Loading ...
Sorry, an error occurred while loading the content.
 

Re: RBL question and their performance stats for me

Expand Messages
  • mouss
    ... your site, your policy. it was just a warning. ... I actually use neither. but if I had to use one of these, I d use spam.*. ... you didn t search a lot,
    Message 1 of 21 , Nov 30 1:55 PM
      Joey wrote:



      >> - spamcop is too agressive. search the ML for more info if ineterested.
      >>
      >
      > I have used spamcop for the last 9 years, and have an almost non exisitant
      > amount of false positives, it's funny a lot of people have issues with that
      > list when I post that I'm using it, but I have been very happy with the
      > results.
      >
      >

      your site, your policy. it was just a warning.
      >> - why use dul.*.sorbs but not spam.*.sorbs?
      >>
      >
      > I haven't been to this site in a long time, I see new information.
      > Are you using both dnsbl.sorbs.net as well as spam.dnsbl.sorbs.net?
      >
      >

      I actually use neither. but if I had to use one of these, I'd use spam.*.
      >
      >> - you may want to replace sbl-xbl by zen.spamhaus.org. See spamhaus site.
      >>
      > I couldn't find any reference to the zen list on the site, do you have a
      > specific link?
      >
      >
      you didn't search a lot, did you?
      http://www.spamhaus.org/zen/

      >> - cbl is shown in your stats list but not in your reject_rbl list.
      >>
      > Yes they were a warn if reject to test, but your below tells me to take it
      > out any way.
      >

      There's a tradeoff here. if you don't have serious perf problems, you
      should continue using it.
      >
      >> - cbl is included in sbl-xbl. so the 475 you see would correspond to IPs
      >>
      > listed in cbl but not yet sync-ed on sbl-xbl.
      > OK
      >
      >
      >
      >> - you seem to consider all hits as equal. a host that hits sbl-xbl is not
      >>
      > in the same category as one that hits bl.spamcop.
      > Please elaborate on why you think of these as different.
      >
      >
      >

      I recommend ordering rules, so that when you check your logs, you don't
      need to look a lot. for instance, helo checks would come later than
      relay attemps. If the log says a transaction was rejected because of a
      relay attempt, you don't need to check if it's an FP or not. you can
      even ad the IP to a local BL. That's not the same if the transaction was
      rejected because helo was not acceptable. In short, relay attempt is
      wrost than a forged helo, so put relay check before helo forgery check.
      This way, your logs will be "accurate". Also, the error returned to the
      client is more "helpful" (Imagine I misconfigure my helo and I am an
      open relay, If your server tells me you don't like my helo, I may just
      ignore it. If you tell me I'm an open relay, I'll check that and
      possibly fix it).
      >> - you order your rbls by "hit rate". I prefer to order my rules (not only
      >>
      > my rbl checks) by "importance". if a host tries to relay through my server,
      > I don't care if it's listed in an RBL.
      >
      > I'm a little confused here, if the RBL that gets the most rejects is listed
      > first, I won't have to go through the entire list to finally reject a
      > message, so that's why I sort by hit rate per say.
      >
      >

      see above. To say it again:
      - your logs get more accurate
      - you are more helpful to others: if I get an error from your system
      telling me "I'm rejected because of spamcop", I'll ignore it. I may even
      add you in a local BL. If I get "you're in sbl", I will check what's
      bad. so your message would be helpful here, and will get one system out
      of the dark, which is good for everybody.
    • mouss
      ... The OP is using spamcop. spamcop won t whitelist hotmail, will it? ... from spamhaus site: * zen.spamhaus.org replaces sbl-xbl.spamhaus.org.*
      Message 2 of 21 , Nov 30 1:59 PM
        Tony Earnshaw wrote:
        > mouss wrote:
        >
        > [...]
        >
        >> - spamcop is too agressive. search the ML for more info if ineterested.
        >>
        >> - why use dul.*.sorbs but not spam.*.sorbs?
        >
        > Having read th above I installed it and a few minutes later it blocked
        > bay0-omc2-s13.bay0.hotmail.com[65.54.246.149] with a 554 - that's a
        > good reason ...

