On Thu, May 10, 2012 at 11:38:07PM -0400, Sahil Tandon wrote: > On Fri, 2012-05-04 at 11:29:01 -0400, Rod K wrote: > > > Was wondering if anyone would be willing to share what DNSBL and > > weights they are using with Postscreen. > > Mine are adapted from a previous post by /dev/rob0:
Mine is still very similar. I think I need to add a few more one-point sites. > postscreen_dnsbl_threshold = 3 > postscreen_dnsbl_sites = > zen.spamhaus.org*3 > b.barracudacentral.org*3 While I agree with this, I still keep BRBL score at 2. I call it as reject_rbl_client for most of my recipient domains, so in effect I'm doing the same. But BRBL requires at least one other DNSBL to cause postscreen rejection. > dnsbl.njabl.org*2 > bl.spameatingmonkey.net*2 > bl.spamcop.net > dnsbl.ahbl.org Not very effective, but very accurate. I give AHBL 2 points. > spamtrap.trblspam.com > swl.spamhaus.org*-5 > list.dnswl.org=127.[0..255].[0..255].0*-2 > list.dnswl.org=127.[0..255].[0..255].1*-4 > list.dnswl.org=127.[0..255].[0..255].[2..255]*-6 > > And FWIW, the below statistics correspond to a recent 24hr period; > TOTAL is the number of IPs listed by a given zone, and UNIQ is the > number of IPs listed *only* by that zone. Regarding overlap with > whitelists, I've noticed that it's consistently highest for > spamtrap.trblspam.com. > > UNIQ/TOTAL DNSBL DNSWL > 1022/17454 b.barracudacentral.org 17 > 54/6841 bl.spamcop.net 25 > 4/5502 bl.spameatingmonkey.net 0 > 5/96 dnsbl.ahbl.org 0 > 7/134 dnsbl.njabl.org 3 > 587/3842 spamtrap.trblspam.com 469 > 1609/18263 zen.spamhaus.org 5 Most of those DNSWL hits are list.dnswl.org=127.0.15.0, I bet. I toy with the idea of using that as a one-point DNSBL. :) I actually did configure a per-recipient-domain restriction class which does a reject_rbl_client for list.dnswl.org=127.0.15.0, but it's not used for any domains which receive significant mail from outside. (This idea, of using dnswl.org as a DNSBL, has been discussed on SDLU.) > UNIQ/TOTAL DNSWL DNSBL > 2514/2520 list.dnswl.org 510 > 0/6 swl.spamhaus.org 0 SWL is so good that it's useless. :) They're being very careful with invitations such that the list is small, and as pure as the driven snow, but here in postscreen, you might as well not use SWL. No host on SWL has any significant DNSBL listing -- I bet if it did, it would come off of SWL pretty quick. I'm sure SWL has its use in content filtering, however. Excellent post, Sahil, thanks. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
