Loading ...
Sorry, an error occurred while loading the content.

Re: Postscreen and exceptions

Expand Messages
  • Stan Hoeppner
    ... mouss, what you and Noel are failing to take into account is that Alex sells anti spam appliance boxes for a living. He has boxen at sites with enough
    Message 1 of 28 , Dec 27, 2012
    • 0 Attachment
      On 12/27/2012 9:17 AM, mouss wrote:
      > Le 27/12/2012 04:05, Stan Hoeppner a écrit :
      >> On 12/26/2012 6:19 PM, Noel Jones wrote:
      >>> On 12/26/2012 4:52 PM, Stan Hoeppner wrote:
      >>>> On 12/24/2012 4:57 PM, Noel Jones wrote:
      >>>>
      >>>>> Opinions differ on psbl.surriel and barracudacentral,
      >>>>> but they are frequently used in scoring rather than outright. A
      >>>>> site listed on two of these three is likely spam, a site listed on
      >>>>> only one of them is questionable.
      >>>> Nonsense. The mere fact that a listing on one DNSBL is absent on others
      >>>
      >>> Glad it works for you at your sites, I use them too.
      >>>
      >>> As with all third-party blacklists (and whitelists!) each sysop
      >>> should make their own decision about who to hand the keys to. When
      >>> giving advice to others knowing next to nothing about their local
      >>> policy, it would be foolish to be anything but conservative.
      >> Yes, conservative. Note my last response in this thread which contained
      >> this instruction with my scoring recommendation: test first
      >>
      >
      > unfortunately, testing isn't enough. things keep changing:
      > - DNSBL listings change.
      > - sites situation changes
      > - new sites appear
      > ...
      >
      > when I first tested BRBL, I found it safe for outright rejection. but
      > this didn't last.
      > I also added local rules, which worked for a long time, but many of
      > these rules proved unsafe.

      mouss, what you and Noel are failing to take into account is that Alex
      sells anti spam appliance boxes for a living. He has boxen at sites
      with enough volume to require a Spamhaus pay license (the commercial
      aspect of his boxen not withstanding).

      My recommendations to him are based on the fact that he (should have)
      some requisite knowledge and experience with DNSBL usage and general
      mail admin experience above noob level. Thus I was giving him quick 'n
      dirty instruction with sparse caveats/reminders, not the step by step
      stuff with lengthy explanations designed to educate noob admins to keep
      them from shooting themselves in the foot. I.e. he would perform a
      little due diligence on the information I provided before jumping in
      with both feet.

      Using DNSBLs always has a small amount of FP risk, whether configured
      for direct rejection or scoring. Scoring mitigates FP risk but it does
      not eliminate it entirely. So we can go round 'n round about the
      best/proper/safest way to use a DNBBL, but at the end of the day, yes,
      it is up to the individual admin to decide how to best use them. Which
      is why, in this case, I gave an assumed to be experienced admin, selling
      commercial solutions, the aggressive approach with the testing reminder
      and the assumption he knew what he was doing.

      If I made a mistake here, it wasn't my recommendation per se, but was my
      assessment/understanding of the OP's knowledge/experience level based on
      his business, and interaction with him both on, and extensively off,
      this list.

      No offense intended here toward Alex.

      --
      Stan
    • Jos Chrispijn
      ... What is your concern about Spamcop? Happy to learn, Jos
      Message 2 of 28 , Jan 6, 2013
      • 0 Attachment
        Wietse Venema:
        > Don't use spamcop, or use it only with small weight in a scoring
        > system. Wietse

        What is your concern about Spamcop?

        Happy to learn,
        Jos
      • Wietse Venema
        ... Read their blocklist policy. I use it, thusly: postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1
        Message 3 of 28 , Jan 6, 2013
        • 0 Attachment
          Jos Chrispijn:
          >
          > Wietse Venema:
          > > Don't use spamcop, or use it only with small weight in a scoring
          > > system. Wietse
          >
          > What is your concern about Spamcop?

          Read their blocklist policy.

          I use it, thusly:

          postscreen_dnsbl_sites = zen.spamhaus.org*2
          bl.spamcop.net*1 b.barracudacentral.org*1
          postscreen_dnsbl_threshold = 2

          Wietse
        • John Levine
          ... I agree that Spamcop used to be awful, with vast numbers of false alarms. But since Ironport bought them several years ago, there s been a nearly complete
          Message 4 of 28 , Jan 6, 2013
          • 0 Attachment
            >Don't use spamcop, or use it only with small weight in a scoring system.

