On Thu, Jan 11, 2007, Ralf S. Engelschall wrote: >FYI: Those of you who are using the Postfix MTA with UCE prevention >configuration, please notice that e.g. the ORBL.org recently has closed >its doors and that a few others are also no longer available. I've >reinvestigated which RBLs are still available _AND_ provide a reasonable >and reliable resource. The result of my currently resulting _PERSONAL_ >Postfix client restrictions are now: > >smtpd_client_restrictions = > permit_mynetworks, > check_client_access hash:/PREFIX/etc/postfix/access, > reject_unknown_client, > reject_unauth_destination, > reject_rbl_client dnsbl.sorbs.net,
Slightly more selective is dul.dnsbl.sorbs.net which lists only dynamic (dialup/residential DSL and cable). > reject_rbl_client list.dsbl.org, > reject_rbl_client bl.spamcop.net, This is prone to false positives as spamcop is very quick on the trigger to list reports by clueless users (who have a tendency to send mailing list traffic). Even spamcop recommends against using this as a hard reject DNSBL. FWIW: Spamassassin can score on Received: headers that are in various DNSRBLs including spamcop. > reject_rbl_client sbl.spamhaus.org, > reject_rbl_client pbl.spamhaus.org, > reject_rbl_client xbl.spamhaus.org, I think PBL is a new, spamhaus list. The others are in the combined sbl-xbl.spamhaus.org Others we have found effective are: korea.services.net combined.njabl.org ubl.unsubscore.com We're using: smtpd_recipient_restrictions = check_recipient_access pcre:/PREFIX/etc/postfix/recipientchecks permit_mynetworks check_client_access hash:/PREFIX/etc/postfix/dialupchecks check_client_access hash:/PREFIX/etc/postfix/whitehatlist check_client_access whoson:whoson.celestial.com:9876 check_helo_access pcre:/PREFIX/etc/postfix/helochecks check_client_access pcre:/PREFIX/etc/postfix/clientchecks reject_rbl_client guardian.celestial.net reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_client cbl.abuseat.org reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client korea.services.net reject_rbl_client combined.njabl.org reject_rbl_client ubl.unsubscore.com reject_non_fqdn_recipient reject_invalid_hostname reject_non_fqdn_hostname reject_non_fqdn_sender reject_unknown_sender_domain reject_unknown_client reject_unauth_pipelining permit_mx_backup reject_unauth_destination The guardian.celestial.net DNSRBL is one that we maintain consisting of sites that have either made cracking attempts against sites we maintain or attempted to spam mailing lists. The cbl.abuseat.org list is included in the spamhaus list, but checking it first may give quicker results as there is a delay between their updates and spamhaus's sync. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 ``Most people, sometime in their lives, stumble across truth. Most jump up, brush themselves off, and hurry on about their business as if nothing had happened.'' - Sir Winston Churchill ______________________________________________________________________ OpenPKG http://openpkg.org User Communication List openpkg-users@openpkg.org