RE: Blacklists for you MTA
On Mon, 19 Sep 2011, Marek Salwerowicz wrote: reject_rbl_client zen.spamhaus.org, reject_rbl_client t1.dnsbl.net.au, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, Why are you querying the same list several times. zen is everything, sbl, xbl, pbl , cbl.abuseat.org, xyzzybl too. so 1 query gets you answers from all the Spamhaus zones. the others I can't answer for because I don't use them, possibly laziness, possibly I don't care enough. I find that postscreen with -8--- # # postscreen # postscreen_dnsbl_action = enforce postscreen_greet_action = enforce postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access postscreen_dnsbl_sites = zen.spamhaus.org postscreen_dnsbl_threshold = 1 -8--- saves so much time and headaches. However Barracudacentral.org is a good list. Must not make snarky comments here. P
RE: Blacklists for you MTA
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Peter Evans Sent: Wednesday, September 21, 2011 7:23 AM To: postfix-users@postfix.org Subject: RE: Blacklists for you MTA On Mon, 19 Sep 2011, Marek Salwerowicz wrote: reject_rbl_client zen.spamhaus.org, reject_rbl_client t1.dnsbl.net.au, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, Why are you querying the same list several times. zen is everything, sbl, xbl, pbl , cbl.abuseat.org, xyzzybl too. so 1 query gets you answers from all the Spamhaus zones. the others I can't answer for because I don't use them, possibly laziness, possibly I don't care enough. I find that postscreen with -8--- # # postscreen # postscreen_dnsbl_action = enforce postscreen_greet_action = enforce postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access postscreen_dnsbl_sites = zen.spamhaus.org postscreen_dnsbl_threshold = 1 -8--- saves so much time and headaches. However Barracudacentral.org is a good list. Must not make snarky comments here. P I use these in this order and swap barracuda spamcop on different machines so I hit them evenly and don’t over use one over the other. I keep based on track record this order so that I avoid additional queries thereby speeding up the process on a reject. reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com,
Re: Blacklists for you MTA
On Mon, 19 Sep 2011, Marek Salwerowicz wrote: Hi all, I am new to Postfix-users mailing list so would like to say hello to everyone ;) I am wondering what rbl's are you using to prevent your MTAs against spam? My current config is as follows: reject_rbl_client zen.spamhaus.org, reject_rbl_client t1.dnsbl.net.au, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, Since one month I have benn receiveing more spam so I started thinking about adding other (if there are any) rbl's - what do you suggest? Regards, -- Marek Salwerowicz For starters, try to avoid exclusively use of rbl to block spam, rbl's does not solve any problems. Spammers have the ability to change their habits, and they will try even harder when thier connection are blocked. Second of all sbl.spamhaus.org and cbl.abuseat.org query the same list, You should use only one of them, consider using sbl-xbl.spamhaus.org instead. What to choose is entirely up to you, and what works best for you. There are plenty of statistics that can be used as a base for your choice. However Barracudacentral.org is a good list. Regards, Andraes
Re: Blacklists for you MTA
Am 19.09.2011 19:07, schrieb Marek Salwerowicz: Hi all, I am new to Postfix-users mailing list so would like to say hello to everyone ;) I am wondering what rbl's are you using to prevent your MTAs against spam? My current config is as follows: reject_rbl_client zen.spamhaus.org, reject_rbl_client t1.dnsbl.net.au, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, you should use as few blacklists as possible and not active blindly the above way you can be sure to have false-positives because if a sender is not on 5 of them he has godd chances to be on the sixt good anti-spam solutions are working with scoring + intention analysis for commerical use i would tend to a anti-spam applicance as MX in front of the mailserver and never expose the mailserver directly signature.asc Description: OpenPGP digital signature
Re: Blacklists for you MTA
- Original Message - From: Marek Salwerowicz marek_...@wp.pl To: postfix-users@postfix.org Cc: Sent: Monday, September 19, 2011 12:07 PM Subject: Blacklists for you MTA I am wondering what rbl's are you using to prevent your MTAs against spam? Since one month I have benn receiveing more spam so I started thinking about adding other (if there are any) rbl's - what do you suggest? Rather than focus simply on the rbls to use, we found a more useful strategy was to upgrade to a newer postfix (Centos has a really old one) supporting Postfix postscreen. Instead of a decision to simply block or not block, postscreen adds the ability to weight the rbl results, which means you can add some additional higher risk rbls since a hit on one of them won't necessarily reject a message. This has had a large impact for us. postscreen also seems to eliminate other spam like zombie spam. Try it out and I think you will like it. http://www.postfix.org/POSTSCREEN_README.html
Re: Blacklists for you MTA
My current config is as follows: This one: reject_rbl_client zen.spamhaus.org, Includes these three, so there's no point in using them. reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, This one: reject_rbl_client t1.dnsbl.net.au, doesn't exist any more. (Don't you ever check?) This one: reject_rbl_client dul.dnsbl.sorbs.net, has been egregiously mismanaged. It was recently sold back to the original owner so it may improve, so I wouldn't use it now. The PBL component of zen does better what this dul tries to do. These two are OK: reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, I also am seeing a lot more spam, but it's mostly coming from shared sources like Yahoo and Verizon, so DNSBLs won't help unless you're willing to lose a great deal of legitimate mail. You should also use domain lists in your body filters. If you're using a recent version of spamassassin, they're configured in automatically. R's, John
Re: Blacklists for you MTA
Le 19/09/2011 19:07, Marek Salwerowicz a écrit : Hi all, I am new to Postfix-users mailing list so would like to say hello to everyone ;) I am wondering what rbl's are you using to prevent your MTAs against spam? My current config is as follows: reject_rbl_client zen.spamhaus.org, reject_rbl_client t1.dnsbl.net.au, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, Since one month I have benn receiveing more spam so I started thinking about adding other (if there are any) rbl's - what do you suggest? if you show examples of spam you get, we might help you fight it. if you're looking for general advice, you'll get general spam. if you're looking for a miracle, I have one for you: stop using email and you will never get email spam. if you want to to use email and hate spam you get, show us the spam you get and your config, and we might see if you get less...
Re: Blacklists for you MTA
On 09/19/2011 02:29 PM, John Levine wrote: My current config is as follows: This one: reject_rbl_client zen.spamhaus.org, Includes these three, so there's no point in using them. reject_rbl_client dnsbl.njabl.org, zen.spamhaus.org does not seem to include dnsbl.njabl.org according to http://www.spamhaus.org/xbl/ : Mail servers already using dnsbl.njabl.org are advised to continue doing so, as dnsbl.njabl.org is itself a composite list and contains more than the open proxy IPs list part now incorporated in XBL. That said, I only see rare hits on dnsbl.njabl.org which is listed after zen.spamhaus.org in my setup. Simon
