On Tue, Apr 23, 2013 at 10:42:36AM -0700, Steve Jenkins wrote: > I recently removed TRBLSPAM from my postscreen_dnsbl_sites lists > after they went offline earlier this month (this should be a > reminder to do the same for anyone here who also used them). That > got me wondering about what DNSBL sites others have been > successfully using with Postscreen. > > Here's my current setup:
Looks very similar to mine, http://rob0.nodns4.us/postscreen.html > postscreen_dnsbl_threshold = 3 > postscreen_dnsbl_sites = > zen.spamhaus.org*2, > b.barracudacentral.org*2, > dnsbl.mjabl.org, What? $ whois mjabl.org NOT FOUND If you meant NJABL, they've been gone longer than TRBL, 2013-03-01. > bl.spameatingmonkey.net, > dnsbl.ahbl.org, These are highly accurate for me. AHBL doesn't list as much, but I've never seen it return anything questionable. > bl.spamcop.net, > swl.spamhaus.org*-4, > list.dnswl.org=127.[0..255].[0..255].0*-2, > list.dnswl.org=127.[0..255].[0..255].1*-4, > list.dnswl.org=127.[0..255].[0..255].[2..255]*-6 > > This setup has been working pretty well for me, and reduces false > positives by not allowing any single DNSBL to block an incoming > connection without concurrence from at least one other DNSBL. I'm fine with blocking for Zen alone, thus I give it 3. Of course it's possible to continue using it as a reject_rbl_client smtpd restriction, also. (I do that too. For some recipient domains I also reject using BRBL.) > I'm wondering if others can recommend any other DNSBLs that I > should consider, or if anyone has any other feedback on my setup. Having watched logs awhile following upgrade to 2.11 snapshots, I found that PSBL and Mailspike are doing a good job. SORBS should definitely be there as a 1-point list; I've had that a long time, finding that SORBS often pushes a 2-point result over the top. I'm considering lowering BRBL to one point and taking it out of smtpd restrictions. I've had recent problems with a sender from nerim.net in France. I don't doubt that the global army of 'cudas has gotten spam from there, but a 2-point list needs to be conservative IMO. Again, Mailspike is looking good, and I might soon switch to use of rep.mailspike.net as a combined black/white list, but that will get ugly in the sites list. I wish they had a different set of return codes, i.e., a 127.0.x.x for the bad listings and 127.1.x.x for the good ones. As I recently noted on this list, the whitelist sites are mostly unused. There is almost no overlap between the blacklists and whitelists. One nerim.net host (of numerous outbounds they use) seems to be the only one (it's on BRBL and DNSWL.org as a .0, trust level "none".) You can double your threshold and scores and add in more one-point lists for testing. I didn't do that with my recent additions, but I know they have been around long enough to have some credibility. In that case I think a 1-point result is safe enough. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: