Re: URIBL/DNSBL from a database

2016-03-02 Thread Alex
Hi, >> Is there any reason to not use the bl.score.sendrescore.com with >> postscreen? I don't understand the distinction > > why? > > postscreen is supposed to be configured with sensible scoring to reject most > spam without false positives long before it reachs smtpd or even expesnive >

Re: URIBL/DNSBL from a database

2016-03-02 Thread Reindl Harald
Am 03.03.2016 um 02:44 schrieb Alex: Is there any reason to not use the bl.score.sendrescore.com with postscreen? I don't understand the distinction why? postscreen is supposed to be configured with sensible scoring to reject most spam without false positives long before it reachs smtpd or

Re: URIBL/DNSBL from a database

2016-03-02 Thread Alex
Hi, Some time ago, David Jones wrote: > In a related note, I have found that using the senderscore.org score combined > with postscreen's weighting is very effective in quickly catching new > spammers. > > postscreen_dnsbl_sites = > score.senderscore.com=127.0.4.[60..69]*2 >

Re: URIBL/DNSBL from a database

2016-02-15 Thread Noel Butler
On 16/02/2016 01:08, Shawn Bakhtiar wrote: There are A LOT more people out there, far greater than just the Googles and Yahoos of the world, and to block IP addresses/subnets without an automated system using definable metric (that usually is enterprise specific), invariably IT will be

Re: URIBL/DNSBL from a database

2016-02-15 Thread Shawn Bakhtiar
I use to spend a lot of time blocking hosts and subnets, using IP tables, of malicious providers who would let any tom, dick, and Harry (no pun intended) to host spam hosts/relays on their servers. What I ended up doing is also blocking a lot SMB vendors from sending legitimate emails to users

Re: URIBL/DNSBL from a database

2016-02-14 Thread Noel Butler
On 15/02/2016 09:02, Reindl Harald wrote: Am 14.02.2016 um 23:34 schrieb Noel Butler: On 14/02/2016 01:46, Alex wrote: rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. how so? if your honey pots use specific non human used (ever)

Re: URIBL/DNSBL from a database

2016-02-14 Thread Reindl Harald
Am 14.02.2016 um 23:34 schrieb Noel Butler: On 14/02/2016 01:46, Alex wrote: rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. how so? if your honey pots use specific non human used (ever) addresses, then there should never ever be a

Re: URIBL/DNSBL from a database

2016-02-14 Thread Noel Butler
On 14/02/2016 01:46, Alex wrote: rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. how so? if your honey pots use specific non human used (ever) addresses, then there should never ever be a genuine mail destined for it. I dont care

Re: URIBL/DNSBL from a database

2016-02-14 Thread John Hardin
On Sun, 14 Feb 2016, Allen Chen wrote: On 2/12/2016 8:48 AM, Axb wrote: On 02/12/2016 02:39 PM, Alex wrote: > For some time now I've been cycling URLs and IPs through a mariadb > database gathered from incoming mail on a honeypot I've created. > Surprising how many are received ahead of

Re: URIBL/DNSBL from a database

2016-02-14 Thread Allen Chen
On 2/12/2016 8:48 AM, Axb wrote: On 02/12/2016 02:39 PM, Alex wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on

Re: URIBL/DNSBL from a database

2016-02-14 Thread David Jones
>> DNS is very effective to block at the MTA level. I setup my own private >> RBL on the DNS servers my SA boxes point to. Dump your IPs into a >> rbldnsd formatted zone file and setup your private RBL zone (doesn't >> have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd >>

Re: URIBL/DNSBL from a database

2016-02-13 Thread Alex
Hi, > DNS is very effective to block at the MTA level. I setup my own private > RBL on the DNS servers my SA boxes point to. Dump your IPs into a > rbldnsd formatted zone file and setup your private RBL zone (doesn't > have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd >

Re: URIBL/DNSBL from a database

2016-02-13 Thread Reindl Harald
Am 13.02.2016 um 16:46 schrieb Alex: DNS is very effective to block at the MTA level. I setup my own private RBL on the DNS servers my SA boxes point to. Dump your IPs into a rbldnsd formatted zone file and setup your private RBL zone (doesn't have to be a real zone on the Internet) to

Re: URIBL/DNSBL from a database

2016-02-13 Thread Dave Funk
On Sat, 13 Feb 2016, Alex wrote: I've now got rbldnsd implemented. I've also known for a while it's faster/better than bind, but bind has always been in place. I have rbldnsd running on port 530, alongside bind on 53. How do I specify a urirhsbl in spamassassin to query the DNS server running

Re: URIBL/DNSBL from a database

2016-02-12 Thread Martin Gregorie
On Fri, 2016-02-12 at 08:39 -0500, Alex wrote: > Is it possible for spamassassin to query a database directly? > Yes, with a plugin. I've been doing the opposite for some years now: I archive all my outgoing mail and most of my non-spam incoming mail in a Postgres database and use this as a

URIBL/DNSBL from a database

2016-02-12 Thread Alex
Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on how to now make this information available to spamassassin on my

Re: URIBL/DNSBL from a database

2016-02-12 Thread David Jones
> >From: Alex >For some time now I've been cycling URLs and IPs through a mariadb >database gathered from incoming mail on a honeypot I've created. >Surprising how many are received ahead of spamhaus/barracuda. Major RBLs like

Re: URIBL/DNSBL from a database

2016-02-12 Thread Axb
On 02/12/2016 02:39 PM, Alex wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on how to now make this information

Re: URIBL/DNSBL from a database

2016-02-12 Thread Shawn Bakhtiar
On Feb 12, 2016, at 5:39 AM, Alex > wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of

Re: URIBL/DNSBL from a database

2016-02-12 Thread Marc Perkel
On 02/12/16 05:39, Alex wrote: Hi, For some time now I've been cycling URLs and IPs through a mariadb database gathered from incoming mail on a honeypot I've created. Surprising how many are received ahead of spamhaus/barracuda. I'm looking for ideas on how to now make this information

Re: URIBL/DNSBL from a database

2016-02-12 Thread Martin Gregorie
On Fri, 2016-02-12 at 07:30 -0800, Marc Perkel wrote: > Yeah - unless you write your own SA module using DNS is the quick > easy solution. > If Alex already has a set of scripts that populate and maintain the database that he's happy with, then the quick and easy way may be to make a custom SA