[pfx] Re: reliable RBL
On 2024-04-11 at 05:10:45 UTC-0400 (Thu, 11 Apr 2024 11:10:45 +0200) Matus UHLAR - fantomas via Postfix-users is rumored to have said: >> Στις 11/4/24 10:59, ο/η Matus UHLAR - fantomas via Postfix-users έγραψε: >>> It still works, but you may need supplementary software as amavis, sagator, >>> spamass-milter or mimedefang because SpamAssassin only focuses on >>> classification, not about delivery. > > On 11.04.24 11:54, Dimitris via Postfix-users wrote: >> iirc, you also need a compiler installed (for SA rules). > > only if you want to compile them. They are written in perl and can be used > without compiler. ALSO: with a modern Perl, SA v4.0.1, and the current default rules with care taken to avoid runaways in local rules, the difference between running with precompiled vs. interpreted rules is minimal. There has been discussion in the SA community of deprecating sa-compile, although no concrete action has been taken to do so. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
On 2024-04-11 at 03:41:37 UTC-0400 (Thu, 11 Apr 2024 15:41:37 +0800) Mr. Peng via Postfix-users is rumored to have said: Thanks for all the help. BTW, is spamassassin still a popular option for antispam today? or should I use rspamd instead? SpamAssassin is still pretty popular and we just made a new bugfix release. I am biased as a member of the SpamAssassin PMC, but I think it is a very good choice for many sites and it has a large mature user base with a lot of support available. I have heard much good about rspamd from sources I trust, but I am not directly familiar with it. Were I to set up a new mail system today without legacy reliance on SA, I would probably try using rspamd just to learn about it. Regards. On Wed, Apr 10, 2024 at 10:23 PM Bill Cole via Postfix-users < postfix-users@postfix.org> wrote: On 2024-04-10 at 05:46:36 UTC-0400 (Wed, 10 Apr 2024 17:46:36 +0800) Mr. Peng via Postfix-users is rumored to have said: I have been using spamhaus, spamcop, sorbs as the RBL providers for antispam. But some of the customers speak to me about the FP issues caused by RBL. Do you think the three RBL above are reliable in a practical system? Those are three of the best, but you have to understand that they are complicated and may not fit YOUR needs. Spamhaus offers multiple DNSBLs which each has a vey specific definition, which they aggregate in the "Zen" list which uses reply value to indicate which component an address listing belongs to. Not all component lists of Zen are appropriate for all MTAs. Spamhaus is extremely careful about making each list reliably represent what they claim it represents. They act quickly on the rare occasions when they inadvertently list sources of legitimate email. SpamCop is based on actual feeds of spam from many sources, and when they list an IP, you can be certain that it recently sent spam. They do not exempt major mailbox providers who are also major spam emitters. If you use the SpamCop list as an absolute test, you will reject some legitimate mail which shares an outbound MTAQ with spam. Reliably. SORBS is also informed by multiple sources of spam, and like SpamCop they do not exempt mixed sources. Like Spamhaus, they have both independent DNSBLs and an aggregated list that uses distinct return values for each component list, so you need to take that into account when using it, to fit the different sorts of listings to different interfaces. Like SpamCop, some of the SORBS components intermittently list major mixed sources. You really need to look at your DNSBL choices carefully and with an understanding of your users and their needs. You may want to consider using them in a more complex filtering tool like SpamAssassin where it is possible to weight the impact of different DNSBLs to fit your needs and to make explicit direct exemptions if you like. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo@toad.social and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
Στις 11/4/24 10:59, ο/η Matus UHLAR - fantomas via Postfix-users έγραψε: It still works, but you may need supplementary software as amavis, sagator, spamass-milter or mimedefang because SpamAssassin only focuses on classification, not about delivery. On 11.04.24 11:54, Dimitris via Postfix-users wrote: iirc, you also need a compiler installed (for SA rules). only if you want to compile them. They are written in perl and can be used without compiler. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
Στις 11/4/24 10:59, ο/η Matus UHLAR - fantomas via Postfix-users έγραψε: It still works, but you may need supplementary software as amavis, sagator, spamass-milter or mimedefang because SpamAssassin only focuses on classification, not about delivery. iirc, you also need a compiler installed (for SA rules). d. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