        The OP is using spamcop. spamcop won't whitelist hotmail, will it?

        >
        >> - you may want to replace sbl-xbl by zen.spamhaus.org. See spamhaus
        >> site.
        >
        > At least this hasn't caused any collateral in the time it's been
        > configured on this MTA.

        from spamhaus site:
        * zen.spamhaus.org replaces sbl-xbl.spamhaus.org.*
      • mouss
        ... My understanding: - currently: zen = sbl + xbl - future: zen = sbl + xbl + PBL, where PBL is a sort of dul. where PBL returns 127.0.0.[10|11], so you
        Message 3 of 21 , Nov 30 2:04 PM
          Robert Felber wrote:
          > The information about zen can only be found a) on mailinglists and b) via
          > google.com/search?q=spamhaus+zen
          >

          My understanding:
          - currently: zen = sbl + xbl
          - future: zen = sbl + xbl + PBL, where PBL is a sort of dul.

          where PBL returns 127.0.0.[10|11], so you should still be able to use
          sbl-xbl by ignoring these "return codes".
        • Steven F Siirila
          ... No, PBL stands for Policy Block List and will consist of IP addresses which a site has specifically designated as not an MTA. This of course means
          Message 4 of 21 , Nov 30 2:24 PM
            On Thu, Nov 30, 2006 at 11:04:30PM +0100, mouss wrote:
            > Robert Felber wrote:
            > >The information about zen can only be found a) on mailinglists and b) via
            > >google.com/search?q=spamhaus+zen
            >
            > My understanding:
            > - currently: zen = sbl + xbl
            > - future: zen = sbl + xbl + PBL, where PBL is a sort of dul.

            No, PBL stands for "Policy Block List" and will consist of IP addresses
            which a site has specifically designated as "not an MTA." This of course
            means that it could be full of static IP addresses as well.

            > where PBL returns 127.0.0.[10|11], so you should still be able to use
            > sbl-xbl by ignoring these "return codes".

            --

            Steven F. Siirila Office: Lind Hall, Room 130B
            Internet Services E-mail: sfs@...
            Office of Information Technology Voice: (612) 626-0244
            University of Minnesota Fax: (612) 626-7593
          • Harvey Smith
            ... He s is confused maybe because he s is talking about his RBL checks order and you are talking about helo checks and relay checks etc order. We don t know
            Message 5 of 21 , Nov 30 2:45 PM
              On Thu, Nov 30, 2006 at 10:55:47PM +0100, mouss wrote:
              > Joey wrote:
              >
              > >
              > >I'm a little confused here, if the RBL that gets the most rejects is listed
              > >first, I won't have to go through the entire list to finally reject a
              > >message, so that's why I sort by hit rate per say.
              > >
              > >
              >
              > see above. To say it again:
              > - your logs get more accurate
              > - you are more helpful to others: if I get an error from your system
              > telling me "I'm rejected because of spamcop", I'll ignore it. I may even
              > add you in a local BL. If I get "you're in sbl", I will check what's
              > bad. so your message would be helpful here, and will get one system out
              > of the dark, which is good for everybody.

              He's is confused maybe because he's is talking about his RBL checks order
              and you are talking about helo checks and relay checks etc order. We
              don't know were his helo and relay checks are in his scheme of things.
              You are absolutely right though.

              --
              Harvey
            • Harvey Smith
              ... Yes because: Additional IP address ranges may be added and maintained by the Spamhaus PBL Team, particularly for networks which are not participating
              Message 6 of 21 , Nov 30 2:58 PM
                On Thu, Nov 30, 2006 at 04:24:28PM -0600, Steven F Siirila wrote:
                > On Thu, Nov 30, 2006 at 11:04:30PM +0100, mouss wrote:
                > > Robert Felber wrote:
                > > >The information about zen can only be found a) on mailinglists and b) via
                > > >google.com/search?q=spamhaus+zen
                > >
                > > My understanding:
                > > - currently: zen = sbl + xbl
                > > - future: zen = sbl + xbl + PBL, where PBL is a sort of dul.
                >
                > No, PBL stands for "Policy Block List" and will consist of IP addresses
                > which a site has specifically designated as "not an MTA." This of course
                > means that it could be full of static IP addresses as well.

