a bit OT
forgive my ignorance... but why does sbl.spamhaus.org and proxies.relays.monkeys.com have no A records in DNS?
on that... can you guys recomend working RBLs sources/servers that are known to work with djb's rblsmtpd without patching
thanks
Orlando Andico wrote:
# UCE controls smtpd_client_restrictions = check_client_access hash:/etc/postfix/access reject_rbl_client sbl.spamhaus.org reject_rbl_client relays.ordb.org reject_rbl_client proxies.relays.monkeys.com reject_rbl_client proxies.blackholes.easynet.nl check_client_access regexp:/etc/postfix/clientblocks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
i have underlined the important addition. the clientblocks file is below.
basically if the connecting host has a DNS FQDN which contains the words below (e.g. "dial" "ppp" "cable" "adsl" etc) then they are automagically rejected. you wouldn't believe the amount of spam this stops!
also the following will reject mail from open proxies (no need for a proxy RBL!)
smtpd_helo_required = yes smtpd_helo_restrictions = reject_unauth_pipelining
=== clientblocks file below ===
# all senders who are using dialup or cable modem # get thrown out the door
/[-.]dial/ 550 Use an authorized relay /dial[-inu.]/ 550 Use an authorized relay /^dial/ 550 Use an authorized relay /[-.]ppp/ 550 Use an authorized relay /ppp[-inu.]/ 550 Use an authorized relay /^ppp/ 550 Use an authorized relay /adsl/ 550 Use an authorized relay /host*pool*/ 550 Use an authorized relay /\.da\.uu\.net/ 550 Use an authorized relay /\.du\..*uu\.net/ 550 Use an authorized relay /client*\.attbi\.com/ 550 Use an authorized relay /client2*\.attbi\.com/ 550 Use an authorized relay /client*\.comcast\.net/ 550 Use an authorized relay /pcp*\.comcast\.net/ 550 Use an authorized relay /^pc.*\.comcast\.net/ 550 Use an authorized relay /^bg.*\.comcast\.net/ 550 Use an authorized relay /smtp*\.rr\.com/ OK /\.rr\.com/ 550 Use an authorized relay /pool*verizon\.net/ 550 Use an authorized relay /dsl*verizon\.net/ 550 Use an authorized relay /ipt\.aol\.com/ 550 Use an authorized relay /ipt\.aol\.net/ 550 Use an authorized relay /client*\.natinst\.com/ 550 Use an authorized relay /hfep*\.dion\.ne\.jp/ 550 Use an authorized relay /^CPE*\.cable\.rogers\.com/ 550 Use an authorized relay /cable\.mindspring\.com/ 550 Use an authorized relay /dsl\.pipex\.com/ 550 Use an authorized relay /dsl*\.swbell\.net/ 550 Use an authorized relay /nr*\.fuse\.net/ 550 Use an authorized relay /dsl*\.ameritech\.net/ 550 Use an authorized relay /[0-9]*\.roadrunner\.nf\.net/ 550 Use an authorized relay /optonline\.net/ 550 Use an authorized relay /^ip*\.cox.net/ 550 Use an authorized relay /^cm*\.charter\.com/ 550 Use an authorized relay /^[0-9]*\.arrival\.net/ 550 Use an authorized relay /^[0-9]*\.rev\.krline\.net/ 550 Use an authorized relay /^[0-9]*\.hinet\.net/ 550 Use an authorized relay /adsl\.*apol\.com\.tw/ 550 Use an authorized relay /pooles\.rima\-tde\.net/ 550 Use an authorized relay /adsl*\.worldonline\.dk/ 550 Use an authorized relay /dsl*\.antwerp\.kpn\.be/ 550 Use an authorized relay /^ip*\.pacific\.net\.hk/ 550 Use an authorized relay /cable\.ntl\.com/ 550 Use an authorized relay /^te*\.transedge\.com/ 550 Use an authorized relay /^p[0-9]*\.net\.upc\.nl/ 550 Use an authorized relay /^host*\.alestra\.net\.mx/ 550 Use an authorized relay /^h*\.covad\.net/ 550 Use an authorized relay /dsl*\.pacbell\.net/ 550 Use an authorized relay /dsl*\.solcon\.nl/ 550 Use an authorized relay /host*\.btopenworld\.com/ 550 Use an authorized relay /user*\.sprint\-hsd\.net/ 550 Use an authorized relay /dsl*\.gil\.com\.au/ 550 Use an authorized relay /dsl*\.info\.com\.ph/ 550 Use an authorized relay /ip[0-9]*\.pronto\.spb\.su/ 550 Use an authorized relay /dsl*\.easynet\.co\.uk/ 550 Use an authorized relay /dsl*\.dslextreme\.com/ 550 Use an authorized relay /dsl*\.prodigy\.net\.mx/ 550 Use an authorized relay /[0-9]*\.xo\.net/ 550 Use an authorized relay /c[0-9]*\.is\.net\.tw/ 550 Use an authorized relay /s[0-9]*\.tele2\.cz/ 550 Use an authorized relay /[0-9]*\.isp\.tfn\.net\.tw/ 550 Use an authorized relay /adsl\.tisnet\.net\.tw/ 550 Use an authorized relay /adsl\.zonnet\.nl/ 550 Use an authorized relay /wsip*\.cox\.net/ 550 Use an authorized relay /dsl\.speakeasy\.net/ 550 Use an authorized relay /zzz\*splitrock\.net/ 550 Use an authorized relay /^cpe/ 550 Use an authorized relay /subscriber/ 550 Use an authorized relay
/easymailers\.net/ REJECT /outreachmarketing\.com/ REJECT /madbrandz\.com/ REJECT /arcamax\.com/ REJECT /registeredwinners\.com/ REJECT /megamailservers\.com/ REJECT /newfunpages\.com/ REJECT /postmasterdirect\.com/ REJECT /offersondemand\.com/ REJECT /offers/ REJECT /porn/ REJECT /freelotto/ REJECT
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
