Loading ...
Sorry, an error occurred while loading the content.

292770Re: Postscreen DNSBL Sites

Expand Messages
  • Steve Jenkins
    Apr 23, 2013
    • 0 Attachment
      On Tue, Apr 23, 2013 at 11:23 AM, /dev/rob0 <rob0@...> wrote:
      Looks very similar to mine, http://rob0.nodns4.us/postscreen.html

      > postscreen_dnsbl_threshold = 3
      > postscreen_dnsbl_sites =
      >         zen.spamhaus.org*2,
      >         b.barracudacentral.org*2,
      >         dnsbl.mjabl.org,

      What? $ whois mjabl.org
      NOT FOUND
      If you meant NJABL, they've been gone longer than TRBL, 2013-03-01

      First, thanks for the detailed and insightful reply. Exactly the type of feedback I was hoping for.

      And yep - njabl IS what I meant, and I've yanked them. :)
       
      >         bl.spameatingmonkey.net,
      >         dnsbl.ahbl.org,

      These are highly accurate for me. AHBL doesn't list as much, but I've
      never seen it return anything questionable.

      >         bl.spamcop.net,
      >         swl.spamhaus.org*-4,
      >         list.dnswl.org=127.[0..255].[0..255].0*-2,
      >         list.dnswl.org=127.[0..255].[0..255].1*-4,
      >         list.dnswl.org=127.[0..255].[0..255].[2..255]*-6

      I'm fine with blocking for Zen alone, thus I give it 3. Of course
      it's possible to continue using it as a reject_rbl_client smtpd
      restriction, also. (I do that too. For some recipient domains I
      also reject using BRBL.)

      I also do that. Any thoughts on these settings which I currently use?

      reject_rbl_client b.barracudacentral.org,
       reject_rbl_client zen.spamhaus.org,
       reject_rbl_client bl.spamcop.net,
       reject_rbl_client psbl.surriel.com,
       reject_rhsbl_client dbl.spamhaus.org,
       reject_rhsbl_sender dbl.spamhaus.org,
       reject_rhsbl_helo dbl.spamhaus.org,

      > I'm wondering if others can recommend any other DNSBLs that I
      > should consider, or if anyone has any other feedback on my setup.

      Having watched logs awhile following upgrade to 2.11 snapshots, I
      found that PSBL and Mailspike are doing a good job. SORBS should
      definitely be there as a 1-point list; I've had that a long time,
      finding that SORBS often pushes a 2-point result over the top.

      I'm considering lowering BRBL to one point and taking it out of smtpd
      restrictions. I've had recent problems with a sender from nerim.net
      in France. I don't doubt that the global army of 'cudas has gotten
      spam from there, but a 2-point list needs to be conservative IMO.

      Again, Mailspike is looking good, and I might soon switch to use of
      rep.mailspike.net as a combined black/white list, but that will get
      ugly in the sites list. I wish they had a different set of return
      codes, i.e., a 127.0.x.x for the bad listings and 127.1.x.x for the
      good ones.

      As I recently noted on this list, the whitelist sites are mostly
      unused. There is almost no overlap between the blacklists and
      whitelists. One nerim.net host (of numerous outbounds they use) seems
      to be the only one (it's on BRBL and DNSWL.org as a .0, trust level
      "none".)

      You can double your threshold and scores and add in more one-point
      lists for testing. I didn't do that with my recent additions, but I
      know they have been around long enough to have some credibility. In
      that case I think a 1-point result is safe enough.

      Again, excellent advice and feedback. Thank you - I'm off to test out some of the ones you suggested!

      SteveJ 
    • Show all 67 messages in this topic