-------- Original-Nachricht -------- > Datum: Fri, 31 Jul 2009 10:00:47 -0700 > Von: "Michael Watkins" <[email protected]> > An: [email protected] > Betreff: Re: [Dspam-user] RBL Configuration
> On Fri, July 31, 2009 09:07, Steve wrote: > > I use RBL and other mechanism here with great success and with 0 false > positive rate (related to RBLs) since years. But I am not trusting one > single RBL. Never ever would I do that! I would suggest you to look for > something like policyd-weight and/or postfwd and combine a bunch of > RBL/RHBL/WHL and other mechanism to mitigate the failure of one single > lookup list. > > For postfix users, I would second, without any reservation whatsoever, the > use of policyd-weight. No one RBL will cause a block; you can add others > to the default configuration as you desire. > > You'll find that you are blocking a huge amount of spam *before it hits > your mail queue*, which means a massive reduction in server resources used > (less work for dspam) not to mention more or less eliminating problems > like rejection notice bounce back and the like. > > A single perl script and one configuration file - nothing could be easier. > Is in FreeBSD ports if you are a user of that OS or direct from the web > site. > > I've customized the script somewhat; I don't allow certain conditions to > pass as readily, and I've integrated a patch which allows Geo IP lookups. > As our users do not do much business with certain spam producing haven > countries (notably VN, BR, CN), I set the bar high for mail senders in > that country - guilty until proven innocent, as opposed to the default, > innocent until proven guilty. > That Geo-IP patch you are talking about can be easy avoided. Just use stock policyd-weight and DNSBL functionality to increase score for them. If you are from Europe then you could use lookups to *.countries.nerd.dk and all others could use lookups to *.countries.blackholes.us. So in your case I would use: # Give a better score to our Canadian mail servers 'ca.countries.nerd.dk', -1.00, 0.00, 'NERD-CA', # Set the bar higher for some high-rate spam countries 'vn.countries.nerd.dk', 0.00, 2.00, 'NERD-VN', 'br.countries.nerd.dk', 0.00, 2.00, 'NERD-BR', 'cn.countries.nerd.dk', 0.00, 2.00, 'NERD-CN', No need to patch policyd-weight to allow Geo-IP lookups and the other positive effect is that DNS uses very low bandwidth and can be locally cached. :) But it does not stop here. Wanting to set the bar high for certain ASN? No problem (just an example): 'AS5617.rbl.cluecentral.net', 2.500, 0.00, 'AS5617', # Telekomunikacja Polska S.A. 'AS4134.rbl.cluecentral.net', 1.606, 0.00, 'AS4134', # CHINANET-BACKBONE No.31,Jin-rong Street 'AS4766.rbl.cluecentral.net', 0.615, 0.00, 'AS4766', # KIXS-AS-KR Korea Telecom 'AS4837.rbl.cluecentral.net', 0.382, 0.00, 'AS4837', # CHINA169-BACKBONE CNCGROUP China169 Backbone 'AS4814.rbl.cluecentral.net', 0.380, 0.00, 'AS4814', # CHINA169-BBN CNCGROUP IP network China169 Beijing Broadband Network 'AS3269.rbl.cluecentral.net', 0.363, 0.00, 'AS3269', # ASN-IBSNAZ TELECOM ITALIA 'AS17858.rbl.cluecentral.net', 0.328, 0.00, 'AS17858', # KRNIC-ASBLOCK-AP KRNIC 'AS4755.rbl.cluecentral.net', 0.315, 0.00, 'AS4755', # VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous System 'AS9394.rbl.cluecentral.net', 0.230, 0.00, 'AS9394', # CRNET CHINA RAILWAY Internet(CRNET) 'AS17849.rbl.cluecentral.net', 0.215, 0.00, 'AS17849', # GINAMHANVIT-AS-KR hanvit ginam broadcasting comm. 'AS8075.rbl.cluecentral.net', 0.201, 0.00, 'AS8075', # MICROSOFT-CORP---MSN-AS-BLOCK - Microsoft Corp 'AS9121.rbl.cluecentral.net', 0.108, 0.00, 'AS9121', # TTNET TTnet Autonomous System 'AS24138.rbl.cluecentral.net', 0.108, 0.00, 'AS24138', # CRNET_BJ_IDC-CNNIC-AP China Tietong Telecommunication Corporation 'AS4788.rbl.cluecentral.net', 0.102, 0.00, 'AS4788', # TMNET-AS-AP TM Net, Internet Service Provider 'AS7132.rbl.cluecentral.net', 0.094, 0.00, 'AS7132', # SBIS-AS - SBC Internet Services 'AS14780.rbl.cluecentral.net', 0.094, 0.00, 'AS14780', # INKTOMI-LAWSON - Inktomi Corporation 'AS12424.rbl.cluecentral.net', 0.093, 0.00, 'AS12424', # JAZZASN Autonomous System 'AS8346.rbl.cluecentral.net', 0.074, 0.00, 'AS8346', # SONATEL-AS Autonomous System 'AS9318.rbl.cluecentral.net', 0.068, 0.00, 'AS9318', # HANARO-AS Hanaro Telecom Inc. 'AS7470.rbl.cluecentral.net', 0.066, 0.00, 'AS7470', # ASIAINFO-AS-AP ASIA INFONET Co.,Ltd. 'AS3786.rbl.cluecentral.net', 0.060, 0.00, 'AS3786', # ERX-DACOMNET DACOM Corporation Again. No need for patching. Just creative usage of the available functionality. :) But I have as well patched my policyd-weight. Added p0f integration, additional sender based reputation lookups, S25R rules, etc... It's kind of hard to not patch since Robert has stopped developing it any further. > All in all policyd-weight is a simple and hugely effective tool. So > effective that I can shut off dspam if need be and for the most part, many > users would not even notice. > Same here. > In fact for our purposes, the only thing dspam is used for is tagging (and > integrated clamav scanning). That in no way diminishes dspam's value to > us... the tagging feature (with delivery) is important to us. > > What little spam makes its way through the postfix / policyd-weight > gauntlet I do want tagged, but delivered (dovecot sieve places this > potential spam in a junk dir), and that's dspam's mission for us. > > // Steve -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Dspam-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspam-user
