Re: Why there is no `reject_rbl_sender` restriction?
Hello again, I discovered possibility of milters. So I have created a milter that performs the restriction I wanted. If someone would be interested, it is here: https://github.com/mjiricka/MailFrom_DNSBL_Milter So far results are as expected – all spam filtered, zero false-positives! :) Martin
Re: Why there is no `reject_rbl_sender` restriction?
> What I was trying to say is that (if there was 1 A record per domain), the > number of spamhaus lookups would increase two times. > If you check MX records, number of lookups can increase even more. I am afraid I still do not understand how you count it :-( But it does not matter, thank you very much for your effort! :-) > hopefully you find it out before get blocked by spamhaus :-) Spamhaus allows 300,000 queries per day. I am still waaay behind it. Moreover 70% of all spam ends on my first Spamhaus restriction anyway. But once again thank you for your notice, Matus! I will be carefull with the restrictions :-)
Re: Why there is no `reject_rbl_sender` restriction?
> It seems natural (for me at least) to introduce a new map type > dnsbl: that maps those IP addresses to an action. That would be amazing! If I get it right this would also deprecate e.g. `reject_rhsbl_client` and `reject_rbl_client`. As a Postfix novice I would appreciate the reduction of configuration parameters, it is sometimes quite confusing to look at a long list of parameters that all do similar thing and trying to spot a difference in its description. MJ
Re: Why there is no `reject_rbl_sender` restriction?
> I'm not talking about DNS lookups, but about DNSBL lookups. Yes, I did interchanged them, pardon. > You ask each dnsbl for client IP, now you will ask them for each A or MX > record. That means, number of DNSBL lookups will increase ad least two times > (for each dnsbl you already query). Hmm, I am not server administrator by profession, so maybe I do not understand it enough, but I would only add one more restriction on domain in MAIL FROM header, that would make one DNS lookup (getting IP for the domain) and one DNSBL lookup (checking that IP in Spamhaus). That are two lookups, aren't they? It is true that it is not clear whether to get A or MX records for the domain. For my example the blacklisted IP address is within A record. I guess there is usually only one A record for each domain? > Note that some dnsbls require (payed) subscription if you use them too much. This is my first mail server so I need to check which restrictions work best. Then I will optimize number and order of restrictions. > we aren't talking about domains, but IP addresses of servers the domains > point to, correct? I think Allen spoke about domains. So did I. It is probably true that building blacklist of IP addresses would be better idea than building list of domains. Because I guess spammers have more domains than IP addresses…
Re: Why there is no `reject_rbl_sender` restriction?
> Did you mean: reject_rhsbl_sender (i.e. reject the sender domain)? > That already exists. The `reject_rhsbl_sender` checks whether MAIL FROM domain is listed under rbl_domain. And I would like to have `reject_rbl_sender` that would check whether reversed sender domain is listed under rbl_domain. In other words, as there are `reject_rhsbl_client` and `reject_rbl_client` restrictions, analogously I would like to have `reject_rhsbl_sender` AND `reject_rbl_sender`. Reason is I have found out that very very often my uncaught spam have MAIL FROM domain that is not listed under dbl.spamhaus.org, but its reversed address is listed under zen.spamhaus.org. I gave example with "spplalru.com" domain.
Re: Why there is no `reject_rbl_sender` restriction?
> Doing it on MX would require dnsbl lookups for each MX server in all > received mail. > That would massively increase amount of dnsbl lookups. I do not know if I would call it "massively". I already do `reject_unknown_client_hostname` check and 4 other dnsbl lookups. So I would do another 2 in addition to current 5? Yes, it is a lot, but thats how it is… My server does not serve a huge amount of real mail fortunately. > you still can block them locally using the rules above. I think it will not work, almost every spam comes from different domain. > On 03.08.17 11:09, Allen Coates wrote: >> Using the whole email address didn't work - I never sawthe same sender >> twice; Yes, exactly. Spammers have huge amount of hostnames. I do not think it is a good idea to build your own database. I even do not know how to build it, because I do not run MDA, I only forward emails… Simply put: I think it is difficult to fight against global botnets with a local black list :-) MJ
Why there is no `reject_rbl_sender` restriction?
Hi, why there is no `reject_rbl_sender` restriction? It probably does not make so much sense as `reject_rbl_client`, but it would help me in my spam battle. Quite a lot of emails come from servers not listed inside Spamhause blacklists, but sender's domain points to blacklisted IP. For example yesterday came email from: Jaromil from client: bounce.countrcultur.com [66.45.255.215] Client is not blacklisted under Spamhaus, but lets have a look in more detail to sender. # Domain is not listed: > host spplalru.com.dbl.spamhaus.org Host spplalru.com.dbl.spamhaus.org not found: 3(NXDOMAIN) # Check for IP: > host spplalru.com spplalru.com has address 185.140.110.3 # But the domain point on blacklisted server! > host 3.110.140.185.zen.spamhaus.org 3.110.140.185.zen.spamhaus.org has address 127.0.0.2 And this is not a unique case! In fact most of spam that pass my anti-spam setting would be filtered with such restriction according sender domain. Maybe it is more problem of Spamhaus and its list synchronization, I do not know. Or is there any fundamental reason why rejecting emails according sender's domain IP is not a good idea? My best wishes, Martin Jiřička