            I agree that Spamcop used to be awful, with vast numbers of false
            alarms. But since Ironport bought them several years ago, there's
            been a nearly complete turnover of staff and it's much better run.

            Take another look. I find its false positive rates down with
            Spamhaus' now.

            R's,
            John
          • Noel Jones
            ... Glad it works for you. Please keep in mind the original question of this discussion was how to allow wanted mail blocked by spamcop. The way to achieve
            Message 5 of 28 , Jan 6, 2013
            • 0 Attachment
              On 1/6/2013 11:29 AM, John Levine wrote:
              >> Don't use spamcop, or use it only with small weight in a scoring system.
              >
              > I agree that Spamcop used to be awful, with vast numbers of false
              > alarms. But since Ironport bought them several years ago, there's
              > been a nearly complete turnover of staff and it's much better run.
              >
              > Take another look. I find its false positive rates down with
              > Spamhaus' now.
              >
              > R's,
              > John
              >

              Glad it works for you.

              Please keep in mind the original question of this discussion was how
              to allow wanted mail blocked by spamcop.

              The way to achieve that goal is by using a scoring system, as
              recommended by the spamcop documentation.

              Clearly the current, vastly improved, false positive rate is still
              not acceptable for everyone.



              -- Noel Jones
            • Ron Guerin
              ... I presume you re not talking about the Spamhaus DBL, which is quite awful. - Ron
              Message 6 of 28 , Jan 6, 2013
              • 0 Attachment
                On 01/06/2013 12:29 PM, John Levine wrote:
                >> Don't use spamcop, or use it only with small weight in a scoring system.
                >
                > I agree that Spamcop used to be awful, with vast numbers of false
                > alarms. But since Ironport bought them several years ago, there's
                > been a nearly complete turnover of staff and it's much better run.
                >
                > Take another look. I find its false positive rates down with
                > Spamhaus' now.

                I presume you're not talking about the Spamhaus DBL, which is quite awful.

                - Ron
              • Stan Hoeppner
                ... Since the DBL is an RHSBL, not DNSBL, it cannot be used with postscreen, which is the topic of this thread. Discussion of the merits of [DNS|RHS]BLs is
                Message 7 of 28 , Jan 6, 2013
                • 0 Attachment
                  On 1/6/2013 6:18 PM, Ron Guerin wrote:
                  > On 01/06/2013 12:29 PM, John Levine wrote:
                  >>> Don't use spamcop, or use it only with small weight in a scoring system.
                  >>
                  >> I agree that Spamcop used to be awful, with vast numbers of false
                  >> alarms. But since Ironport bought them several years ago, there's
                  >> been a nearly complete turnover of staff and it's much better run.
                  >>
                  >> Take another look. I find its false positive rates down with
                  >> Spamhaus' now.
                  >
                  > I presume you're not talking about the Spamhaus DBL, which is quite awful.

                  Since the DBL is an RHSBL, not DNSBL, it cannot be used with postscreen,
                  which is the topic of this thread. Discussion of the merits of
                  [DNS|RHS]BLs is off topic on the postfix list, thus I don't desire to
                  create a long OT thread, but I am curious as to why you feel the DBL is
                  awful. I've had no problems using it for direct rejections with these
                  restrictions:

                  reject_rhsbl_reverse_client dbl.spamhaus.org
                  reject_rhsbl_sender dbl.spamhaus.org
                  reject_rhsbl_helo dbl.spamhaus.org

                  No FPs do date.

                  --
                  Stan
                • Benny Pedersen
                  ... http://www.dnswl.org/tech see more on permit_dnswl_client it does not need to be specific dnswl.org as dnsbl/dnswl, its just an good example on postfix
                  Message 8 of 28 , Jan 7, 2013
                  • 0 Attachment
                    Noel Jones skrev den 2013-01-06 19:40:

                    > Clearly the current, vastly improved, false positive rate is still
                    > not acceptable for everyone.

                    http://www.dnswl.org/tech see more on permit_dnswl_client

                    it does not need to be specific dnswl.org as dnsbl/dnswl, its just an
                    good example on postfix config
                  Your message has been successfully submitted and would be delivered to recipients shortly.