                Yes because: "Additional IP address ranges may be added and maintained by
                the Spamhaus PBL Team, particularly for networks which are not
                participating themselves, and where spam, rDNS and server patterns are
                consistent with end-user IP space which typically contain high
                concentrations of "botnet zombies", a major source of spam."
                http://www.spamhaus.org/pbl/

                Bottom line... sort of like a DUL. To bad they are adding that aspect
                into the same list. (IMHO)

                Also it may not be prudent to start using the zen list now as spamhaus
                is not advertising it yet and it is the same as sbl-xbl anyway except for
                the fact that in the future (Demember maybe) the pbl will be added in
                and you will all of a sudden be using pbl without having tested it
                first. You do test the lists you use first I hope.

                --
                Harvey
              • Victor Duchovni
                ... They have not launched a marketing campaign telling everyone to switch, but they have on various fora said that zen is ready and live, and that there is no
                Message 7 of 21 , Nov 30 10:15 PM
                  On Thu, Nov 30, 2006 at 05:58:56PM -0500, Harvey Smith wrote:

                  > Also it may not be prudent to start using the zen list now as spamhaus
                  > is not advertising it yet and it is the same as sbl-xbl anyway except for
                  > the fact that in the future (Demember maybe) the pbl will be added in
                  > and you will all of a sudden be using pbl without having tested it
                  > first. You do test the lists you use first I hope.

                  They have not launched a marketing campaign telling everyone to switch,
                  but they have on various fora said that zen is ready and live, and that
                  there is no reason to not switch from sbl-xbl to zen.

                  --
                  Viktor.

                  Disclaimer: off-list followups get on-list replies or get ignored.
                  Please do not ignore the "Reply-To" header.

                  To unsubscribe from the postfix-users list, visit
                  http://www.postfix.org/lists.html or click the link below:
                  <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                  If my response solves your problem, the best way to thank me is to not
                  send an "it worked, thanks" follow-up. If you must respond, please put
                  "It worked, thanks" in the "Subject" so I can delete these quickly.
                • Erwan David
                  Le Fri 1/12/2006, Victor Duchovni disait ... Except if you do not want to filter what PBL filters. -- Erwan David
                  Message 8 of 21 , Nov 30 11:55 PM
                    Le Fri 1/12/2006, Victor Duchovni disait
                    > On Thu, Nov 30, 2006 at 05:58:56PM -0500, Harvey Smith wrote:
                    >
                    > > Also it may not be prudent to start using the zen list now as spamhaus
                    > > is not advertising it yet and it is the same as sbl-xbl anyway except for
                    > > the fact that in the future (Demember maybe) the pbl will be added in
                    > > and you will all of a sudden be using pbl without having tested it
                    > > first. You do test the lists you use first I hope.
                    >
                    > They have not launched a marketing campaign telling everyone to switch,
                    > but they have on various fora said that zen is ready and live, and that
                    > there is no reason to not switch from sbl-xbl to zen.

                    Except if you do not want to filter what PBL filters.

                    --
                    Erwan David
                  • Victor Duchovni
                    ... # # SpamHaus SBL # reject_rbl_client zen.spamhaus.org=127.0.0.2 # # SpamHaus XBL, CBL portion # reject_rbl_client zen.spamhaus.org=127.0.0.4 # # SpamHaus
                    Message 9 of 21 , Dec 1, 2006
                      On Fri, Dec 01, 2006 at 08:55:22AM +0100, Erwan David wrote:

                      > > They have not launched a marketing campaign telling everyone to switch,
                      > > but they have on various fora said that zen is ready and live, and that
                      > > there is no reason to not switch from sbl-xbl to zen.
                      >
                      > Except if you do not want to filter what PBL filters.

