-------- Original-Nachricht -------- > Datum: Fri, 10 Dec 2010 18:38:28 +0100 > Von: "Stefan G. Weichinger" <li...@xunil.at> > An: postfix-users@postfix.org > Betreff: Re: fqrdns.pcre
> Am 2010-12-09 21:59, schrieb Steve: > > > Hacking? Adding one additional BL to policyd-weight.conf is not > > hacking. Hacking policyd-weight would be if you add additional > > features like OS fingerprinting support, GeoIP support, etc... > > ok ok, you're right ;-) > ;) > I just thought of the advice of the author of polweight that fiddling > around with the weights might lead to unexpected and unwanted results, > so I try to be cautious here. > Okay. I understand this. I my self are more aggressive and have heavily added new options (in your words: hacking) to policyd-weight and have as well added new configuration options and changed the scores for individual entries. > > Anyway... if you want to test ZEN in policyd-weight and want > > policyd-weight to block a client as soon the connecting IP is in ZEN > > then just add a score at least as high as the value you have for > > $MAXDNSBLSCORE. > > yep, thanks. > > http://www.spamhaus.org/zen/ > > says: > > > zen.spamhaus.org should be the only spamhaus.org DNSBL in your IP > > blocklist configuration. You should not use ZEN together with other > > Spamhaus IP blocklists, or with blocklists already included in our > > zones (such as the CBL) or you will simply be wasting DNS queries and > > slowing your mail queue. > > The concern about the slowdown is true. But I doubt that you have such a high inbound volume where those additional lookups would have a significant negative impact on your delivery time. On top of that I assume that you run some kind of local DNS cache to speedup lookups. A reason one might use more DNSBLs than just ZEN is that for non paying customers Spamhaus is limiting the amount of lookups to around 100'000. So just using ZEN might be ok but if you make more then 100K per day then having other DNSBLs in your policyd-weight might be beneficial to you. Especially if you add them before ZEN. Doing so would have the effect that you would submit less lookups to ZEN and possibly avoid to exceed 100K lookups per day. > > zen.spamhaus.org replaces sbl-xbl.spamhaus.org in most > > configurations. If you are currently using sbl-xbl.spamhaus.org you > > should replace sbl-xbl.spamhaus.org with zen.spamhaus.org. > > So I rather tend to just edit policyd-weight.conf: > > # diff -ur policyd-weight.conf.edited policyd-weight.conf > --- policyd-weight.conf.edited 2010-12-10 18:36:45.000000000 +0100 > +++ policyd-weight.conf 2010-01-27 22:51:06.000000000 +0100 > @@ -57,7 +57,7 @@ > @dnsbl_score = ( > # HOST, HIT SCORE, MISS SCORE, LOG NAME > 'pbl.spamhaus.org', 3.25, 0, > 'DYN_PBL_SPAMHAUS', > - 'zen.spamhaus.org', 4.35, -1.5, 'ZEN_SPAMHAUS', > + 'sbl-xbl.spamhaus.org', 4.35, -1.5, > 'SBL_XBL_SPAMHAUS', > 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', > 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', > 'list.dsbl.org', 4.35, 0, 'DSBL_ORG', > > What do you think? > This is not okay. pbl.spamhaus.org is already included in zen.spamhaus.org. So what you should do is remove pbl.spamhaus.org AND sbl-xbl.spamhaus.org and replace it with zen.spamhaus.org. On top of that some data from dnsbl.njabl.org is already included in zen.spamhaus.org too. Maybe you should consider replacing dnsbl.njabl.org with another DNSBL? And the other issue I see above is list.dsbl.org. That DNSBL is gone since 2009. You should definitely remove that entry from your configuration. Using blocklists is not something that you add once and then forget. You need actively to maintain the list you use and keep an open eye on BLs and see if they are still alive and remove them if they go down (for whatever reason). > Stefan > GrĂ¼sse aus der Schweiz -- Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail
