Loading ...
Sorry, an error occurred while loading the content.

Postscreen RBLs

Expand Messages
  • Nikolaos Milas
    Hello, I am using Postfix 2.9.4 on CentOS 6.3 as a gateway server with the following postscreen settings: postscreen_dnsbl_threshold = 2 postscreen_dnsbl_sites
    Message 1 of 5 , Feb 11 8:13 AM
    • 0 Attachment
      Hello,

      I am using Postfix 2.9.4 on CentOS 6.3 as a gateway server with the
      following postscreen settings:

      postscreen_dnsbl_threshold = 2
      postscreen_dnsbl_sites =
      b.barracudacentral.org*2,
      zen.spamhaus.org*2,
      psbl.surriel.com*2
      postscreen_dnsbl_action = enforce
      postscreen_greet_action = enforce

      Sometimes I receive complaints from some mail server operators that
      barracudacentral causes blocks of mail from their server, and "Very few
      email providers use Barracuda for their RBL's, so it is not an RBL we
      check very often or rely on".

      I remember that, when I had set up this gateway server, I had researched
      and found that barracudacentral should be OK.

      My questions now are:

      * Based on your experience and advice, should I keep the above
      postscreen settings? Any suggestions?
      * Should I avoid postscreen_dnsbl_sites and only use amavis to make
      decisions through scoring? How are you implementing such blocks?

      Thanks in advance,
      Nick
    • Reindl Harald
      ... explain them that https://www.barracudanetworks.com/products/spamandvirusfirewall is using it fore sure and there are enough big companies using appliances
      Message 2 of 5 , Feb 11 8:19 AM
      • 0 Attachment
        Am 11.02.2013 17:13, schrieb Nikolaos Milas:
        > Sometimes I receive complaints from some mail server operators that barracudacentral causes blocks of mail from
        > their server, and "Very few email providers use Barracuda for their RBL's, so it is not an RBL we check very often
        > or rely on"

        explain them that https://www.barracudanetworks.com/products/spamandvirusfirewall
        is using it fore sure and there are enough big companies using appliances
        from barracuda networks
      • Rod K
        ... Barracuda and Spamhaus are the only RBLs that I use that can block by themselves. All others require at least one corroborating RBL. I ve not run into any
        Message 3 of 5 , Feb 11 8:25 AM
        • 0 Attachment
          On 2/11/2013 11:13 AM, Nikolaos Milas wrote:
          > Hello,
          >
          > I am using Postfix 2.9.4 on CentOS 6.3 as a gateway server with the
          > following postscreen settings:
          >
          > postscreen_dnsbl_threshold = 2
          > postscreen_dnsbl_sites =
          > b.barracudacentral.org*2,
          > zen.spamhaus.org*2,
          > psbl.surriel.com*2
          > postscreen_dnsbl_action = enforce
          > postscreen_greet_action = enforce
          >
          > Sometimes I receive complaints from some mail server operators that
          > barracudacentral causes blocks of mail from their server, and "Very
          > few email providers use Barracuda for their RBL's, so it is not an RBL
          > we check very often or rely on".
          >
          > I remember that, when I had set up this gateway server, I had
          > researched and found that barracudacentral should be OK.
          >
          > My questions now are:
          >
          > * Based on your experience and advice, should I keep the above
          > postscreen settings? Any suggestions?
          > * Should I avoid postscreen_dnsbl_sites and only use amavis to make
          > decisions through scoring? How are you implementing such blocks?
          >
          > Thanks in advance,
          > Nick
          >
          >
          >
          Barracuda and Spamhaus are the only RBLs that I use that can block by
          themselves. All others require at least one corroborating RBL. I've not
          run into any issues. I'd suggest that if their response is what you
          quoted they need to be more concerned about why they are being listed
          than telling others not to use them. Of course, that tells me they
          probably already know why they are listed and choose not to correct the
          behavior that caused the listing.
        • Noel Jones
          ... There is no one-size-fits-all, so do what fits at your site. What some folks do is weigh barracuda*1 and a few other dnsbl s such as bl.spamcop.net,
          Message 4 of 5 , Feb 11 8:47 AM
          • 0 Attachment
            On 2/11/2013 10:13 AM, Nikolaos Milas wrote:
            > Hello,
            >
            > I am using Postfix 2.9.4 on CentOS 6.3 as a gateway server with the
            > following postscreen settings:
            >
            > postscreen_dnsbl_threshold = 2
            > postscreen_dnsbl_sites =
            > b.barracudacentral.org*2,
            > zen.spamhaus.org*2,
            > psbl.surriel.com*2
            > postscreen_dnsbl_action = enforce
            > postscreen_greet_action = enforce
            >
            > Sometimes I receive complaints from some mail server operators that
            > barracudacentral causes blocks of mail from their server, and "Very
            > few email providers use Barracuda for their RBL's, so it is not an
            > RBL we check very often or rely on".
            >
            > I remember that, when I had set up this gateway server, I had
            > researched and found that barracudacentral should be OK.
            >
            > My questions now are:
            >
            > * Based on your experience and advice, should I keep the above
            > postscreen settings? Any suggestions?

            There is no one-size-fits-all, so do what fits at your site. What
            some folks do is weigh barracuda*1 and a few other dnsbl's such as
            bl.spamcop.net, bl.spameatingmonkey.net, fresh.spameatingmonkey.net,
            hostkarma.junkemailfilter.com=127.0.0.2, or ix.dnsbl.manitu.net, all
            scored at one. That way multiple less-trusted dnsbl's must list a
            site to reject their mail.

            Opinions on which dnsbls are safe to block on their own vary
            greatly. Adjust the postscreen scores as you see fit.



            > * Should I avoid postscreen_dnsbl_sites and only use amavis to make
            > decisions through scoring? How are you implementing such blocks?

            Use the scoring built into postscreen. You may occasionally need to
            use the whitelisting built into postscreen, too.


            >
            > Thanks in advance,
            > Nick




            -- Noel Jones
          • Nikolaos Milas
            ... Thanks Noel, and everyone else for your feedback. Nick
            Message 5 of 5 , Feb 15 6:27 AM
            • 0 Attachment
              On 11/2/2013 6:47 μμ, Noel Jones wrote:

              >
              > There is no one-size-fits-all, so do what fits at your site. What some
              > folks do is weigh barracuda*1 and a few other dnsbl's such as
              > bl.spamcop.net, bl.spameatingmonkey.net, fresh.spameatingmonkey.net,
              > hostkarma.junkemailfilter.com=127.0.0.2, or ix.dnsbl.manitu.net, all
              > scored at one. That way multiple less-trusted dnsbl's must list a site
              > to reject their mail. Opinions on which dnsbls are safe to block on
              > their own vary greatly. Adjust the postscreen scores as you see fit.
              >

              Thanks Noel, and everyone else for your feedback.

              Nick
            Your message has been successfully submitted and would be delivered to recipients shortly.