On 11.04.24 15:41, Mr. Peng via Postfix-users wrote: BTW, is spamassassin still a popular option for antispam today? or should I use rspamd instead? It still works, but you may need supplementary software as amavis, sagator, spamass-milter or mimedefang because SpamAssassin only focuses on classification, not about delivery. On Wed, Apr 10, 2024 at 10:23 PM Bill Cole via Postfix-users < postfix-users@postfix.org> wrote: On 2024-04-10 at 05:46:36 UTC-0400 (Wed, 10 Apr 2024 17:46:36 +0800) Mr. Peng via Postfix-users is rumored to have said: > I have been using spamhaus, spamcop, sorbs as the RBL providers for > antispam. > But some of the customers speak to me about the FP issues caused by RBL. > Do you think the three RBL above are reliable in a practical system? Those are three of the best, but you have to understand that they are complicated and may not fit YOUR needs. Spamhaus offers multiple DNSBLs which each has a vey specific definition, which they aggregate in the "Zen" list which uses reply value to indicate which component an address listing belongs to. Not all component lists of Zen are appropriate for all MTAs. Spamhaus is extremely careful about making each list reliably represent what they claim it represents. They act quickly on the rare occasions when they inadvertently list sources of legitimate email. SpamCop is based on actual feeds of spam from many sources, and when they list an IP, you can be certain that it recently sent spam. They do not exempt major mailbox providers who are also major spam emitters. If you use the SpamCop list as an absolute test, you will reject some legitimate mail which shares an outbound MTAQ with spam. Reliably. SORBS is also informed by multiple sources of spam, and like SpamCop they do not exempt mixed sources. Like Spamhaus, they have both independent DNSBLs and an aggregated list that uses distinct return values for each component list, so you need to take that into account when using it, to fit the different sorts of listings to different interfaces. Like SpamCop, some of the SORBS components intermittently list major mixed sources. You really need to look at your DNSBL choices carefully and with an understanding of your users and their needs. You may want to consider using them in a more complex filtering tool like SpamAssassin where it is possible to weight the impact of different DNSBLs to fit your needs and to make explicit direct exemptions if you like. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
Thanks for all the help. BTW, is spamassassin still a popular option for antispam today? or should I use rspamd instead? Regards. On Wed, Apr 10, 2024 at 10:23 PM Bill Cole via Postfix-users < postfix-users@postfix.org> wrote: > On 2024-04-10 at 05:46:36 UTC-0400 (Wed, 10 Apr 2024 17:46:36 +0800) > Mr. Peng via Postfix-users > is rumored to have said: > > > I have been using spamhaus, spamcop, sorbs as the RBL providers for > > antispam. > > But some of the customers speak to me about the FP issues caused by RBL. > > Do you think the three RBL above are reliable in a practical system? > > Those are three of the best, but you have to understand that they are > complicated and may not fit YOUR needs. > > Spamhaus offers multiple DNSBLs which each has a vey specific definition, > which they aggregate in the "Zen" list which uses reply value to indicate > which component an address listing belongs to. Not all component lists of > Zen are appropriate for all MTAs. Spamhaus is extremely careful about > making each list reliably represent what they claim it represents. They act > quickly on the rare occasions when they inadvertently list sources of > legitimate email. > > SpamCop is based on actual feeds of spam from many sources, and when they > list an IP, you can be certain that it recently sent spam. They do not > exempt major mailbox providers who are also major spam emitters. If you use > the SpamCop list as an absolute test, you will reject some legitimate mail > which shares an outbound MTAQ with spam. Reliably. > > SORBS is also informed by multiple sources of spam, and like SpamCop they > do not exempt mixed sources. Like Spamhaus, they have both independent > DNSBLs and an aggregated list that uses distinct return values for each > component list, so you need to take that into account when using it, to fit > the different sorts of listings to different interfaces. Like SpamCop, some > of the SORBS components intermittently list major mixed sources. > > You really need to look at your DNSBL choices carefully and with an > understanding of your users and their needs. You may want to consider using > them in a more complex filtering tool like SpamAssassin where it is > possible to weight the impact of different DNSBLs to fit your needs and to > make explicit direct exemptions if you like. > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Not Currently Available For Hire > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
On 10.04.24 17:46, Mr. Peng via Postfix-users wrote: I have been using spamhaus, spamcop, sorbs as the RBL providers for antispam. But some of the customers speak to me about the FP issues caused by RBL. Do you think the three RBL above are reliable in a practical system? On 10/04/24 22:50, Matus UHLAR - fantomas via Postfix-users wrote: I use them on many servers. I just use postscreen which supports scoring and only block when more than one blocklist hits. On 11.04.24 09:55, DL Neil via Postfix-users wrote: For the benefit of those of us following-along with the conversation and hoping to learn 'nuggets' of good-practice, would you mind sharing the settings related to the combination of RBLs and postscreen, please? Yes slightly OT, but relates to getting the best from postfix! I have posted it multiple in the past, last time not so long ago and haven't changed it since: https://marc.info/?l=postfix-users=171066924208941=2 I am posting link to the archive, because I also find searching archives for postscreen_dnsbl_sites as the best way for seeing people's configuration and others' comments about it. Others also posted their postscreen_dnsbl_sites, but I recommend reading replies on that configuration, because people often discuss it here when something bad happens. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