                      #
                      # SpamHaus SBL
                      #
                      reject_rbl_client zen.spamhaus.org=127.0.0.2
                      #
                      # SpamHaus XBL, CBL portion
                      #
                      reject_rbl_client zen.spamhaus.org=127.0.0.4
                      #
                      # SpamHaus XBL, NJABL portion
                      #
                      reject_rbl_client zen.spamhaus.org=127.0.0.5
                      #
                      # SpamHaus PBL
                      #
                      reject_rbl_client zen.spamhaus.org=127.0.0.10
                      reject_rbl_client zen.spamhaus.org=127.0.0.11

                      These five restrictions cost only one DNS lookup, and one can decide which
                      of the five to use (order not significant). I don't know definitively
                      which of the PBL IPs signals volunteered data and which signals SpamHaus
                      additional data, but it is reasonable to assume that the two distinct
                      IP addresses are reserved for a reason.

                      Given that 127.0.0.2 and 192.0.2.0 map to 127.0.0.11, and these are not
                      volunteered by their ISPs, it looks .11 is SpamHaus data, and .10 is
                      volunteered data.

                      SpamHaus is not in the business of making it difficult for users to
                      use their lists by mixing oil and water...

                      --
                      Viktor.

                      Disclaimer: off-list followups get on-list replies or get ignored.
                      Please do not ignore the "Reply-To" header.

                      To unsubscribe from the postfix-users list, visit
                      http://www.postfix.org/lists.html or click the link below:
                      <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                      If my response solves your problem, the best way to thank me is to not
                      send an "it worked, thanks" follow-up. If you must respond, please put
                      "It worked, thanks" in the "Subject" so I can delete these quickly.
                    • Joey
                      When upgrading from 2.2.10 to 2.3.0 and then running the new version I get the following: Dec 1 08:47:42 pluto postfix/postfix-script: starting the Postfix
                      Message 10 of 21 , Dec 1, 2006
                        When upgrading from 2.2.10 to 2.3.0 and then running the new version I get
                        the following:

                        Dec 1 08:47:42 pluto postfix/postfix-script: starting the Postfix mail
                        system
                        Dec 1 08:47:42 pluto postfix/master[26822]: daemon started -- version
                        2.3.0, configuration /etc/postfix
                        Dec 1 08:47:44 pluto postfix/smtpd[26834]: warning: unsupported SASL server
                        implementation: cyrus
                        Dec 1 08:47:44 pluto postfix/smtpd[26834]: fatal: SASL per-process
                        initialization failed
                        Dec 1 08:47:45 pluto postfix/master[26822]: warning: process
                        /usr/libexec/postfix/smtpd pid 26834 exit status 1
                        Dec 1 08:47:45 pluto postfix/master[26822]: warning:
                        /usr/libexec/postfix/smtpd: bad command startup -- throttling


                        I compile postfix like this:
                        make tidy
                        make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/include/sasl"
                        AUXLIBS="-L/usr/lib -lsasl2"
                        make
                        make upgrade


                        I'm not really seeing the reason after searching google...

                        Any help appreciated.

                        Joey
                      • Ralf Hildebrandt
                        ... You didn t read the RELEASE_NOTES! [Incompat 20051220] The Postfix-with-Cyrus-SASL build procedure has changed. You now need to specify -DUSE_CYRUS_SASL in
                        Message 11 of 21 , Dec 1, 2006
                          * Joey <Joey@...>:

                          > I compile postfix like this:
                          > make tidy
                          > make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/include/sasl"
                          > AUXLIBS="-L/usr/lib -lsasl2"
                          > make
                          > make upgrade

                          You didn't read the RELEASE_NOTES!

                          [Incompat 20051220] The Postfix-with-Cyrus-SASL build procedure has
                          changed. You now need to specify -DUSE_CYRUS_SASL in addition to
                          -DUSE_SASL_AUTH or else you end up without any Cyrus SASL support.
                          The error messages are:

                          unsupported SASL server implementation: cyrus
                          unsupported SASL client implementation: cyrus

                          --
                          Ralf Hildebrandt (Ralf.Hildebrandt@...) plonk@...
                          Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
                          http://www.postfix-buch.com
                          PP: MMDF gone mad with standards fever. Think "Brazil".
                        Your message has been successfully submitted and would be delivered to recipients shortly.