Re: manitu.net RBL, opinions? Re: postwhite? (why not?)
On Tue, 06 Mar 2018 06:26:49 + MRob wrote: > On 2018-03-05 18:05, Bill Cole wrote: > >> Would you mind sharing which RBLs you recommend to use in > >> postscreen? > > > > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 > > zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 > > zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 > > psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1 > > I just learned of manitu.net RBL is it helpful? Bill you don't use > things like barracuda.net, spamcop, whatever that monkey one is, > mailspike. Is manitu a good replacement for all those? Just a FYI, my experience is manitu periodically blocks hostgator email. I had to remove it from my list. If you want to check your logs to see if you receive email from hostgator, all my email from hostgator has come from websitewelcome.com, but here is the official documentation: http://support.hostgator.com/articles/what-are-private-name-servers FWIW, I use barracuda.net.
manitu.net RBL, opinions? Re: postwhite? (why not?)
On 2018-03-05 18:05, Bill Cole wrote: Would you mind sharing which RBLs you recommend to use in postscreen? postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1 I just learned of manitu.net RBL is it helpful? Bill you don't use things like barracuda.net, spamcop, whatever that monkey one is, mailspike. Is manitu a good replacement for all those?
spamhaus zen response codes in postscreen Re: postwhite? (why not?)
On 2018-03-05 18:05, Bill Cole wrote: Would you mind sharing which RBLs you recommend to use in postscreen? postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 Why list all these, are there zen response codes that you don't want to blacklist?
Re: FQRDNS blacklist why not? Re: postwhite? (why not?)
On 5 Mar 2018, at 16:38, MRob wrote: Bill Cole said: The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. So why, I like to ask is fqrdns list not recommended for use in postscreen? Did you see "DNSBL" in that sentence? The "fqrdns" list is not a DNSBL. With that said, I don't use it because: 1. I find it generally superfluous given my other defenses. 2. I would never want to use it in postscreen because it is not designed to identify only known spam-only sources. 3. I don't believe it is possible to use it in postscreen because it relies on domain names, while postscreen_access_list only looks up the client IP.
Re: Test E-Mail
Maurizio Caloro skrev den 2018-03-05 22:45: I think this email will never arivve I have send in the past so meny Question but no are displayed. Possible i'am banned? why is you dkim sign 3 times on same mail ? and dmarc failed
Re: FQRDNS blacklist why not? Re: postwhite? (why not?)
MRob skrev den 2018-03-05 22:38: Bill Cole said: The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. So why, I like to ask is fqrdns list not recommended for use in postscreen? https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre too much fp Its maintained by same person as postwhite so I guess that means he knows good reason why not to outright blacklist the clients in that list. postscreen is not ment for testing that data
Re: Test E-Mail
On 3/5/2018 3:45 PM, Maurizio Caloro wrote: > I think this email will never arivve > > > > I have send in the past so meny Question but no are displayed. > > > > Possible i’am banned? > > > Yes, it works. Be aware some mail systems suppress showing your own posts to mailing lists. Gmail and others do this as part of their duplicate suppression. -- Noel Jones
Re: FQRDNS blacklist why not? Re: postwhite? (why not?)
On 3/5/2018 3:38 PM, MRob wrote: > Bill Cole said: >> The postscreen DNSBL >> configuration should be designed to only block IPs that *only* send >> spam. > > So why, I like to ask is fqrdns list not recommended for use in > postscreen? > https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre > > Its maintained by same person as postwhite so I guess that means he > knows good reason why not to outright blacklist the clients in that > list. By design, postscreen operates on the client IP only, and the rDNS hostname is not available. This is intentional to keep performance high and latency low. The fqrdns.pcre operates on the rDNS hostname of the connecting client, which isn't available in postscreen. Consequently, by design the fcrdns.pcre cannot work in postscreen, and should not be used there. -- Noel Jones
Test E-Mail
I think this email will never arivve I have send in the past so meny Question but no are displayed. Possible i'am banned?
