Other RBLs and scoring..
Hello List, I've been using policyd-weight in warn_if_reject mode for a couple of weeks and intend on doing so for a few more weeks. So far i appear to satisfied with the results. I already reject based on sbl-xbl and dsbl at the MTA and do not intend on changing this behavior. Based on some experience and some lookups for listed IP addresses i intend on replacing the default dnsbls with these. #HOST,BAD SCORE, GOOD SCORE, LOG NAME 'dynablock.njabl.org',3.25, -1,'DYN_NJABL', 'bl.spamcop.net', 3.75, -1.5,'SPAMCOP', 'dnsbl.njabl.org',4.25, -1.5,'BL_NJABL', 'relays.ordb.org',3.25, 0,'ORDB_ORG', 'psbl.surriel.com', 4.35, 1,'PSBL', 'spam.tqmcube.com', 3.75, 0,'TQM_SPAM', 'ko.tqmcube.com', 4.35, 0,'TQM_KOREA' ); Ignore the scores in the above list as that is where i need your assistance. What ought to be the basis for scoring of these RBLs? Another thing, how does one use multi-lookup rbls? say one composite RBL returning different codes for different listing reasons. thanks, - dhawal Policyd-weight Mailinglist - http://www.policyd-weight.org/
version update: version 0.1.14 beta
changes: - This is a version bumb from 0.1.13 beta-16 to 0.1.14 beta. For a full set of changes from 0.1.12 beta-4 to 0.1.14 beta please read http://www.policyd-weight.org/releases/policyd-weight-0.1.14/changes.txt NOTE: the changes do list 0.1.12 beta-4 to 0.1.14 beta because we skipped a 0.1.13 beta release to Operating Systems. The 0.1.14 beta update has been reported to the FreeBSD ports and should be updated soon. Packagers may use http://www.policyd-weight.org/releases/policyd-weight-0.1.14.tar.gz MD5 (policyd-weight-0.1.14.tar.gz) = fb4829a57c8b805fe981ee949a145042 -- Robert Felber (PGP: 896CF30B) Munich, Germany Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: Other RBLs and scoring..
Robert Felber wrote: On Sat, Oct 28, 2006 at 04:35:49PM +0530, Dhawal Doshy wrote: Ignore the scores in the above list as that is where i need your assistance. What ought to be the basis for scoring of these RBLs? Aggressive/Effective RBLs may add a Good score, i.e. -1.5 or similiar RBLs which are not that effective but have also zero false positives may have a high BAD score and a 0 GOOD score RBLs which are not really trustworthy should have a low BAD score and 0 GOOD score. Another thing, how does one use multi-lookup rbls? say one composite RBL returning different codes for different listing reasons. We do not score for listing reasons. If the RBL returns 127.0.0.[1|2|3|and so on] we count it as one hit and apply the score of the RBL. Aynthing else would go too far (we try to keep things as simple as possible - i.e. less is more). Thanks, btw i am creating a small init script for redhat / clones, would you be interested in a contrib? - dhawal Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: Other RBLs and scoring..
On Sat, Oct 28, 2006 at 08:38:36PM +0530, Dhawal Doshy wrote: Robert Felber wrote: On Sat, Oct 28, 2006 at 04:35:49PM +0530, Dhawal Doshy wrote: Ignore the scores in the above list as that is where i need your assistance. What ought to be the basis for scoring of these RBLs? Aggressive/Effective RBLs may add a Good score, i.e. -1.5 or similiar RBLs which are not that effective but have also zero false positives may have a high BAD score and a 0 GOOD score RBLs which are not really trustworthy should have a low BAD score and 0 GOOD score. Another thing, how does one use multi-lookup rbls? say one composite RBL returning different codes for different listing reasons. We do not score for listing reasons. If the RBL returns 127.0.0.[1|2|3|and so on] we count it as one hit and apply the score of the RBL. Aynthing else would go too far (we try to keep things as simple as possible - i.e. less is more). Thanks, btw i am creating a small init script for redhat / clones, would you be interested in a contrib? Yes. But I do prefer following scripts: - should be provided by a package maintainer for policyd-weight of the related OS - If there is no package for your OS yet, then consider making one - The URL for the package listing in $OS should be provided, for instance: http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/postfix-policyd-weight/ - If your OS does not have a package repository then of course your contact address must appear within that script. - If that init script works only for that particular $OS release such as Coolnix 2.1 but not Coolnix 2.0 then I'd like to know that (better yet: make it compatible with both versions.) I hope that's not too strict. -- Robert Felber (PGP: 896CF30B) Munich, Germany Policyd-weight Mailinglist - http://www.policyd-weight.org/