Alex, from prypiat. Yes, I recycle.
On 13-01-07 04:18 AM, Fabio Sangiovanni wrote: > Hi, > > thanks to everybody for your answers. > > Il giorno 04/gen/2013, alle ore 18:12, Kris Deugau <kdeu...@vianet.ca> ha > scritto: >> Mmmm, the problem the OP was asking about is "how do I make sure that >> only the specific URIBLs I want are active, no matter what may be added >> upstream?". >> >> IIRC this was asked a while ago but I don't recall any answer better >> than "watch the updates closely and disable any new ones when you see >> them". I think the reasoning was that new DNSBLs are not casually added >> the way new regex or non-DNS rules, and there's usually some warning on >> the users and/or dev lists, so you can preemptively add "score NEW_URIBL >> 0" to your local.cf or local rules channel. > Yes, that's exactly my problem, and unfortunately this is the only solution I > came up to, too. > The introduction of symbolic name wildcards here would be of great help. Has > this ever been considered? > One could set one line as: > > score URIBL_* 0 > > and add specific scores for desired lists after that. > This would imply the definition of a standard naming for rules, but as far as > I can see that's quite in place already. > > >> If you're redefining the tests anyway (to use local datafeed versions of >> any give URIBL) I would recommend putting them in a custom local TLD >> that won't resolve globally, to make sure you really *are* using your >> local copies. >> >> -kgd > I have a local bind on each mta, which act as a cache and forwards queries to > another bind on our LAN, wich in turn forwards to rbldnsd (updated daily from > datafeed services). > We'll consider the local tld as further measure. > > One slightly OT quesiton: as far as postfix is concerned, how could it help > with checks against URIDNSBLs? I'm not aware of any method to make postfix > scan the body of the message and look for URIs. At best, postfix can query > DNSBLs using client IPs and envelope sender/recipient domains, but that's out > of the scope of my need…am I missing something? PF is not good at handling content of emails, especially on systems with a lot of traffic (use body_checks and regexes). This belongs to content filters. I use (zen|dbl).spamhaus.org at the pre-data level, cutting *a lot* of treatment for so few fps. As you have your own dns, you could rsync the spamhaus zone and use your dns for queries. It's a lot faster, and your SA instance will also appreciate :-) > > Thanks to everyone for your help! > > Fabio >
signature.asc
Description: OpenPGP digital signature