Loading ...
Sorry, an error occurred while loading the content.

Re: Outbound RBL

Expand Messages
  • Noel Jones
    ... A local RBL would make some sense; you didn t mention that earlier. That s not a whole lot different than maintaining a local blacklist or firewall rules.
    Message 1 of 8 , Feb 1, 2012
    • 0 Attachment
      On 2/1/2012 3:43 AM, Gábor Lénárt wrote:
      > Of course I only wrote about a "local RBL" which is maintained by ourselves
      > for this purpose, not a general-purpose public BL.

      A local RBL would make some sense; you didn't mention that earlier.
      That's not a whole lot different than maintaining a local blacklist
      or firewall rules. Once you identify IPs you don't want sending
      mail, there are multiple choices to block them -- a local RBL makes
      sharing a blacklist within a farm very easy.

      This is relatively lightweight; client connects, postfix does a DNS
      lookup, client is rejected. As long as the client isn't making
      DoS-level connections this is reasonably efficient. Postscreen
      could do this with "before 220 tests", but is likely overkill.

      At some point you may want to do something more complex than the
      standard "reject_rbl_client ...", such as "this username can't
      connect from this range" or "don't ever block this user". You can
      do the more complex queries by using a policy service that consults
      the RBL and can also consider the IP and username used. This still
      allows the client to AUTH and adds that overhead, but is far more
      flexible. This could be combined with Fail2Ban or similar built
      into your policy service to temporarily firewall IPs that exceed
      some level of bad behavior.


      HTH...



      -- Noel Jones
    • Robert Schetterer
      ... i wouldnt do it with rbl in this case, i see no sense in it you may use clamav-milter with sanesecurity sigs and simply get hold mails for human
      Message 2 of 8 , Feb 1, 2012
      • 0 Attachment
        Am 01.02.2012 03:03, schrieb list@...:
        > We run a small cluster of postfix servers that are dedicated outbound
        > relayhosts for our customers. Beyond the outbound postfix cluster we have
        > another cluster of mail filtering appliances that have served their purpose
        > very well, but we are starting to get more compromised account due to
        > phishing attempts and some of the spam is getting through the outbound
        > filters due to the volume of new spam messages.
        >
        > I am looking for advice on how to limit our exposure to malicious senders
        > that have access to a users credentials. One method we have zero
        > experience in is using RBLs, which I am hoping to learn more about.
        >

        i wouldnt do it with rbl in this case, i see no sense in it
        you may use clamav-milter with sanesecurity sigs and simply get hold mails
        for human inspection, or use amavis etc
        once find a hacked or compromised account, delete it ,or infom the user
        etc, or build some reject access list for them ( perhaps you can call
        this a local rbl )

        outbound spam is a problem ever

        --
        Best Regards

        MfG Robert Schetterer

        Germany/Munich/Bavaria
      Your message has been successfully submitted and would be delivered to recipients shortly.