On 10/04/24 22:50, Matus UHLAR - fantomas via Postfix-users wrote: On 10.04.24 17:46, Mr. Peng via Postfix-users wrote: I have been using spamhaus, spamcop, sorbs as the RBL providers for antispam. But some of the customers speak to me about the FP issues caused by RBL. Do you think the three RBL above are reliable in a practical system? I use them on many servers. I just use postscreen which supports scoring and only block when more than one blocklist hits. For the benefit of those of us following-along with the conversation and hoping to learn 'nuggets' of good-practice, would you mind sharing the settings related to the combination of RBLs and postscreen, please? Yes slightly OT, but relates to getting the best from postfix! -- Regards, =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
Dnia 10.04.2024 o godz. 10:22:52 Bill Cole via Postfix-users pisze: > I have been using spamhaus, spamcop, sorbs as the RBL providers for > antispam. > But some of the customers speak to me about the FP issues caused by RBL. > Do you think the three RBL above are reliable in a practical system? Those are three of the best, but you have to understand that they are complicated and may not fit YOUR needs. Spamhaus offers multiple DNSBLs which each has a vey specific definition, [...] SpamCop is based on actual feeds of spam from many sources, and when they list an IP, you can be certain that it recently sent spam. They do not [...] SORBS is also informed by multiple sources of spam, and like SpamCop they do not exempt mixed sources. Like Spamhaus, they have both independent DNSBLs and an aggregated list that uses distinct return values for each [...] You really need to look at your DNSBL choices carefully and with an understanding of your users and their needs. You may want to consider On 10.04.24 17:39, Jaroslaw Rafa via Postfix-users wrote: Myself, I use Spamcop, SBL-XBL list from Spamhaus (only this one), Why not zen? In includes PBL.. for SORBS, I use only their "Dynamic IP" list. sorbs dyna is supposed to contain the same IP addresses as spamhaus PBL -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
Dnia 10.04.2024 o godz. 10:22:52 Bill Cole via Postfix-users pisze: > > I have been using spamhaus, spamcop, sorbs as the RBL providers for > > antispam. > > But some of the customers speak to me about the FP issues caused by RBL. > > Do you think the three RBL above are reliable in a practical system? > > Those are three of the best, but you have to understand that they are > complicated and may not fit YOUR needs. > > Spamhaus offers multiple DNSBLs which each has a vey specific definition, [...] > > SpamCop is based on actual feeds of spam from many sources, and when they > list an IP, you can be certain that it recently sent spam. They do not [...] > > SORBS is also informed by multiple sources of spam, and like SpamCop they > do not exempt mixed sources. Like Spamhaus, they have both independent > DNSBLs and an aggregated list that uses distinct return values for each [...] > > You really need to look at your DNSBL choices carefully and with an > understanding of your users and their needs. You may want to consider Myself, I use Spamcop, SBL-XBL list from Spamhaus (only this one), and as for SORBS, I use only their "Dynamic IP" list. That combination seems to work very well for me. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
On 2024-04-10 at 05:46:36 UTC-0400 (Wed, 10 Apr 2024 17:46:36 +0800) Mr. Peng via Postfix-users is rumored to have said: > I have been using spamhaus, spamcop, sorbs as the RBL providers for > antispam. > But some of the customers speak to me about the FP issues caused by RBL. > Do you think the three RBL above are reliable in a practical system? Those are three of the best, but you have to understand that they are complicated and may not fit YOUR needs. Spamhaus offers multiple DNSBLs which each has a vey specific definition, which they aggregate in the "Zen" list which uses reply value to indicate which component an address listing belongs to. Not all component lists of Zen are appropriate for all MTAs. Spamhaus is extremely careful about making each list reliably represent what they claim it represents. They act quickly on the rare occasions when they inadvertently list sources of legitimate email. SpamCop is based on actual feeds of spam from many sources, and when they list an IP, you can be certain that it recently sent spam. They do not exempt major mailbox providers who are also major spam emitters. If you use the SpamCop list as an absolute test, you will reject some legitimate mail which shares an outbound MTAQ with spam. Reliably. SORBS is also informed by multiple sources of spam, and like SpamCop they do not exempt mixed sources. Like Spamhaus, they have both independent DNSBLs and an aggregated list that uses distinct return values for each component list, so you need to take that into account when using it, to fit the different sorts of listings to different interfaces. Like SpamCop, some of the SORBS components intermittently list major mixed sources. You really need to look at your DNSBL choices carefully and with an understanding of your users and their needs. You may want to consider using them in a more complex filtering tool like SpamAssassin where it is possible to weight the impact of different DNSBLs to fit your needs and to make explicit direct exemptions if you like. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: reliable RBL
On 10.04.24 17:46, Mr. Peng via Postfix-users wrote: I have been using spamhaus, spamcop, sorbs as the RBL providers for antispam. But some of the customers speak to me about the FP issues caused by RBL. Do you think the three RBL above are reliable in a practical system? I use them on many servers. I just use postscreen which supports scoring and only block when more than one blocklist hits. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org