Hello, with your suggestions I modified my config:
postscreen_dnsbl_threshold = 3 postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3 b.barracudacentral.org*2 combined.njabl.org=127.0.0.[2;4;9]*2 dnsbl.ahbl.org*2 bl.spameatingmonkey.net bl.spamcop.net spamtrap.trblspam.com dnsbl.sorbs.net=127.0.0.[2;3;6;7;10] ix.dnsbl.manitu.net list.dnswl.org=127.0.[0..255].0*-1 list.dnswl.org=127.0.[0..255].1*-2 list.dnswl.org=127.0.[0..255].[2..3]*-3 iadb.isipp.com=127.0.[0..255].[0..255]*-2 iadb.isipp.com=127.3.100.[6..200]*-2 wl.mailspike.net=127.0.0.[17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2 Thanks, Andrea Il 11/05/2012 14:35, /dev/rob0 ha scritto: > On Thu, May 10, 2012 at 11:38:07PM -0400, Sahil Tandon wrote: >> On Fri, 2012-05-04 at 11:29:01 -0400, Rod K wrote: >> >>> Was wondering if anyone would be willing to share what DNSBL and >>> weights they are using with Postscreen. >> Mine are adapted from a previous post by /dev/rob0: > Mine is still very similar. I think I need to add a few more > one-point sites. > >> postscreen_dnsbl_threshold = 3 >> postscreen_dnsbl_sites = >> zen.spamhaus.org*3 >> b.barracudacentral.org*3 > While I agree with this, I still keep BRBL score at 2. I call it as > reject_rbl_client for most of my recipient domains, so in effect I'm > doing the same. But BRBL requires at least one other DNSBL to cause > postscreen rejection. > >> dnsbl.njabl.org*2 >> bl.spameatingmonkey.net*2 >> bl.spamcop.net >> dnsbl.ahbl.org > Not very effective, but very accurate. I give AHBL 2 points. > >> spamtrap.trblspam.com >> swl.spamhaus.org*-5 >> list.dnswl.org=127.[0..255].[0..255].0*-2 >> list.dnswl.org=127.[0..255].[0..255].1*-4 >> list.dnswl.org=127.[0..255].[0..255].[2..255]*-6 >> >> And FWIW, the below statistics correspond to a recent 24hr period; >> TOTAL is the number of IPs listed by a given zone, and UNIQ is the >> number of IPs listed *only* by that zone. Regarding overlap with >> whitelists, I've noticed that it's consistently highest for >> spamtrap.trblspam.com. >> >> UNIQ/TOTAL DNSBL DNSWL >> 1022/17454 b.barracudacentral.org 17 >> 54/6841 bl.spamcop.net 25 >> 4/5502 bl.spameatingmonkey.net 0 >> 5/96 dnsbl.ahbl.org 0 >> 7/134 dnsbl.njabl.org 3 >> 587/3842 spamtrap.trblspam.com 469 >> 1609/18263 zen.spamhaus.org 5 > Most of those DNSWL hits are list.dnswl.org=127.0.15.0, I bet. I toy > with the idea of using that as a one-point DNSBL. :) I actually did > configure a per-recipient-domain restriction class which does a > reject_rbl_client for list.dnswl.org=127.0.15.0, but it's not used > for any domains which receive significant mail from outside. > > (This idea, of using dnswl.org as a DNSBL, has been discussed on > SDLU.) > >> UNIQ/TOTAL DNSWL DNSBL >> 2514/2520 list.dnswl.org 510 >> 0/6 swl.spamhaus.org 0 > SWL is so good that it's useless. :) They're being very careful with > invitations such that the list is small, and as pure as the driven > snow, but here in postscreen, you might as well not use SWL. No host > on SWL has any significant DNSBL listing -- I bet if it did, it would > come off of SWL pretty quick. > > I'm sure SWL has its use in content filtering, however. > > Excellent post, Sahil, thanks.