AW: Reject but styl connection established
Thanks for your fast answer, and sorry for my late reply Ok after reading and configure me mailserver with postscreen i have the following situation when i send any mail. [Main.cf] postscreen_blacklist_action = drop postscreen_access_list = permit_mynetworks, hash:/etc/postfix/access [Master.cf] ## smtp inet n - n - - smtpd -o content_filter=spamassassin smtp inet n - - - 1 postscreen -o content_filter=spamassassin smtpd pass - - - - - smtpd dnsblog unix - - - - 0 dnsblog tlsproxy unix - - - - 0 tlsproxy submission inet n - - - - smtpd -o content_filter=spamassassin "450 4.3.2 Service currently unavailable" ?? [Mail.log] Mar 4 21:59:40 Dovecot/imap(mca@domain): Info: Disconnected: Logged out in=1443 out=219620 Mar 4 22:00:13 mail postfix/postscreen[1050]: CONNECT from [IP]:45143 to [IP]:25 Mar 4 22:00:13 mail postfix/dnsblog[1060]: addr [IP] listed by domain list.dnswl.org as 127.0.3.0 Mar 4 22:00:13 mail postfix/dnsblog[1076]: addr IP listed by domain spamtrap.trblspam.com as 185.53.179.6 Mar 4 22:00:13 mail postfix/dnsblog[1077]: addr IP listed by domain wl.mailspike.net as 127.0.0.20 Mar 4 22:00:19 mail postfix/tlsproxy[1061]: CONNECT from [IP]:45143 Mar 4 22:00:19 mail postfix/tlsproxy[1061]: Anonymous TLS connection established from [IP]:45143: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) Mar 4 22:00:19 mail postfix/postscreen[1050]: NOQUEUE: reject: RCPT from [40.92.69.70]:45143: 450 4.3.2 Service currently unavailable; from=, to:, proto=ESMTP, helo= Mar 4 22:00:19 mail postfix/tlsproxy[1061]: DISCONNECT [IP]:45143 Mar 4 22:00:19 mail postfix/postscreen[1050]: HANGUP after 0.16 from [IP]:45143 in tests after SMTP handshake Mar 4 22:00:19 mail postfix/postscreen[1050]: PASS NEW [IP]:45143 Mar 4 22:00:19 mail postfix/postscreen[1050]: DISCONNECT [IP]:45143 Equal from where i send the email to my domain this error will be appair. -- > On Mar 1, 2018, at 12:42 AM, Maurizio Caloro wrote: > > I have have create any acceslist to deny, but if check me situation > this will conntecd successfuly to me maschine Postfix access lists control email delivery not connection establishment. To control connection establishment use a firewall. You can also prevent unwanted clients from reaching the smtpd(8) service via postscreen(8) blacklists. -- Viktor.
FQRDNS blacklist why not? Re: postwhite? (why not?)
Bill Cole said: The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. So why, I like to ask is fqrdns list not recommended for use in postscreen? https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre Its maintained by same person as postwhite so I guess that means he knows good reason why not to outright blacklist the clients in that list.
Re: postwhite? (why not?)
On 5 Mar 2018, at 3:59, Karol Augustin wrote: On 2018-03-05 6:39, Bill Cole wrote: On 3 Mar 2018, at 14:25, J Doe wrote: Should I then continue to use postscreen for the zombie detection but then move my DNSRBL entries to smtpd restrictions ? Apologies for belabouring the point - I’m just not understanding. Not all DNSBLs are equivalent. SOME are suited for use in postscreen as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. There are DNSBLs designed to be hyper-sensitive, to not give any sender a free pass, and to generate occasional collateral damage. There are DNSBLs designed to be used in complex anti-spam systems and NOT as a unilateral basis for blocking. Those sorts of DNSBL should not be used in postscreen with a score at or above postscreen_dnsbl_threshold. Hi Bill, Would you mind sharing which RBLs you recommend to use in postscreen? postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1 postscreen_dnsbl_threshold = 2 For my own system I also use 2 local DNSBLs scored at 1 (both are full of non-spam sources by design) and reuse all of those and more in smtpd, with whitelisting of various sorts to protect mail that needs protecting. That's a bespoke config that isn't suitable for most sites. (And those local DNSBLs tell intentional lies to the outside world anyway.)
