On 11/13/2011 4:32 PM, David Mehler wrote:
> Hello,
>
> Setting up a new server and wanting to know the current opinions on
> blacklisting services, spamcop, sorbs, and spamhaus for fighting spam.
> I'd like to get some user experiences with them, any false positives,
> or issues?
Do you plan to use dnsbls for outright rejection with reject_rbl_client
etc or do you plan to use them for scoring within a policy daemon or
content filter? If the former, start with something like the following.
This format block assumes using the "everything under smtpd recipient
restrictions" style of main.cf:
reject_rbl_client zen.spamhaus.org
reject_rbl_client psbl.surriel.com
reject_rhsbl_client dbl.spamhaus.org
reject_rhsbl_sender dbl.spamhaus.org
reject_rhsbl_helo dbl.spamhaus.org
Not a dnsbl, but if you are not using Postfix 2.8.x with postscreen,
this PCRE table will reject much bot spam, and much quicker than the CBL
component of the Spamhaus Zen list:
http://www.hardwarefreakl.com/fqrdns.pcre
Usage instructions are comments in the top of the file. Using it in
conjunction with the above dnsbls gives fairly wide A/S coverage. Last
I recall a number of folks on this list have used it with good results.
I am the maintainer of this table. You will need additional
countermeasures to fight snowshoe sources not blocked by the Spamhaus
lists and phish/419 from compromised freemail/webmail accounts.
If you plan to use dnsbls only for scoring, the more the better, up to a
point, see [1] below. Use a mix of well respected low FP (Spamhaus
Zen/DBL and PSBL) and aggressive (FiveTen etc) dnsbls and set the
scoring for each accordingly, i.e. high trust for Zen and low for FiveTen.
[1] As a general rule, the more remote dnsbls you query the greater the
per message delivery latency. Thus on a high volume MTA you probably
want to use as few dnsbls as possible. If this is a SOHO type MTA, you
can use as many dnbls as you wish without worrying about delivery
performance. But keep in mind that dnsbl use suffers from the law of
diminishing returns. Once you have 3 or 4 good performing ones in your
setup, you could add dozens more and probably only achieve a 1-2%
decrease in spam. And this will NOT be the "last 2%" if you're hitting
98% rejection with your current 3 or 4 dnsbls and Postfix' built-in
countermeasures. Blocking that last few percent will almost always
require something other than dnsbls.
--
Stan
