.(And FYI: it picks a random IP address and
has a 1 second delay on everything it checks - we don't want to cause a
fuss at ISPs with a lot of blacklisted entries). There's more stuff in
this script but the point of this e-mail is not a lecture of that :P
Anyway, ever since we put this script into place we got zero complains
about blacklists, while still effectively trapping spammers into OpenBSD
spamd and keeping them busy.
Quite a story - I hope someone might find this info useful one way or
another. As always, YMMV.
- Jorn
-- John
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"