Re: postwhite? (why not?)
On 3 Mar 2018, at 14:25, J Doe wrote: Should I then continue to use postscreen for the zombie detection but then move my DNSRBL entries to smtpd restrictions ? I forgot to add: when you use dnsbl entries at postscreen level, you apparently won't need them in other postfix restrictions. if you use spam filter e.g. spamassassin, leave the rest on it. On 2018-03-05 6:39, Bill Cole wrote: Not all DNSBLs are equivalent. SOME are suited for use in postscreen as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. There are DNSBLs designed to be hyper-sensitive, to not give any sender a free pass, and to generate occasional collateral damage. There are DNSBLs designed to be used in complex anti-spam systems and NOT as a unilateral basis for blocking. Those sorts of DNSBL should not be used in postscreen with a score at or above postscreen_dnsbl_threshold. On 05.03.18 08:59, Karol Augustin wrote: Would you mind sharing which RBLs you recommend to use in postscreen? On 05.03.18 16:54, Matus UHLAR - fantomas wrote: I don't see problems having spamhaus, sorbs and spamcop at postscreen level, especially when someone adds e.g. dnswl weighing -1 too. veri simple example: postscreen_dnsbl_sites = zen.spamhaus.org, dnsbl.sorbs.net, bl.spamcop.net, list.dnswl.org*-1 you can play with weighing blacklists and whitelists, and/or tuning postscreen_dnsbl_threshold -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states.
Re: postwhite? (why not?)
On 3 Mar 2018, at 14:25, J Doe wrote: Should I then continue to use postscreen for the zombie detection but then move my DNSRBL entries to smtpd restrictions ? Apologies for belabouring the point - I’m just not understanding. On 2018-03-05 6:39, Bill Cole wrote: Not all DNSBLs are equivalent. SOME are suited for use in postscreen as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. There are DNSBLs designed to be hyper-sensitive, to not give any sender a free pass, and to generate occasional collateral damage. There are DNSBLs designed to be used in complex anti-spam systems and NOT as a unilateral basis for blocking. Those sorts of DNSBL should not be used in postscreen with a score at or above postscreen_dnsbl_threshold. On 05.03.18 08:59, Karol Augustin wrote: Would you mind sharing which RBLs you recommend to use in postscreen? I don't see problems having spamhaus, sorbs and spamcop at postscreen level, especially when someone adds e.g. dnswl weighing -1 too. veri simple example: postscreen_dnsbl_sites = zen.spamhaus.org, dnsbl.sorbs.net, bl.spamcop.net, list.dnswl.org*-1 you can play with weighing blacklists and whitelists, and/or tuning postscreen_dnsbl_threshold -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends?
Re: postwhite? (why not?)
On 2018-03-05 6:39, Bill Cole wrote: > On 3 Mar 2018, at 14:25, J Doe wrote: > >> Should I then continue to use postscreen for the zombie detection but then >> move my DNSRBL entries to smtpd restrictions ? >> >> Apologies for belabouring the point - I’m just not understanding. > > Not all DNSBLs are equivalent. SOME are suited for use in postscreen > as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL > configuration should be designed to only block IPs that *only* send > spam. There are DNSBLs designed to be hyper-sensitive, to not give any > sender a free pass, and to generate occasional collateral damage. > There are DNSBLs designed to be used in complex anti-spam systems and > NOT as a unilateral basis for blocking. Those sorts of DNSBL should > not be used in postscreen with a score at or above > postscreen_dnsbl_threshold. Hi Bill, Would you mind sharing which RBLs you recommend to use in postscreen? k. -- Karol Augustin ka...@augustin.pl http://karolaugustin.pl/ +353 85 775 5312
